Crypto news: Vanish

01 Oct 2009

One of the recent USENIX Security papers has been getting quite a bit of buzz: Vanish: Increasing Data Privacy with Self-Destructing Data. It's really a very clever paper, proposing a way to do something apparently impossible: ensuring that data (like email) 'disappears' after a certain period of time.

CCS 2009

17 Oct 2009

It looks like I will be able to attend the 16th ACM Conference on Computer and Communications Security (also known simply as CCS 2009). Will any of my fellow cryptographers also be there? Or, if any my readers have been there before: this will be my first time. What should I expect?


After a long period of inactivity, I am pleased to report signs of life for two of my papers-- and a tech report, besides.

Seeing as this is ostensibly a crypto blog, I'd like to comment on a paper from earlier this year: It's no secret-- Measuring the security and reliability of authentication via 'secret' questions, by Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman. This paper looks at the security of 'security questions': those questions about yourself you have to answer to get back into an account when you've forgotten your password. And (shock! surprise!) they find that this sort of mechanism generally sucks from a security point of view-- perhaps even more than passwords do.

I can't often talk about the research I do at Lincoln Laboratory, but sometimes the curtain parts for a brief instant and allows a quick peek:

Four innovative technologies garner 2012 R&D 100 Awards for MIT Lincoln Laboratory

And while I'm at it, let me reiterate the fact that we're looking for more great people to come help solve important cryptographic problems:

That's just a sample. Many, many more positions here. (Hint: search for jobs associated with Groups 06-61, 06-68 and 06-69.)