Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.
Continue reading ROCA – Critical vulnerability in Infineon security chips
As I was collecting reliability data for several PKI systems, I included Let’s Encrypt as it’s by far the biggest PKI system I was aware of. It provides its status data and its history at https://letsencrypt.status.io and here’s my informal analysis of its production systems.
Continue reading Let’s Encrypt uptime is 99.9% — or 98.8% without defects in 2017
This is an interesting one. The first impulse is to simply answer NO, you can’t do it, that’s the point of HTTPS. But it’s all about networking and one can do quite some magic with proxies, forwarding, and the SNI extension in TLS protocols.
Continue reading Let’s Encrypt certificates with one name on different servers
We have had a busy Summer so far. We introduced a new service for SSL certificate monitoring (keychest.net), presented at Black Hat USA, and gave a talk at DEFCON. The latest news was recognition of our cryptographic platform by reviewers of the ACM CCS conference. Continue reading Enigma Bridge encryption gets recognition – DEFCON, BlackHat, and ACM CCS
We have compiled all practical information we could find and written it up at Numbers you need to know. It’s a long list of restrictions, rate limits, and other useful information to keep in mind. Here’s a few selected points that we found interesting. Big thanks to schoen from Certbot/EFF for pointing out numerous inaccuracies.
A team of great people from the Security Group at UCL and our start-up Enigma Bridge designed and implemented a practical security system tolerant to severe attacks compromising all parts of the supply chain. We will present and demonstrate it at DEFCON in Las Vegas.
Continue reading As secure as rock, paper, scissors at once – Art of Defence, Demo at DEFCON
Is it really possible to design an encryption system, which is as strong as its strongest link? There is never a straight “yes” answer to this question, but we are now as close as one can get.
Continue reading The potential of multi-party signing – as secure as its STRONGEST link
We have all heard about hackers stealing huge user databases with passwords as they are tempting bounties. FT, Guardian and many others create a new kind of reward – their internet encryption keys via CDNs – services speeding up web traffic.
Continue reading Guardian, FT, etc. share their internet encryption keys with many
While implementing features of the certificate planner, we have added a few handy features to the KeyChest spot checker as well. It is now much more than just a tool to check when a website certificate expires.
Continue reading SSL certificates – 7 Free Spot Checks in one go – KeyChest