December 22, 2020
The short answer with supporting evidence is no, because it has been deprecated by the NIST since 2017 for new applications and for all applications by 2023.
read moreApril 7, 2020
If you use Zoom video-conferencing software, you probably be aware of the recent controversy about the security of their encryption protocols...
read moreNovember 12, 2019
On 29th July 2019 CapitalOne Financial Corp announced a data breach affecting 140 000 of their customer's social security numbers and 80 000 bank account numbers. CapitalOne is a major user of AWS cloud, and in this case the stolen data was stored in AWS S3 buckets. Why didn't encryption save us?
read moreNovember 8, 2019
Cryptosense Discovery is our free tool to test a host’s usage of cryptography for common configuration mistakes and vulnerabilities. Discovery's new version discovers more hosts and more vulnerabilities, and improves the visual representation of attacks. We achieve this by using a well-known visualization method called attack trees.
read moreJune 8, 2019
The announcement yesterday of this talk about HSM hacking on the BlackHat 2019 program has caused a stir, and for good reason: the authors claim to have discovered remote unauthenticated attacks giving full control of an HSM and complete access to keys and secrets stored on it...
read moreApril 23, 2019
Including passwords or cryptographic key material in source code is a major security risk for a number of reasons. In the worst case, if the code is public, everyone can read the key. Even if not, access to the code is often easier for an attacker to achieve than direct compromise of the application - the entire development team becomes part of the attack surface...
read moreApril 23, 2019
One question we're often asked by teams considering our Analyzer software is, how common are the kind of "rubber hits the road" deployment of crypto flaws that it detects?
read moreNovember 30, 2018
When we started testing the cryptography in Java applications using our Analyzer software, one of the first results we found was the use of a 512-bit RSA key for signature verification. At first this looks rather alarming since 512-bit RSA keys are easily breakable by brute force factorisation now.However, inspecting the stacktrace our Analyzer provides traces this back to a method called testSignatures...
read moreNovember 13, 2018
At Cryptosense, we wanted to build a tool that would effectively identify and help fix vulnerabilities related to cryptography - something no other tool makes a good job of...
read moreOctober 17, 2018
Yesterday's Oracle Critical Patch Update contains a credit to Cryptosense for CVE-2018-3210, a flaw found by one of our users while they were testing a Java application with our Analyzer software...
read moreAugust 27, 2018
Our recent work to add coverage of the Microsoft .NET API to Cryptosense Analyzer has led us into a dark and dangerous part of the internet: C# crypto tutorials...
read moreJune 25, 2018
Jenkins is a popular tool for managing continuous integration (CI), i.e. coordinating builds, tests and deployment of a software project in an automated way.In an enterprise context Jenkins has some security requirements, like ensuring that only users with the right permissions can access certain projects and carry out certain tasks, protecting sensitive data such as tokens for access to APIs, etc.
read moreApril 6, 2018
Continuous Integration or CI is a more and more widely adopted software engineering practice. A best practice for CI is to make the build self-testing, and recently this has started to include security testing. Cryptosense Analyzer, our tool for testing crypto security in applications, now integrates into CI.
read moreFebruary 22, 2018
In a 2014 article “Why does cryptographic software fail?”, Lazar et al. took the most recent 269 CVEs marked as “cryptographic issues” and classified the site of the failure. While 17% of the failures were in crypto libraries, 83% were in the way the applications use the libraries.
read moreDecember 11, 2017
Today Hanno Böck, Juraj Somorovsky and Craig Young announced details of new work testing TLS implementations in the wild for Bleichenbacher's attack on RSA PKCS#1v1.5 encryption.
read moreNovember 15, 2017
We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...
read moreAugust 14, 2017
Password-based key derivation functions (PBKDFs) are used in crypto for two reasons: to store passwords in a secure way, and to derive keys for use in other bits of crypto. We've written before about how they work and what parameters to use.
read moreJuly 21, 2017
The US National Institute of Standards and Technology (NIST) has just announced withdrawal of approval for triple DES (also known as 3DES, TDEA and sometimes DES EDE) in common protocols such as TLS and IPSec. In other applications, they propose a restriction to just 8MB of data before changing keys. Why are they doing this and what are the consequences?
