public-key cryptography – Page 2

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates

Posted on October 14, 2019 by Zeljka Zorz

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinp… Continue reading Analysis reveals the most common causes behind mis-issued SSL/TLS certificates→

Estonia blocks certificates on 760,000 ID cards due to identity theft risk

Posted on November 3, 2017 by Help Net Security

On 3 November 2017 at midnight, Estonia will block the certificates of 760,000 ID cards. The decision is the result of the discovery of a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. Estonian electronic ID cards have been manufactured by the Swiss company Trub AG and its successor Gemalto AG since 2001. The … More → Continue reading Estonia blocks certificates on 760,000 ID cards due to identity theft risk→

Vulnerability in code library allows attackers to work out private RSA keys

Posted on October 17, 2017 by Zeljka Zorz

Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. This private key could be then misused to impersonate its legitimate owner, decrypt sensitive messages, forge signatures (e.g. for software releases) and more. The vulnerable version of the library is v1.02.013, and it’s unfortunately been in use since 2012 in a wide … More → Continue reading Vulnerability in code library allows attackers to work out private RSA keys→

Key Transparency: A secure directory of public encryption keys

Posted on January 17, 2017 by Zeljka Zorz

Google has released Key Transparency, an open source public directory meant to simplify the discovery of intended recipients’ public encryption key. The project is still in the prototype phase, and the company is looking for input from the crypto community and other industry leaders. Security pros from Open Whisper Systems, Yahoo, and the CONIKS team have been leding their hand for a while now. The aim is to make Key Transparency an easy-to-use (even by … More → Continue reading Key Transparency: A secure directory of public encryption keys→

NSA could put undetectable “trapdoors” in millions of crypto keys

Posted on October 11, 2016 by Dan Goodin

Technique allows attackers to passively decrypt Diffie-Hellman protected data. Continue reading NSA could put undetectable “trapdoors” in millions of crypto keys→

4.5 million web servers have private keys that are publicly known!

Posted on September 12, 2016 by Paul Ducklin

Web security uses cryptographic keypairs called public and private keys. See if you can guess which one is supposed to be kept private… Continue reading 4.5 million web servers have private keys that are publicly known!→

Open source hardware cryptographic module offered for $800

Posted on July 19, 2016 by Zeljka Zorz

For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure. They have created two prototype platforms, and one of them – CrypTech Alpha, a small alpha version of a custom CrypTech board – is effectively being sold for $800. “A Hardware Security Module (HSM) is a specialized device used to securely store the public/private key pairs used … More → Continue reading Open source hardware cryptographic module offered for $800→