July 21, 2021
Or ‘Wait, what does SCEP stand for again?’ Cryptography is the study of secure communication, but you would be forgiven if you thought it was a mathematician's hobby of creating unpronounceable acronyms. HSTS, really? What's wrong with something like Radar or Crispr? In this article we’ll go through some of the key terms and acronyms that pop up when working in the cryptography field.
July 6, 2021
Cryptography is an essential enabling technology for modern business: without it we would not be able to protect our sensitive data or carry out authentication. When perfectly implemented and maintained, cryptography provides security we can rely on. However, detailed errors in its usage can lead to total loss of protection, and our increasing reliance on cryptography means that these mistakes now carry significant financial and reputational risks.
June 28, 2021
Many of our customers use Cryptosense Analyser Platform (CAP) to try to discover where they're using cryptography, and machine identities are an important part of that. That job just got easier thanks to a new integration with Venafi. In a recent interview with Venafi's Bridget Hildebrand, Graham explained why this integration was so interesting for many of our customers...
June 15, 2021
It’s incredible that in this world there is any trust at all. You need only watch a nature documentary or CNBC to know deceit, treachery and malfeasance are rife. Yet, here we are. The vast majority of our transactions are secure and successful. Our passwords remain confidential, usually. Our data's integrity is preserved, more often than not
May 12, 2021
Shadow certificates are more likely than you think. It is as if the nails and screws used to build a house end up being what makes the house fall down. Briefly, shadow certificates refer to digital certificates that have been introduced by employees that the DevOps or SecOps teams are unaware of.
April 2, 2021
What do dragons do with their treasure anyway? As far as I can tell, their whole goal is to ensure their hoard is secure. End of list. Yet it seems to defeat the purpose of amassing a large amount of fungible assets not to put them to use. Surely, it would be better for the dragon to invest some of that treasure into seed funding for a direct-to-lair sheep delivery app. But, who am I to question the wisdom of the wyrm. Allowing for the occasional invisible hobbit, dragons have always done a good job at data security, sorry, treasure security.
February 26, 2021
Previously we talked about Zero Knowledge Proofs as an emerging way to avoid having to trust large organizations who may intentionally misuse or unintentionally compromise our data. Secure Multiparty Computation is a way for a number of parties to work together to solve a problem without revealing the information used in the computation to the other parties.
January 25, 2021
It was typical of renaissance and early-modern scientists to use anagrams or proto-hash functions of their scientific discoveries. The anagram of a Latin sentence would be published as a way of staking a claim to a scientific discovery that still required further research or results.
January 11, 2021
The new 3rd revision of the FIPS 140 standards for Cryptographic Modules is an effort to align the NIST-managed standard with its ISO counterpart ISO 19790(2012).
December 22, 2020
The short answer with supporting evidence is no, because it has been deprecated by the NIST since 2017 for new applications and for all applications by 2023.
November 20, 2020
These are anxious times. For the worriers among us 2020 has been a bumper year. We’ve had a global pandemic and the rise of Fascism in democratic countries. Not content with this, the techno-literate fretful have added ‘Quantum Supremacy’ to the list of concerns....
October 27, 2020
If you want to supply cloud-based services to the US Federal Government, you have to get FedRAMP approval. This certification process covers a whole host of security issues, but is very specific about its requirements on cryptography: you have to use FIPS 140-2 validated modules wherever cryptography is needed...
October 23, 2020
In this short demo, Graham explains how to use a Hardware Security Module (HSM) securely.
September 21, 2020
In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon's AWS KMS.
October 21, 2020
A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure...
July 31, 2020
In financial cryptography and PCI standards, a Key Block is an encrypted key stored with its metadata in a cryptographically secure way. That means that the key's usage information...
June 3, 2020
This may seem obvious, but in large organizations where the inventory is required by multiple teams for different reasons, conflicts can easily arise....
May 7, 2020
Cryptosense Discovery now provides a new standard, "ANSSI", based on the recent new version of the security recommendations for TLS by ANSSI, the French government cybersecurity agency.
April 7, 2020
If you use Zoom video-conferencing software, you probably be aware of the recent controversy about the security of their encryption protocols...