read moreApril 7, 2017
In January 2017 Oracle released a Java update with a number of improvements to its crypto security. These included increasing minimum parameters (1024 bits for RSA XML signatures and DSA certificates, 256 bits for Elliptic curve keys used in TLS,..),
read moreFebruary 23, 2017
Today Google announced the first public full SHA-1 collision, i.e. the first pair of distinct values that when hashed with the SHA-1 function produce the same digest. This should not come as a surprise - it follows the free-start collisions announced at the end of 2015, and many cryptographers had been anticipating full SHA-1 collisions imminently.
read moreDecember 21, 2016
Google recently announced a project to produce tests for cryptographic libraries to detect common weaknesses. Piloted by star cryptographers Daniel Bleichenbacher and Thai Duong, this is an exciting development for us at Cryptosense, and not just because they cite our CRYPTO '12 paper in their RSA tests.
read moreNovember 29, 2016
Unchanged default access passwords are a pervasive problem in computer security. A recent high-profile example is the Mirai botnet that spread by using 61 common default login credentials.In programs using crypto, passwords are often used to generate cryptographic keys. For example, they are used to generate the "key encrypting keys" that are used to protect private keys stored in keystores, or the master key used to protect persistent application data written to storage.
read moreOctober 20, 2016
Our Java Crypto Analyzer tool works by tracing calls to the cryptographic library from all parts of the application under test, including libraries, framework components and dependencies.We recently tested the Analyzer on a large web application which uses a whole host of different libraries including PrimeFaces, a popular open-source library for graphics and UI elements in web applications.
read moreJune 9, 2016
When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?
read moreApril 28, 2016
Cryptosense software is designed to give our users visibility on the crypto their applications are using. We have tracing tools for PKCS#11 and Java, and recently we've been working on one for the OpenSSL crypto library (libssl and libcrypto). We'd like to share a couple of early results.
read moreApril 21, 2016
If you write a Java application that uses cryptography, chances are you'll have to store some cryptographic keys. The Java crypto APIs provide an abstraction for dealing with this called keystores. In this post, we're going to look into how Java keystores are protected when written out as files.
read moreMarch 16, 2016
The DROWN attack on SSL/TLS has by now been pretty comprehensively covered both here and elsewhere. But two weeks after its announcement, it's clear that it's not being fixed very fast, at least compared to other recent SSL vulnerabilities like Heartbleed. Why not?
read moreMarch 1, 2016
Today sees the public release of details of DROWN, another "full-stack" crypto vulnerability in TLS, involving new mathematical insights into the Bleichenbacher attack on PKCS#1v1.5 encryption, implementation bugs, failure to turn off old versions and real-world implementation data from Internet-wide scans showing that DROWN affects as many as 35% of HTTPS servers.
read moreNovember 23, 2015
Recent news about the discovery of free-start collisions for the SHA-1 hash function has attracted plenty of attention. But what does this mean for the security of SHA-1, and what should you do if you're using it?
read moreNovember 10, 2015
How many iterations, what salt and what hash function should I use with PBKDF2?To answer this, we need to look a little at what password-based key derivation function (PBKDF)2 does, and how it works.
read moreNovember 3, 2015
The recent key-extraction attack on the SafeNet Luna HSM (CVE-2015-5464) led to a lot of discussion about HSM security. If an HSM has "one job", it's to make sure that keys that are marked "unextractable" really are "unextractable".
read moreNovember 24, 2014
Hardware Security Modules (HSMs) are tamper-resistant special-purpose computers that protect the most sensitive cryptographic key material in an organisation. They are used for security-critical applications such as electronic payment, PKI, inter-bank transfers, and PIN management in the cash machine network.
read moreMay 19, 2014
RSA Encryption with padding as described in PKCS#1v1.5 has been known to be insecure since Bleichenbacher's CRYPTO 98 paper revealed a chosen ciphertext attack. PKCS#1 version 2.0, published September 1998, proposed a new padding scheme based on OAEP and recommended the old scheme not be used in any new implementations.
read more