• SOLUTIONS
      • Cryptosense Analyzer Platform
      • Cryptography Inventory
      • Secure Cloud Migration
      • PKCS#11 Device Audit
  • RESOURCES
      • Whitepapers
      • Webinars
      • Cloud Cryptography
      • Datasheets
      • Training Courses
      • Blog
  • COMPANY
      • About Us
      • Careers
      • Partners & Resellers
      • Contact
  • SUPPORT
  • GET IN TOUCH
April 3, 2020

FIPS 140-3 Compliant Cryptography

Adjusting to the new world of NIST cryptographic module standards

We have had a number of queries recently at Cryptosense from people trying to figure out what FIPS 140-3 is, and how they can supply a FIPS 140-3 compliant solution to their customers.

To make sense of this question we first need to understand a little background. Maintained by NIST, the Federal Information Processing Standards (FIPS) gives guidance to external suppliers regarding the standards their products have to reach for use by the US Government. Over time, they have become de facto standards for other sectors and other countries.

Continue reading →

February 16, 2020

The Importance of Cryptographic Key Management & Cryptographic Audit

“Most experts agree that encryption is the cornerstone of security, and helps you achieve a higher level of resilience against data misuse, theft or breach,” says Talya Mizrahi of Unbound Tech.
Continue reading →

August 1, 2019

New cryptography in .NET Core 3.0

What’s the difference between cryptography in .NET Framework and .NET Core?

A large part of the .NET APIs are common to both .NET Core and .NET Framework. Microsoft even released the .NET Standard, a subset of .NET APIs provided by all .NET implementations, to simplify things for cross-implementation developers. However, there are still significant differences between Core and Framework, and cryptography is one of them.

Continue reading →
April 23, 2019

How common is insecure cryptography?

Application security teams have limited resources for improving security. Deciding where to deploy them is not easy, and the right answer will vary for different organisations. However, one question we’re often asked by teams considering our Analyzer software is, how common are the kind of “rubber hits the road” deployment of crypto flaws that it detects?

Continue reading →

July 26, 2018

Cloud HSMs – The New Wave

Hardware Security Modules (HSMs) are generally viewed as expensive and painful to maintain. It’s not surprising that a lot of HSM users are looking for a cloud-based solution that would allow them to hand over maintenance to a third party and move to an opex instead of capex model (i.e. rent the HSM instead of buying it).

At the same time, companies looking to migrate their more complex business-critical applications are finding that Cloud Service Provider (CSP) key management APIs (e.g. AWS KMS, GCP KMS, and Azure keyvault as covered in an earlier post) often don’t offer the cryptographic flexibility they need to migrate securely and in compliance.

Responding to these market forces, a new wave of cloud-hosted HSMs is arriving. Equipped with standard APIs like PKCS#11, they offer the promise of flexible crypto services while keeping keys secure from cloud application compromise.

Continue reading →

May 31, 2016

New Crypto Requirements in PCI DSS 3.2

Update March 2018 You can read about how to test PCI-DSS crypto compliance using our Analyzer software.

Original post:

PCI logoThe new version (3.2) of the PCI DSS compliance requirements for the payment card industry was released a few weeks ago. While the PCI definition of strong cryptography remains unchanged, the new version contains some other interesting new measures around secure use of cryptography:

 

  • The deprecation of SSLv3 and TLSv1.0/1.1 are confirmed. However, to stay compliant, you still have two years to remove them before the deadline of June 2018.
  • A new requirement has been introduced for service providers to map out their cryptography use:

    3.5.1 Additional requirement for service providers only: Maintain a documented description of the cryptographic architecture that includes:
     Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date
     Description of the key usage for each key
     Inventory of any HSMs and other SCDs used for key management

(a “service provider” is defined here as someone who is “directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity.”)

No doubt many service providers already maintain such documentation, but the reality is that sometimes externally sourced applications that encrypt cardholder data for storage or transmission may be using undocumented cryptographic methods that the service provider is not aware of. Here the PCI standard is making it clear that it’s the service provider’s responsibility to know want crypto they are using.

Crypto Cartography Software

Cryptosense software can detect the crypto used by applications using common cryptographic libraries like Java and OpenSSL, and test its security and compliance with PCI-DSS. Get in touch to find out more.


Get a free trial of Cryptosense Analyzer

Search the Blog

Interested in Crypto News?

Article Categories

  • Archive (37)
  • Cloud Cryptography (11)
  • Crypto Agility (3)
  • Cryptographic Vulnerabilities (8)
  • Cryptography (66)
  • Cryptography Inventory (6)
  • Cryptosense Company News (18)
  • Encryption (8)
  • HSM Security (7)
  • Key Lifecycle Visibility (4)
  • Other (8)
  • Post-Quantum Cryptography Preparedness (1)
  • Products (24)
  • Security (83)
  • Tech (10)

Most Popular Posts

  • The End of Triple DES
  • BouncyCastle Keystore Security
  • Parameter choice for PBKDF2
  • How Ledger Hacked an HSM
  • New cryptography in .NET Core 3.0
  • Mighty Aphrodite - Dark Secrets of the Java Keystore
  • Five reasons to upgrade to PKCS#11 v2.40
  • The Untold Story of PKCS#11 HSM Vulnerabilities
  • FedRAMP and FIPS 140-2 Cryptography
  • What is a Keyblock?
    • Solutions
      • Cryptosense Analyzer Platform
      • Cryptography Inventory
      • Secure Cloud Migrations
      • PKCS#11 Security Audit
      • Request Demo
    • Resources
      • Whitepapers
      • Webinars
      • Cloud Cryptography
      • Datasheets
      • Blog
      • Support
    • Company
      • About Us
      • Careers
      • Partners & Resellers
      • Contact

Follow us on Twitter FR: +33 (0)9 72 42 35 31 US: +1 646-893-7657

info@cryptosense.com

© 2012-2020 Cryptosense | All rights reserved.

  • Cryptosense Analyzer
  • Use Cases
  • Cloud Cryptography
  • Whitepapers
  • Webinars
  • About Us
  • Blog
  • Support
  • Contact
We use cookies to deliver our services. If you continue to use this site we assume you consent to our privacy policy.ACCEPTPrivacy policy