April 3, 2020
We have had a number of queries recently from people trying to figure out what FIPS 140-3 is, and how they can supply a FIPS 140-3 compliant solution to their customers. To make sense of this question we first need to understand a little background...
March 20, 2020
Identifying the cryptographic keys an application really uses, what they are used for, and how they are stored, is a critical step towards many transformation projects...
March 6, 2020
Cryptographic inventory has become a hot topic for enterprises over the last 12 months. Business drivers include reducing security risk, automating compliance, achieving crypto agility, and preparing for cloud crypto migration.
February 16, 2020
The importance of cryptographic key management increases as companies begin to move sensitive applications to the public or hybrid cloud. Understanding exactly which keys are carrying out which operations, what data each key is protecting, and how they are generated and stored, is more critical than when all keys were only used and stored on-premise.
November 12, 2019
On 29th July 2019 CapitalOne Financial Corp announced a data breach affecting 140 000 of their customer's social security numbers and 80 000 bank account numbers. CapitalOne is a major user of AWS cloud, and in this case the stolen data was stored in AWS S3 buckets. Why didn't encryption save us?
December 5, 2019
Azure Storage is one of the most widely used services in the Microsoft Azure cloud, and is the Azure equivalent of the AWS S3 service. Most users of the service know that it is wise to encrypt sensitive data before storing it in the cloud. In this post, we will look at how that can be done using the Azure Java SDK, and will use the Cryptosense Analyzer Platform to gain insight into how the Azure SDK encrypts your data.
November 8, 2019
Cryptosense Discovery is our free tool to test a host’s usage of cryptography for common configuration mistakes and vulnerabilities. Discovery's new version discovers more hosts and more vulnerabilities, and improves the visual representation of attacks. We achieve this by using a well-known visualization method called attack trees.
September 20, 2019
Containers are often designed to be stateless. That means all state changes made by the application happen in the database, or some external storage. They don't happen on the container filesystem...
August 26, 2019
A cryptographic inventory is a strategic cybersecurity asset much like other hardware and software inventories. It enables an organisation to enforce a secure cryptographic policy across IT infrastructure, react quickly to security issues, and efficiently carry out strategic transformations such as migrating crypto services to the cloud or deploying post-quantum cryptography. In order to do achieve this, an inventory needs to have the following properties:
August 1, 2019
What's the difference between cryptography in .NET Framework and .NET Core? A large part of the .NET APIs are common to both .NET Core and .NET Framework. Microsoft even released the .NET Standard, a subset of .NET APIs provided by all .NET implementations, to simplify things for cross-implementation developers. However, there are still significant differences between Core and Framework, and cryptography is one of them.
June 20, 2019
A recent success story for Cryptosense is our roll-out with a large global player in the ATM (cash machine) network. Since this firm is considered a Service Provider in the PCI regulations, they have regular audits to pass which contain a lot of requirements on cryptography: full cartography of applications, compliance with NIST standards etc.
June 8, 2019
The announcement yesterday of this talk about HSM hacking on the BlackHat 2019 program has caused a stir, and for good reason: the authors claim to have discovered remote unauthenticated attacks giving full control of an HSM and complete access to keys and secrets stored on it...
June 20, 2019
As well as treating applications in Java and .NET, Cryptosense Analyzer can also check the cryptographic security of PKCS#11 implementations in HSMs and elsewhere. We recently added a few of improvements requested by our users.
April 23, 2019
Including passwords or cryptographic key material in source code is a major security risk for a number of reasons. In the worst case, if the code is public, everyone can read the key. Even if not, access to the code is often easier for an attacker to achieve than direct compromise of the application - the entire development team becomes part of the attack surface...
April 23, 2019
One question we're often asked by teams considering our Analyzer software is, how common are the kind of "rubber hits the road" deployment of crypto flaws that it detects?
March 22, 2019
A first step of many cryptography projects - preparation for Cloud migration, crypto agility, or improving application security, is to map out the cryptography actually in use in an application. A naive approach would be to just review the source code and search for cryptographic calls. However, this is both time-consuming and error-prone...
