• SOLUTIONS
      • Cryptosense Analyzer Platform
      • Cryptography Inventory
      • Secure Cloud Migration
      • PKCS#11 Device Audit
  • RESOURCES
      • Whitepapers
      • Webinars
      • Cloud Cryptography
      • Datasheets
      • Training Courses
      • Blog
  • COMPANY
      • About Us
      • Careers
      • Partners & Resellers
      • Contact
  • SUPPORT
  • GET IN TOUCH
October 8, 2014

Rethinking PKCS#11 Compliance

Some standards come with compliance criteria built in – you can’t say you’ve implemented the standard until your code can pass the tests. With PKCS#11, a 407-page standard specifying the most widely used API in cryptographic hardware, there are no such tests. So how can a would-be PKCS#11 user discriminate between a good implementation of the API and a bad one? And how can a manufacturer find compliance bugs and then demonstrate the quality of their product?

Continue reading →

August 1, 2014

Cryptosense at the ICFP ML Workshop

As part of what some are describing as a fantastic programme, Thomas will present his work on well-typed smart fuzzing at the ICFP ML Workshop in Gothenburg in September. The smart fuzzing algorithm is a key part of the first phase of the Cryptosense test methodology. Read more about it here, or if you’re attending the ICFP workshops, why not ask for a demo – both Thomas and Romain will be there.

Try Cryptosense Analyzer for Free

July 21, 2014

Well-Typed Smart API Fuzzing

Since I joined Cryptosense in March, I’ve been working on a new implementation of the testing framework that we use to reverse-engineer cryptographic APIs. Last Friday, I gave a talk at the 7th Analysis of Security APIs workshop in Vienna where I explained some of the main ideas of this work. Here’s a high-level summary of my presentation.

When I arrived at Cryptosense I could see there had already been a huge investment in advancing the state of the art in automatic analysis of an API such as PKCS#11. The challenge was to generalise this tool to be able to test other crypto APIs in a scalable way, without reproducing all the effort.

Continue reading →

Search the Blog

Interested in Crypto News?

Article Categories

  • Archive (37)
  • Cloud Cryptography (11)
  • Crypto Agility (3)
  • Cryptographic Vulnerabilities (8)
  • Cryptography (66)
  • Cryptography Inventory (6)
  • Cryptosense Company News (18)
  • Encryption (8)
  • HSM Security (7)
  • Key Lifecycle Visibility (4)
  • Other (8)
  • Post-Quantum Cryptography Preparedness (1)
  • Products (24)
  • Security (83)
  • Tech (10)

Most Popular Posts

  • Parameter choice for PBKDF2
  • New cryptography in .NET Core 3.0
  • FIPS 140-3 Compliant Cryptography
  • FedRAMP and FIPS 140-2 Cryptography
  • Dangerous Tutorials: How not to learn C# cryptography
  • Detecting hard-coded cryptographic keys, passwords and credentials
  • Why PKCS#1v1.5 Encryption Should Be Put Out of Our Misery
  • BouncyCastle Keystore Security
  • The End of Triple DES
  • What is a Keyblock?
    • Solutions
      • Cryptosense Analyzer Platform
      • Cryptography Inventory
      • Secure Cloud Migrations
      • PKCS#11 Security Audit
      • Request Demo
    • Resources
      • Whitepapers
      • Webinars
      • Cloud Cryptography
      • Datasheets
      • Blog
      • Support
    • Company
      • About Us
      • Careers
      • Partners & Resellers
      • Contact

Follow us on Twitter FR: +33 (0)9 72 42 35 31 US: +1 646-893-7657

info@cryptosense.com

© 2012-2020 Cryptosense | All rights reserved.

  • Cryptosense Analyzer
  • Use Cases
  • Cloud Cryptography
  • Whitepapers
  • Webinars
  • About Us
  • Blog
  • Support
  • Contact
We use cookies to deliver our services. If you continue to use this site we assume you consent to our privacy policy.ACCEPTPrivacy policy