Cyber Security Tradeoffs
Cyber Security in a Nutshell Cyber security simplifies to three pillars: Distinguish between good guys and bad guys. [Authentication] Let the good guys access the data in appropriate ways. [Availability] Don’t let the bad guys access the data at all, and don’t let the good guys do something inappropriate. [Confidentiality and Integrity] Our efforts to […]
What Does The Recent SHA-1 Attack Mean For You And Your Organization?
Some top cryptographers have recently announced a significant step toward breaking the SHA-1 hash algorithm. Their work is described here and here, and also check out their paper. What does this mean for you and your organization? Let me start with a bit of background so the following makes sense. What Is A Hash? A […]
How Can You Tell If Your Secrets Are Really Secret?
Last week I mentioned that Availability was the odd member of the CIA triad, because it lacks the mathematical tools (and thus the solid numbers) of Confidentiality and Integrity. But that doesn’t mean that C and I both work the same way! Confidentiality tools like ciphers are preventative. You choose the best cipher, manage keys […]