February 28, 2019
Oracle are now putting some very serious investment into their cloud in an effort to capitalise on their enterprise customer base. Several of our own large customers are looking at OCI as a possible alternative or complement to other CSPs. OCI recently launched a cloud crypto service, so how does it measure up to the others in our cloud crypto comparison?
January 21, 2019
A recent NIST paper recommending which steps to take to prepare for the advent of quantum computers proposes that users of cryptography look to achieve 'crypto agility' as soon as possible. The idea was further expanded by Gartner in a recent research note, and now crops up regularly. It's sometimes described as 'crypto-agnosticism', but what does it mean, and how does one achieve it?
December 17, 2018
IAST has grown to about 20% of the AST market and is predicted to gain a larger share of this rapidly growing market in the coming years. However, in my opinion, the way IAST is understood and deployed today means that the acronym needs a tweak...
January 8, 2019
Modern versions of IAST (like ours) can detect flaws even when the application is executing standard functional tests - there is no need to simulate attacks. This enables these tools to be deployed early in the development lifecycle and integrated into CI toolchains. However, there's one key feature that doesn't figure on most IAST checklists: coverage checking...
November 30, 2018
When we started testing the cryptography in Java applications using our Analyzer software, one of the first results we found was the use of a 512-bit RSA key for signature verification. At first this looks rather alarming since 512-bit RSA keys are easily breakable by brute force factorisation now.However, inspecting the stacktrace our Analyzer provides traces this back to a method called testSignatures...
December 7, 2018
Amazon Simple Storage Service (S3) is one of the most widely-used cloud services. Most users of the service know it's wise to encrypt sensitive data before storing it in S3. In this post we'll look at how to do that securely using the AWS Java SDK, and how Cryptosense Analyzer will help you spot if you've done it wrong...
November 13, 2018
At Cryptosense, we wanted to build a tool that would effectively identify and help fix vulnerabilities related to cryptography - something no other tool makes a good job of...
October 17, 2018
Yesterday's Oracle Critical Patch Update contains a credit to Cryptosense for CVE-2018-3210, a flaw found by one of our users while they were testing a Java application with our Analyzer software...
August 27, 2018
Our recent work to add coverage of the Microsoft .NET API to Cryptosense Analyzer has led us into a dark and dangerous part of the internet: C# crypto tutorials...
October 3, 2018
Computers that exploit quantum mechanical properties offer the promise of (supposedly) unbreakable cryptography and other exciting applications, but they will also cause a huge, immediate problem: the day a large, practical quantum computer is developed, all existing widely-used asymmetric cryptography will be broken.
July 26, 2018
Hardware Security Modules (HSMs) are generally viewed as expensive and painful to maintain. It's not surprising that a lot of HSM users are looking for a cloud-based solution that would allow them to hand over maintenance to a third party and move to an opex instead of capex model...
June 25, 2018
Jenkins is a popular tool for managing continuous integration (CI), i.e. coordinating builds, tests and deployment of a software project in an automated way.In an enterprise context Jenkins has some security requirements, like ensuring that only users with the right permissions can access certain projects and carry out certain tasks, protecting sensitive data such as tokens for access to APIs, etc.
April 6, 2018
Continuous Integration or CI is a more and more widely adopted software engineering practice. A best practice for CI is to make the build self-testing, and recently this has started to include security testing. Cryptosense Analyzer, our tool for testing crypto security in applications, now integrates into CI.
March 28, 2018
This is the third post in a series about cloud crypto functionality provided by the "big three" cloud providers - Amazon Web Services, Microsoft Azure, and Google Cloud Platform...
February 22, 2018
In a 2014 article “Why does cryptographic software fail?”, Lazar et al. took the most recent 269 CVEs marked as “cryptographic issues” and classified the site of the failure. While 17% of the failures were in crypto libraries, 83% were in the way the applications use the libraries.
January 19, 2018
This is part two of our series looking at the cloud crypto services offered by the big three hosting companies: Amazon, Google and Microsoft...
December 11, 2017
Today Hanno Böck, Juraj Somorovsky and Craig Young announced details of new work testing TLS implementations in the wild for Bleichenbacher's attack on RSA PKCS#1v1.5 encryption.
