This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.
Continue reading Planning TLS certificate renewals – define a process →
If you want to see raised eyebrows, just say “unbreakable crypto”. Yet everyone assumes their use of crypto is “unbreakable”. Security experts know it’s safe to reject “unbreakable systems” out of hand, but they often rely on the unbreakability of security protocols day in, day out.
Continue reading ROCA details published – taste of quantum cryptography →
We have reasonable grounds to believe that all Gemalto IDPrime .NET
smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (CVE-2017-15361
). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
Continue reading ROCA vulnerability impact on Gemalto IDPrime .NET smart cards →
I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.
Continue reading ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards →
Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.
Continue reading ROCA – Critical vulnerability in Infineon security chips →
Is it really possible to design an encryption system, which is as strong as its strongest link? There is never a straight “yes” answer to this question, but we are now as close as one can get.
Continue reading The potential of multi-party signing – as secure as its STRONGEST link →
We have all heard about hackers stealing huge user databases with passwords as they are tempting bounties. FT, Guardian and many others create a new kind of reward – their internet encryption keys via CDNs – services speeding up web traffic.
Continue reading Guardian, FT, etc. share their internet encryption keys with many →
While implementing features of the certificate planner, we have added a few handy features to the KeyChest spot checker as well. It is now much more than just a tool to check when a website certificate expires.
Continue reading SSL certificates – 7 Free Spot Checks in one go – KeyChest →
Public cloud providers have absolute control over our data, applications, everything we do on their cloud platform. Independent key management lowers users’ risk exposure and as such is in the interest of cloud providers. Well, Amazon AWS has different thoughts.
Continue reading Does Amazon Want To Control All Encryption Keys? →
From supercomputers to IoT – processors (or chips) are everywhere. Computer chips protecting our privacy and security would first travel the world to get designed, fabricated, and personalized. Even if we had an unbreakable encryption algorithm, it may be defeated by its manufacturing. Let’s exploit superpowers and their influence to create a practical unbreakable encryption.
Continue reading Unbreakable Encryption with Secure Hardware and Geopolitics →