Tag: ECC

I wrote a series of blog posts a while ago about SSH authentication using cryptographic keys rather than passwords. I discussed why SSH keys provide easier authentication, how to set up an SSH key agent, and how to maintain multiple websites. There are two areas of security to consider regarding SSH. I think of them […]

Last week I started telling you about an recent interesting paper, “A Riddle Wrapped in an Enigma” by two highly respected cryptographers, Neal Koblitz and Alfred Menezes. I gave you the background last week: the NSA’s long interest in ECC (or Elliptic Curve Cryptography), some reports of NSA back doors inserted into standardized algorithms, and […]

I recently wrote about the NSA’s surprising announcement in August. They urged the community to work on post-quantum cryptography. More surprisingly, they also recommended that organizations that have not yet converted from traditional RSA-based public-key systems to the newer ECC (or Elliptic Curve Cryptography) should not bother doing so. RSA security relies on the difficulty […]

The SSL/TLS protocol suite is critical for Internet security. Unfortunately, it’s one of those things that’s nice in theory but messy in practice. Good news — a very promising project is bringing help! We commonly say that we use SSL to secure Internet activity. However, that statement taken literally is very out of date! We […]

Last summer I wrote a pair of blog entries about the use of quantum phenomena in cryptography. First, defensive use to protect your confidentiality, using QKD or Quantum Key Distribution to securely communicate the long binary key stream needed for a One-Time Pad or OTP, the only perfectly secure system (if you are extremely careful). […]