Skeptical Looks at Cryptography
We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]
Are Consumer Crypto Systems Too Hard To Use?
In a previous post, I summarized some academic papers in which prominent cryptographers and other security experts took a very skeptical look at current cryptography, both research and practical systems. It’s not just e-mail plugins and other desktop computer applications that can disappoint us. One of the papers showed that the APCO Project 25 two-way […]
How Does Diffie-Hellman Key Exchange Work?
One question I get from course participants when I teach Learning Tree’s System and Network Security Introduction is, “How does Diffie-Hellman key exchange work?” I’ll answer that for you here with a slightly simplified explanation (the details I’m leaving out deal with intricacies of discrete math). First, let’s look at why we need Diffie-Hellman (DH) […]
What Is Post-Quantum Cryptography And What Does It Mean For Us?
A recent NSA update addressed the Suite B cryptographic algorithms approved by NSA for protecting U.S. Government data. If you skip ahead to its table of recommendations you will see that some old friends have disappeared — AES with a 128-bit key and SHA-256 have been quietly dropped. The more startling part is in the […]