December 18, 2017
With more and more sensitive applications being migrated to the public cloud, we've received several requests from our users to help them evaluate how the major cloud providers support crypto and key-management. In a series of posts, we'll be taking a look at the cloud crypto APIs of AWS, Google, and Microsoft (Azure).
November 29, 2017
Here at Cryptosense we've recently been working on adding the last few algorithms to our Java Crypto Analyzer to cover 100% of the standard (SunJCE) provider. The last one we treated was the mysterious-sounding DESede Wrap. What exactly does it do, and is it secure?
November 15, 2017
We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...
August 14, 2017
Password-based key derivation functions (PBKDFs) are used in crypto for two reasons: to store passwords in a secure way, and to derive keys for use in other bits of crypto. We've written before about how they work and what parameters to use.
July 26, 2017
JKS is the default keystore in all current versions of Java and still the only kind available in several widely-used application frameworks, despite issues with its security...
July 21, 2017
The US National Institute of Standards and Technology (NIST) has just announced withdrawal of approval for triple DES (also known as 3DES, TDEA and sometimes DES EDE) in common protocols such as TLS and IPSec. In other applications, they propose a restriction to just 8MB of data before changing keys. Why are they doing this and what are the consequences?
June 29, 2017
An interesting article at the recent IEEE Security & Privacy symposium carried out a usability study on Python crypto APIs. Participants with varying degrees of Python experience were given crypto programming tasks for which they had to use a given API (cryptography.io, Keyczar, PyNaCl, M2crypto or PyCrypto).
April 7, 2017
In January 2017 Oracle released a Java update with a number of improvements to its crypto security. These included increasing minimum parameters (1024 bits for RSA XML signatures and DSA certificates, 256 bits for Elliptic curve keys used in TLS,..),
March 24, 2017
A recent wikileaks dump of CIA material included a file called "Network Operations Division Cryptographic Requirements". Assuming it's genuine, this 17-page PDF describes crypto policy that must be followed by developers of "tools used to advance the CIA’s intelligence collection activities".
February 23, 2017
Today Google announced the first public full SHA-1 collision, i.e. the first pair of distinct values that when hashed with the SHA-1 function produce the same digest. This should not come as a surprise - it follows the free-start collisions announced at the end of 2015, and many cryptographers had been anticipating full SHA-1 collisions imminently.
January 31, 2017
At our crypto service discovery site discovery.cryptosense.com you don't have to enter the qualified domain name of a server to test (like www.mydomain.com) - you can just enter a partial name like mydomain.com and the tool will query DNS records to look for machines.
December 21, 2016
Google recently announced a project to produce tests for cryptographic libraries to detect common weaknesses. Piloted by star cryptographers Daniel Bleichenbacher and Thai Duong, this is an exciting development for us at Cryptosense, and not just because they cite our CRYPTO '12 paper in their RSA tests.
November 29, 2016
Unchanged default access passwords are a pervasive problem in computer security. A recent high-profile example is the Mirai botnet that spread by using 61 common default login credentials.In programs using crypto, passwords are often used to generate cryptographic keys. For example, they are used to generate the "key encrypting keys" that are used to protect private keys stored in keystores, or the master key used to protect persistent application data written to storage.
October 20, 2016
Our Java Crypto Analyzer tool works by tracing calls to the cryptographic library from all parts of the application under test, including libraries, framework components and dependencies.We recently tested the Analyzer on a large web application which uses a whole host of different libraries including PrimeFaces, a popular open-source library for graphics and UI elements in web applications.
October 3, 2016
PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we're releasing today...
August 16, 2016
Like the Oracle provider, keystores in BC rely on password-based encryption for confidentiality, i.e. deriving an encryption key from a password and then using that to encrypt the keys for writing to a file. BC offers three keystore types: BKS (bouncy castle keystore)...
August 8, 2016
In 2014 I wrote a piece for this blog on RSA PKCS#1v1.5 encryption and why we need to get rid of it. At the time, the list of algorithms and padding modes to be included in the W3C WebCrypto API was under discussion, and I wanted to argue for the exclusion of this mode from the API. In the end it was indeed left out.
