Tag Archives: encryption

The Edward Snowden Story Calls For Understanding of Encryption, Strong Identity

September 18, 2013 by Bill Conner     No Comments
This entry is part 2 of 2 in the series The Snowden Papers: Lessons to be Learned

This entry is part 2 of 2 in the series The Snowden Papers: Lessons to be LearnedEntrust’s Approach and View of Cryptography There has been tremendous press coverage over the last week or two about cryptographic systems and threats to their security. I want to take some time to share how Entrust, as a global [Read More...]

NSA Leaks Uncover Legitimate Surveillance Concerns, But Cryptographic Systems are Not One of Them

September 17, 2013 by Bill Conner     1 Comment
This entry is part 1 of 2 in the series The Snowden Papers: Lessons to be Learned

This entry is part 1 of 2 in the series The Snowden Papers: Lessons to be LearnedIntelligence Services Disclosures and the Impact on Information Security The Washington Post and other media outlets have provided extensive coverage of allegations made by Edward Snowden concerning some of the NSA’s surveillance programs. The allegations include: The NSA has [Read More...]

RC4 Attack in SSL/TLS

March 19, 2013 by Bruce Morton     1 Comment

The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS.

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: BEAST, CBC, encryption

SSL Certificate Status Checking

March 12, 2013 by Bruce Morton     No Comments

As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs on the importance of revocation checking

Lucky Thirteen TLS Attack

February 5, 2013 by Bruce Morton     No Comments

Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

Summarization of CRIME Attack on SSL

October 2, 2012 by Bruce Morton     No Comments

I’ve written a few blogs on CRIME, but now that Juliano Rizzo and Thai Duong have presented CRIME at Ekoparty 2012, I thought a summary is due. CRIME is short for “Compression Ratio Info-Leak Made Easy.” In their presentation, Rizzo and Duong reminded us that HTTPS provides confidentiality, integrity and authenticity; however, CRIME decrypts portions [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: CRIME, DEFLATE, encryption

Testing Your SSL Server for CRIME

September 17, 2012 by Bruce Morton     No Comments

We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data [Read More...]