• NIST Reconsiders Support for Suspect Algorithm

    The reputation of the U.S. National Institute of Standards and Technology (NIST) took a massive hit last year when it was suggested in revelations made by Edward Snowden that one of its standard procedures for generating random bit sequences had been subverted by the Nation Security Agency (NSA). If the suggestions were correct, then the flaw in the Dual-EC DRBG

        in Encryption
    0
  • Elliptic-Curve Cryptography, Simplified

    As both standalone and networked computing capabilities continue to grow in-line with Moore’s law, key sizes for the most widely used public-key cryptographic systems have to grow disproportionately fast. This trend makes a switch to elliptic-curve cryptography (ECC) more and more attractive. Unfortunately, ECC has a reputation for being difficult to understand. And this reputation, deserved or not, deters many

        in General
    0
  • Dual-EC DRBG Concerns Hit Media Again

    NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation is a critical foundation of

        in General
    0
  • Digital Certificate Revocation – What the Future Holds

    When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or services have chosen compatible options.

        in Certificate Management, SSL
    0
  • Dual-EC DRBG Concerns Hit Media Again

    NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation is a critical foundation of

        in General
    0
  • Digital Certificate Revocation – What the Future Holds

    When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or services have chosen compatible options.

        in Certificate Management, SSL
    0