July 19, 2016
In collaboration with the University of Venice Ca' Foscari, we've been researching the protocols smartcards and authentication tokens use to communicate underneath the PKCS#11 API that's exposed to applications. These protocols tend to be quite different for each device.
June 22, 2016
In the standard API for HSMs and other cryptographic hardware, PKCS#11, key-wrapping refers to the process of encrypting one key stored in hardware with another in order to send the first key somewhere else in a secure way. This operation has been the source of a whole series of security vulnerabilities, in particular because the encryption modes are often vulnerable to padding oracle attacks.
June 9, 2016
When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?
May 31, 2016
The new version (3.2) of the PCI DSS compliance requirements for the payment card industry was released a few weeks ago. While the PCI definition of strong cryptography remains unchanged, the new version contains some other interesting new measures around secure use of cryptography
May 19, 2016
As trailed back in September 2015, Google are turning off SSLv3 and RC4 support from their TLS servers. For the vast majority of people, this will have no noticeable impact at all. However, there is one place where the deprecated protocol and insecure cipher still lurk: mailservers. In particular, according to the google blog post, "inbound/outbound gateways, third-party emailers, and systems using SMTP relay."
April 28, 2016
Cryptosense software is designed to give our users visibility on the crypto their applications are using. We have tracing tools for PKCS#11 and Java, and recently we've been working on one for the OpenSSL crypto library (libssl and libcrypto). We'd like to share a couple of early results.
April 21, 2016
If you write a Java application that uses cryptography, chances are you'll have to store some cryptographic keys. The Java crypto APIs provide an abstraction for dealing with this called keystores. In this post, we're going to look into how Java keystores are protected when written out as files.
March 16, 2016
The DROWN attack on SSL/TLS has by now been pretty comprehensively covered both here and elsewhere. But two weeks after its announcement, it's clear that it's not being fixed very fast, at least compared to other recent SSL vulnerabilities like Heartbleed. Why not?
March 1, 2016
Today sees the public release of details of DROWN, another "full-stack" crypto vulnerability in TLS, involving new mathematical insights into the Bleichenbacher attack on PKCS#1v1.5 encryption, implementation bugs, failure to turn off old versions and real-world implementation data from Internet-wide scans showing that DROWN affects as many as 35% of HTTPS servers.
February 11, 2016
Welcome to the Golden Age of Applied Crypto ResearchThe year 2015 saw the publication of an unprecedented number of practical attacks on real cryptographic systems. Attacks like FREAK and LOGJAM which combine model-based testing of crypto code with state-of-the-art numerical algorithms for cryptanalysis give a taste of the kinds of capabilities that are available to sophisticated adversaries.
February 14, 2016
National and international standards bodies like NIST, ENISA and PCI already make recommendations about key-lengths and algorithms, so why write another set? At Cryptosense we've been working on a simple web-based tool to discover external-facing crypto services, and we needed a pragmatic set of best-practice standards for evaluating the results. If we used the ENISA "future application" standards, for example, pretty much the whole Internet would get an F.
December 15, 2015
Cryptography is sufficiently complex to make writing a single compliance document that ensures security impossible. There are nonetheless various industry compliance guidelines that try to ensure the biggest mistakes are avoided. The PCI-DSS standard, now in version v3.1, describes security requirements for processing electronic payments and includes some interesting crypto advice.
November 23, 2015
Recent news about the discovery of free-start collisions for the SHA-1 hash function has attracted plenty of attention. But what does this mean for the security of SHA-1, and what should you do if you're using it?
November 10, 2015
How many iterations, what salt and what hash function should I use with PBKDF2?To answer this, we need to look a little at what password-based key derivation function (PBKDF)2 does, and how it works.
November 3, 2015
The recent key-extraction attack on the SafeNet Luna HSM (CVE-2015-5464) led to a lot of discussion about HSM security. If an HSM has "one job", it's to make sure that keys that are marked "unextractable" really are "unextractable".
