Skeptical Looks at Cryptography
Mar 22,
2016
We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]
Are Consumer Crypto Systems Too Hard To Use?
Mar 16,
2016
In a previous post, I summarized some academic papers in which prominent cryptographers and other security experts took a very skeptical look at current cryptography, both research and practical systems. It’s not just e-mail plugins and other desktop computer applications that can disappoint us. One of the papers showed that the APCO Project 25 two-way […]
communications security,
COMSEC,
cryptography,
Diffie-Hellman,
Diffie-Hellman Ephemeral,
Man-in-the-Middle attack,
MitM,
risk analysis,
RTP,
user interface design,
VoIP,
ZRTP
How Does Diffie-Hellman Key Exchange Work?
Jan 28,
2016
One question I get from course participants when I teach Learning Tree’s System and Network Security Introduction is, “How does Diffie-Hellman key exchange work?” I’ll answer that for you here with a slightly simplified explanation (the details I’m leaving out deal with intricacies of discrete math). First, let’s look at why we need Diffie-Hellman (DH) […]
What Is Post-Quantum Cryptography And What Does It Mean For Us?
Oct 12,
2015
A recent NSA update addressed the Suite B cryptographic algorithms approved by NSA for protecting U.S. Government data. If you skip ahead to its table of recommendations you will see that some old friends have disappeared — AES with a 128-bit key and SHA-256 have been quietly dropped. The more startling part is in the […]