Our emails were not being delivered. I thought it was just my ignorance but a chat with a few more people around told me it was not the case. This is a story of a geek learning a (yet another) lesson the hard way.
All posts by Dan Cvrcek
Encryption for DNSSec
We have recently come across a nice check-list for whoever wants to use DNSSec and establish a good security baseline with a hardware security module (HSM), i.e., never get encryption keys compromised.
We will include detailed comparison of our platform to enigmabridge.com a little bit later but here is an initial comparison. Continue reading Encryption for DNSSec
Card Payments and The Cloud
We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.
Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.
The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.
Hardware Security on Amazon Marketplace
We started researching options for introducing our encryption system to Amazon AWS. We seem to have lost the first round (request declined) as Amazon SaaS does not square up with our Enigma Bridge CloudHSM servers. But they offered a chat to figure out options – talking is always good!
Finally Friday – a time to ponder with a pint of real ale
My company Enigma Bridge built a truly scalable (in all meanings of the word) hardware platform (with FIPS140-2 Level 3). OK, you have no idea what I talk about… that is one of our communication problems.
How can we explain to people what is the advantage of using tamper-resistant hardware. What is the advantage of hardware separation – something our platform provides even when packaged as a cloud service.
Photo: SplitShire (yes, it’s 1/2 litre of one of the big brands – not a pint of a local real ale)
Continue reading Finally Friday – a time to ponder with a pint of real ale
Security of One Time Passwords (OTP)
The chances are that this is the first time you’ve seen the OTP acronym. OTP is one of possible replacements of static passwords. Instead of remembering your password, you need to have a device that will compute a new OTP code each time you want to log on to a server. You will also need a different OTP “generator” for each server or web service that uses OTP and you will most likely still have to enter your password (or a shorter PIN) as well.
One time passwords are short numeric strings of a fixed length. Each time you want to log on somewhere with OTP, the string you enter will be different. The OTP string would change with the time or after each time you use one OTP value.
HTTPS – what does it stand for?
HTTP stands for hypertext transfer protocol – the universal language of “the web”. HTTPS is a secure variant of this language as it provides tools to verify which website you actually connect to.
“One time passwords” are not passwords
We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.
