security standards – WindowsTechs.com

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Posted on February 26, 2024 by Bruce Schneier

Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022.

There’s a lot of detail in the Apple blog post, and more in Douglas Stabila’s security analysis.

I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms. The mathematics of cryptanalysis for these lattice and other systems is still rapidly evolving, and we’re likely to break more of them—and learn a lot in the process—over the coming few years. But if you’re going to make the switch, this is an excellent choice. And Apple’s ability to do this so efficiently speaks well about its algorithmic agility, which is probably more important than its particular cryptographic design. And it is probably about the right time to worry about, and defend against, attackers who are storing encrypted messages in hopes of breaking them later on future quantum computers…

Continue reading Apple Announces Post-Quantum Encryption Algorithms for iMessage→

You Can’t Rush Post-Quantum-Computing Cryptography Standards

Posted on August 8, 2023 by Bruce Schneier

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards.

This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take “several years.

The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market. It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time…

Continue reading You Can’t Rush Post-Quantum-Computing Cryptography Standards→

New US Executive Order on Cybersecurity

Posted on May 13, 2021 by Bruce Schneier

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government.

For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market.

I’m a big fan of these sorts of measures. The US government is a big enough market that vendors will try to comply with procurement regulations, and the improvements will benefit all customers of the software…

Continue reading New US Executive Order on Cybersecurity→

7 Challenges that Stand in the Way of Your Compliance Efforts

Posted on November 16, 2020 by Ehab Nour

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit … Continue reading 7 Challenges that Stand in the Way of Your Compliance Efforts→

Ordell Robbie, Tripwire and Security Configuration Management.

Posted on November 2, 2020 by Mitch Parker

ORDELL: Take the keys, man. Listen to music. LOUIS: Which one is for the car? (Ordell finds it. While he goes through the keys, Vicki comes back on the line.) (Max speaks with her as he fills out his papers.) ORDELL: (holding a key) This one’s for the … Continue reading Ordell Robbie, Tripwire and Security Configuration Management.→

The UK’s Minimum Cyber Security Standard: What You Need to Know

Posted on July 12, 2018 by Tripwire Guest Authors

In June 2018, the UK Government, in collaboration with NCSC (National Cyber Security Centre), produced a new security standard that all Government “Departments”, including organisations, agencies, arm’s length bodies, and contractors … Continue reading The UK’s Minimum Cyber Security Standard: What You Need to Know→

Putting PCI-DSS in Perspective

Posted on April 17, 2018 by Tripwire Guest Authors

Much attention and excitement within the security world has recently been focused on the lucrative surge in crypto-mining malware and hacks involving or targeting cryptocurrency implementations themselves. Yet the volume of ‘real world’ tra… Continue reading Putting PCI-DSS in Perspective→

Are You Compliant with NIST 800-171?

Posted on March 15, 2018 by Rami Sass

In June 2015, the U.S. National Institute of Standards and Technology (NIST) released its latest set of guidelines for the handling of Controlled Unclassified Information (CUI), comprising data including personally identifiable information (PII), bank… Continue reading Are You Compliant with NIST 800-171?→