Zero Knowledge Proofs
Cryptosense
by csadmin
3y ago
It was typical of renaissance and early-modern scientists to use anagrams or proto-hash functions of their scientific discoveries. The anagram of a Latin sentence would be published as a way of staking a claim to a scientific discovery that still required further research or results. It was a way of demonstrating information was known without revealing the information that another scientist could use to steal the credit for the discovery. When the research was completed, the scientist would reveal the original sentence, which could be verified against the published anagram. This type of commit ..read more
Visit website
Which Algorithms Are FIPS 140-3 Approved?
Cryptosense
by Graham Steel
3y ago
The new 3rd revision of the FIPS 140 standards for Cryptographic Modules is an effort to align the NIST-managed standard with its ISO counterpart ISO 19790(2012). However, some parts of the standard remain specific to NIST, and one of these is the list of approved algorithms which is in SP 800-140C – CMVP Approved Security Functions. This overides Annex C of the ISO standard. SP 800-140C is a list of references to NIST standards describing the approved algorithms and transition guidance. We summarize here the March 2020 version. Block Ciphers The March 2020 version of the document approves AES ..read more
Visit website
Is Triple DES Secure?
Cryptosense
by Jarred McGinnis
3y ago
Short answer, No. The short answer with supporting evidence is no, because it has been deprecated by the NIST since 2017 for new applications and for all applications by 2023. It has been superseded by the more robust and longer key lengths of AES. ENISA, Europe’s version of the NIST, classified Triple DES (3DES) as legacy since 2014 and recommends for encryption a minimum of 128 bits. Triple DES gives you only 112 bits and, with a 112 bit key, NIST suggests that only provides 80 bits of actual security. The long answer. The long answer takes us to an algorithm named after a fallen angel, cons ..read more
Visit website
Keep Calm and Carry On: Why you may already have the solution to Post-Quantum Cryptography
Cryptosense
by Jarred McGinnis
3y ago
These are anxious times. For the worriers among us 2020 has been a bumper year. We’ve had a global pandemic and the rise of Fascism in democratic countries. Not content with this, the techno-literate fretful have added ‘Quantum Supremacy’ (i.e. the point at which quantum computers outperform their digital traditional cousins) to the list of concerns. It is easy to forget that an absolutely secure computer system does not exist. Public key cryptography like RSA, elliptic curve, Diffie-Hellman, etc. makes it absurdly difficult, but not impossible to circumvent its well-designed security measures ..read more
Visit website
FedRAMP and FIPS 140-2 Cryptography
Cryptosense
by Graham Steel
3y ago
If you want to supply cloud-based services to the US Federal Government, you have to get FedRAMP approval. This certification process covers a whole host of security issues, but is very specific about its requirements on cryptography: you have to use FIPS 140-2 validated modules wherever cryptography is needed. This is a stronger requirement than just using the NIST recommended (or “FIPS compliant”) algorithms: you have to be able to show that the implementation of these algorithms has passed a FIPS 140-2 validation in an approved lab. Proving that your application uses only these modules can ..read more
Visit website
Are my Encryption Keys in the Cloud Really Secure?
Cryptosense
by Sam Ross-Gower
3y ago
A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure. This can be a particular concern for people working in highly regulated industries. So how can you know if your keys are secure? In this video Dr Graham Steel explains the issues that our customers often ask us about. For more on this subject check out our webinars on cloud KMS, and KMS alternatives. References: [1] The Cloud Act [2] AWS white paper on cloud KMS [3] Google Cloud white paper on KMS [4] What is an HSM and how does it work? [5] How ..read more
Visit website
Migrate Keys to Cloud KMS Without Rewriting any Code
Cryptosense
by Sam Ross-Gower
3y ago
You can easily migrate cryptographic keys to the cloud without rewriting any code. In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon’s AWS KMS. We will modernize the cryptography used by the application, without having to rewrite any code. Firstly, we will discover all the cryptographic keys used by the application. To do this we attach an agent to the running application and record all the calls to the cryptographic libr ..read more
Visit website
What is a Keyblock?
Cryptosense
by Graham Steel
3y ago
In financial cryptography and PCI standards, a Key Block is an encrypted key stored with its metadata in a cryptographically secure way. That means that the key’s usage information and other parameters can’t be altered by an attacker by tampering with the encrypted key. To understand why they are useful, and why their adoption is now a big deal in the financial services industry, we have to look at a little history. A Brief History of PINs We all have experience of using PIN codes at ATMs (cash machines) to authenticate ourselves to our bank and withdraw money. How does the issuing bank check ..read more
Visit website
Cryptography Inventory – Best Practice Tips
Cryptosense
by Sam Ross-Gower
3y ago
Here’s a roundup of best practice tips for getting started with your cryptography inventory project. The information below is a summary based on our experience of cryptography inventory projects with some of our clients. If you’d like more detail, we have an on-demand webinar series and a whitepaper on this subject. Cryptography Inventory Tips Why am I building an Inventory? This may seem obvious, but in large organizations where the inventory is required by multiple teams for different reasons, conflicts can easily arise. Ease of data collection and usability of the end result are critical fa ..read more
Visit website
ANSSI TLS recommendations v1.2 in Cryptosense Discovery
Cryptosense
by Bertrand Bonnefoy-Claudet
3y ago
Our cryptography service discovery site discovery.cryptosense.com detects servers under a given domain name and runs SSH and TLS scanners against each of them. The results are checked against best practices carefully defined by Cryptosense. You can also choose to check your results against other widely known standards: ECRYPT and NIST. Cryptosense Discovery now provides a new standard, “ANSSI”, based on the recent new version of the security recommendations for TLS by ANSSI, the French government cybersecurity agency. Why would I care about recommendations from ANSSI? Broadly speaking, ANSSI ..read more
Visit website

Follow Cryptosense on FeedSpot

Continue with Google
Continue with Apple
OR