Masaryk University has published a new cryptographic attack. You may still remember their ROCA attack from 2017. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.
Continue reading Minerva Attack and Humble BeginningsCategory Archives: crypto
Encryption and Databases Are Actually Similar
We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.
Continue reading Encryption and Databases Are Actually Similar
PDF Signing, eIDAS for Companies – CloudFoxy
We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.
Continue reading PDF Signing, eIDAS for Companies – CloudFoxy
ROCA vulnerability impact on Gemalto IDPrime .NET smart cards
We have reasonable grounds to believe that all Gemalto IDPrime .NET smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (CVE-2017-15361, VU#307015). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
Continue reading ROCA vulnerability impact on Gemalto IDPrime .NET smart cards
ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards
I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.
Continue reading ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards
ROCA – Critical vulnerability in Infineon security chips
Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.
Continue reading ROCA – Critical vulnerability in Infineon security chips
Enigma Bridge encryption gets recognition – DEFCON, BlackHat, and ACM CCS
We have had a busy Summer so far. We introduced a new service for SSL certificate monitoring (keychest.net), presented at Black Hat USA, and gave a talk at DEFCON. The latest news was recognition of our cryptographic platform by reviewers of the ACM CCS conference. Continue reading Enigma Bridge encryption gets recognition – DEFCON, BlackHat, and ACM CCS
As secure as rock, paper, scissors at once – Art of Defence, Demo at DEFCON
A team of great people from the Security Group at UCL and our start-up Enigma Bridge designed and implemented a practical security system tolerant to severe attacks compromising all parts of the supply chain. We will present and demonstrate it at DEFCON in Las Vegas.
Continue reading As secure as rock, paper, scissors at once – Art of Defence, Demo at DEFCON
First BlackHat, now DEFCON: We talk “Trojan-tolerant hardware security in practice”
I have mentioned this multi-party encryption project of ours (Enigma Bridge) and University College London here earlier. If you’re planning to go to BlackHat US or DEFCON-25, come and see our talks about practical “ultra-secure” multi-party encryption for the cloud and some of the technology enabling it (Unchaining the JavaCard Ecosystem).
Continue reading First BlackHat, now DEFCON: We talk “Trojan-tolerant hardware security in practice”
Black Hat 2017 USA – OpenCrypto: Unchaining the JavaCard Ecosystem
We have been working with University College London (UCL) for a while and one of the results is an easy to use implementation of cryptographic functions for JavaCards. We will be briefing on this at Black Hat 2017 USA.
Continue reading Black Hat 2017 USA – OpenCrypto: Unchaining the JavaCard Ecosystem