Backdoor Disasters
Mar 10,
2016
Last week I explained why government-imposed backdoors cause more problems than they solve, and government-imposed weaknesses from the 1990s are still causing SSL/TLS security problems. Let’s see some of the other ways backdoors have spectacularly failed. This is nothing new The problem of insider abuse goes back to an era when letters and telegrams were […]
Meet LibreSSL
Nov 20,
2014
The SSL/TLS protocol suite is critical for Internet security. Unfortunately, it’s one of those things that’s nice in theory but messy in practice. Good news — a very promising project is bringing help! We commonly say that we use SSL to secure Internet activity. However, that statement taken literally is very out of date! We […]
cryptography,
Dual_EC_DRBG,
ECC,
elliptic curve cipher,
Heartbleed,
LibreSSL,
linux,
open source,
OpenBSD,
OpenSSL,
Poodle,
secure design,
secure programming,
SSL,
TLS
Take Their Advice: Disregard Their Earlier Advice!
Oct 7,
2013
The field of cybersecurity is filled with frequent dire warnings. Software vulnerabilities are discovered, accidents in design and implementation. Attack trends are detected, from criminals, foreign militaries, and pranksters. But a recent pair of announcements took an unusual new form. One of the most respected commercial names in cybersecurity warned its customers to stop using […]
CTR_DRBG,
deterministic,
Dual_EC_DRBG,
Hash_DRBG,
HMAC_DRBG,
NIST,
PRNG,
pseudorandom bit generator,
pseudorandom number generator,
RSA,
SP 800-90A