April 2021

This month:

  • The future of cryptography
  • New European TLS guidelines
  • Hard coded keys
  • Why do we still have certificate outages in 2021?
  • New code breaking record for quantum-safe cryptography

The Future of Cryptography
From SMPC to ZKP there's a lot going on in the area of privacy-preserving computing these days. Over the last three months our guest writer Dr Jarred McGinnis has been doing a deep dive on some of these areas for our blog. Technologies such as homomorphic encryption are increasingly finding 'real world' applications, especially in the financial services sector.  

New European TLS Guidelines
Rather than choosing to align on the supposedly pan-European ECRYPT guidelines, several countries evidently prefer to write their own guidelines for cryptographic algorithms. The Dutch TLS guidelines came out in January, and the German BSI also updated their guidelines in February. Lots of these overlap with the French ANSSI guidelines that were published in March and which you can already test against using Cryptosense Discovery.

How to Find Hard-Coded Keys
We’re all aware that hard-coded keys are a menace, with recent attacks showing how easily malicious people can exploit them, but how do we rid ourselves of them? In a recent webinar Graham discussed the details of some of these recent attacks and explained one method for eradicating this troublesome pest.

Why do we still have certificate outages in 2021?
Service outages caused by expired certificates should be a thing of the past thanks to powerful certificate management systems, but in practice they still occur. In a recent webinar Graham discussed the causes: shadow certificates, third-party software, last-mile failed renewals and faster deployment practices that require new tools to make sure you have visibility on all the certificates in your infrastructure. We’ll also be talking about this on our virtual booth at the Venafi Global Summit in May, let us know if you’re attending!

New Code Breaking Record for Quantum-Safe Cryptography
A team of cryptanalysts from Centrum Wiskunde & Informatica (CWI) has set a new code breaking record for an important computational problem: the lattice shortest vector problem (SVP). Lattice SVP is a foundation for the security of next generation public-key cryptography, designed to be secure against quantum computers. Much like factoring challenges helped us understand how long RSA keys should be, this work will help us understand how many dimensions a Lattice needs to be secure

To get the latest crypto news as it happens, subscribe to our Youtube channel.

Best,
Graham and the Cryptosense Team