August 14, 2015
The vast majority of the Cryptosense code base is built using OCaml. We're excited to announce that we're releasing a couple of the OCaml libraries we developed as free software: records and enumerators. Here we'll describe what the two libraries do and what we use them for.
July 16, 2015
In April 2015, following its transfer to OASIS, the PKCS#11 standard for device crypto APIs got its first official update in ten years. There is always some lag time between a new standard and vendor adoption. Here are five good reasons you should be nagging your crypto hardware vendor to upgrade:
June 17, 2015
The latest firmware update (v11.72) for the Thales eSecurity-nCipher net HSM includes a fix for a security issue found by the Cryptosense PKCS#11 compliance tester.
May 5, 2015
This question is the subject of a podcast interview with Cryptosense founder, Graham Steel, in which he talks to Karen Webster, CEO of PYMTS.com.
May 1, 2015
Growth in cloud computing, smartphone use and interconnected devices means that even more of our private data is now at risk from hackers. Cryptography is being used more and more to secure this data, however it is notoriously hard to implement correctly.
March 30, 2015
For the next instalment in our compliance testing series, we interviewed the creators of Caml Crush, an open source PKCS#11 project. Caml Crush is a filtering proxy that inserts itself between a PKCS#11 device and the calling application. As well as its inherent client/server architecture be it local or remote, Caml Crush can also apply filters which deal with some of the major security issues that affect PKCS#11 interfaces. We will take a look at how it works and how it affects the Compliance Checker results on a device. The developers of Caml Crush (Ryad Benadjila, Thomas Calderon, and Marion Daubignard at the ANSSI) agree that “The PKCS#11 standard is not easy to use“, so how does Caml Crush help?
February 4, 2015
Since we wrote this post our compliance criteria have been extended to over 100 covering PKCS#11 v2.40 and used to find a host of issues with live HSMs. Recently we've been trying out our PKCS#11 compliance tester on a number of open-source PKCS#11 implementations. We'll be publishing the results here over the next few weeks, as well as sending the reports from our tools to the project developers.
January 5, 2015
Since we wrote this post three years ago, several HSMs have added support for modern elliptic curves like curve25519. The yet-to-be-finalised PKCS#11v3.0 will likely have a number of new algorithms using this curve and variationsOriginal post:If you read the last post about choice of key lengths in PKCS#11, you may have been struck by the fact that the recommended key lengths for RSA, if you want to be secure in the future, are rather long. This is one of several reasons for moving to elliptic curve cryptography. But which curve to choose?
December 29, 2014
In a series of articles on the blog this year we've covered cryptographic algorithm choice in PKCS#11, taking into account recent cryptanalytic results. This post will complete the picture by discussing the choice of key-length and other parameters for these algorithms. As usual, our main source is the ENISA Algorithm and Key Length Report, recently updated for 2014.
November 24, 2014
Hardware Security Modules (HSMs) are tamper-resistant special-purpose computers that protect the most sensitive cryptographic key material in an organisation. They are used for security-critical applications such as electronic payment, PKI, inter-bank transfers, and PIN management in the cash machine network.
November 5, 2014
We originally published our compliance criteria for PKCS#11v2.20 back in 2014. We recently completed an update for v2.40, which contains new criteria for the extra attributes added in the new version, as well as revised references that take you directly to the right section of the HTML document of PKCS#11v2.40. Since we started applying these criteria to commercially available PKCS#11 devices using our Analyzer, we have found multiple vulnerabilities and non-compliances in several major manufacturer's products, all of which had FIPS/CC certifications.
October 24, 2014
In previous posts we covered the state of the art cryptanalysis results on the RSAmechanisms, hash functions, block ciphers and block cipher modes available in PKCS#11. In this post we look at the message authentication code (MAC) mechanisms available.
October 2, 2014
This is the latest in our series analysing the state of the art cryptanalysis results on the RSAmechanisms, hash functions and block ciphers available in PKCS#11.We've seen that PKCS#11 makes available a range of block ciphers ranging from dubious to recommended options. Additionally, for most block ciphers, several modes are available. What are the security consequences of the mode choice?Here we survey the block cipher modes available, giving a brief summary of their security.