Partial passwords is an authentication system where users enter a random 2-3 characters of their password. While it makes random guesses easier, attackers must eavesdrop on more than one logons.
Continue reading Partial Passwords Done RightJava Spring Boot With PEM-based TLS on-the-fly
I spent some time in a company that had been running many Java “microservices” – a code word for Java Spring Boot servers. One of the problems was how to efficiently manage zillions of JKS/P12 files.
Continue reading Java Spring Boot With PEM-based TLS on-the-flyLet’s Encrypt for Companies with KeyChest
Unifying Let’s Encrypt and Long-term Certificates
Let’s Encrypt has a number of downsides when used on a large scale. It uses modern key management protocols, but the high-level of automation requires management. This is what KeyChest provides.
Continue reading Let’s Encrypt for Companies with KeyChestKEYCHEST and HTTPS automation
KeyChest started as a simple HTTPS monitoring service. It has had its own database of all web certificates for about a year. And it helped issue first real certificates this week.
Continue reading KEYCHEST and HTTPS automationA story of building a service (KEYCHEST)
I have written this for KeyChest (https://keychest.net) users and some encouraged me to re-post. If you want to start a company, you may find a few lessons in it. If you like what I’m trying to build or even want to help, let me know – dan (at) keychest.net
Continue reading A story of building a service (KEYCHEST)Security of Sensor Networks (2008)
The WINES Infrastructure project deployed wireless sensor networks to monitor large bridges (Humber bridge), tunnels (London Underground), and water systems. Our task in the project was to perform a detailed analysis of security issues in existing hardware and software platforms for wireless sensor networks.
Continue reading Security of Sensor Networks (2008)Trusted Path for Smart Cards
The main problem with smart cards is lack of secure display and keyboard that would allow users to verify data sent to the smart card from their computer. Malware on the computer may then alter the data and, for example, change the recipient of a bank transfer.
Continue reading Trusted Path for Smart CardsPrivacy in Common Criteria
Still at Cambridge Uni, Vashek Matyas and myself looked at the definition of privacy in the Common Criteria standard. With Snowden and Echelon some years later, our definitions of unlikable anonymity and pseudonymity make even more sense.
Continue reading Privacy in Common CriteriaChrysalis Luna CA3
I moved some of the contents from an old website of mine. This is one of a small projects back from my time at the University of Cambridge, where we hacked a Chrysalis Luna CA3, which would now be part of SafeNet HSM portfolio.
Continue reading Chrysalis Luna CA3Minerva Attack and Humble Beginnings
Masaryk University has published a new cryptographic attack. You may still remember their ROCA attack from 2017. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.
Continue reading Minerva Attack and Humble Beginnings