Cryptography Developments: Elliptic Curves
I recently wrote about the NSA’s surprising announcement in August. They urged the community to work on post-quantum cryptography. More surprisingly, they also recommended that organizations that have not yet converted from traditional RSA-based public-key systems to the newer ECC (or Elliptic Curve Cryptography) should not bother doing so. RSA security relies on the difficulty […]
Darkhotel Shows That Hotel Cyber Security is Even Worse Than We Thought
I recently wrote about cyber security and hotels. Now Kaspersky Labs has reported that things are even more dangerous than we realized. Darkhotel is an APT or Advanced Persistent Threat. Since at least 2007 this sophisticated attack has targeted executives staying in luxury hotels in Asia, mostly in Japan. The technology and targeting suggest state-level […]
What Is Happening In Quantum Cryptography?
Last summer I wrote a pair of blog entries about the use of quantum phenomena in cryptography. First, defensive use to protect your confidentiality, using QKD or Quantum Key Distribution to securely communicate the long binary key stream needed for a One-Time Pad or OTP, the only perfectly secure system (if you are extremely careful). […]
Take Their Advice: Disregard Their Earlier Advice!
The field of cybersecurity is filled with frequent dire warnings. Software vulnerabilities are discovered, accidents in design and implementation. Attack trends are detected, from criminals, foreign militaries, and pranksters. But a recent pair of announcements took an unusual new form. One of the most respected commercial names in cybersecurity warned its customers to stop using […]
Good News: There are New Crypto Options for Digital Certificates!
Digital certificates, and therefore the security of network communication, rely on both cryptographic hash functions and the cipher algorithms used for encrypting and decrypting data. They are crucial for two stages of security. First, for the user to verify the identity of the web server before giving up their login and password, and therefore access […]