Software Integrity

Archive for the 'Cryptography' Category

 

ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

What happened and what can we learn? There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced […]

Continue Reading...

Posted in Application Security, Cryptography, Data Breach | Comments Off on ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

 

A primer on protecting keys and secrets in Microsoft Azure

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]

Continue Reading...

Posted in Application Security, Cloud Security, Cryptography | Comments Off on A primer on protecting keys and secrets in Microsoft Azure

 

TLS 1.3 and the future of cryptographic protocols

SSL and TLS are a family of cryptographic protocols that protect sensitive communications on the Internet. The first standard, SSL 2.0, was released in 1995. The latest standard, TLS 1.2, was released in August 2008. Its 20-year history has been marred by numerous cryptographic breaks (both in the underlying primitives and in the protocol itself) […]

Continue Reading...

Posted in Cryptography, Open Source Security, Software Security Testing | Comments Off on TLS 1.3 and the future of cryptographic protocols