<- Back to all newsletters

September 2021

This Month:

  • Openssl 3.0 is here
  • How to make an application FIPS 140 compliant
  • How mature is your organization?
  • Cryptography jargon explained
  • What do Germany and France think about PQC?
  • We're hiring!

OpenSSL 3.0 is here
There are a couple of important changes that you need to know about. Firstly, the default cipher has changed from the old version of the PKCS#12 standard to the new PBKDF 2 version of the standard. Secondly, there are some interesting changes to the providers that can be called by the API. And thirdly, FIPS coverage has changed for OpenSSL 3.0 which is a big deal if you are using OpenSSL inside a product that is supplied to the US Government, or even if you're just using FIPS 140 as a benchmark security standard. Graham gives us a full roundup of all the key changes over on YouTube.

How to make an application FIPS 140 compliant
After the success of our first FIPS cryptography webinar we felt that the subject merited a closer look so last Thursday Graham talked us through how to get an application with unknown or non-compliant cryptography to pass a FIPS or FedRAMP audit. Catch the recording here.

How mature is your organization?
In response to enquiries from customers, we've designed a Maturity Model to help organizations of all sizes to assess their cryptography lifecycle management maturity. We use 4 key metrics: people, visibility, control, and compliance. The value of the maturity model is to give a high-level overview which helps to identify these gaps, and set priorities for action. See how your company matches up.

Cryptography jargon explained
Jarred has thoughtfully written a blog piece for us containing a glossary of all those terms and acronyms that you know you should know, but you actually don't. Let us know if there are any more we should include.

What do Germany and France think about PQC?
The US entity NIST is leading the research project into post-quantum resistant algorithms, but what do Europeans think about it? In this video Graham explains why there is a difference in priorities and methodologies on the other side of the pond.  

In other PQC news, researchers at Berkley have recently presented a polynomial-time quantum algorithm for solving the Bounded Distance Decoding problem with a sub-exponential approximation factor on a class of integer lattices. The quantum algorithm allegedly achieves an exponential speedup compared to the best known classical algorithm, and is the first example of an exponential speedup on a general lattice problem not connected to number theory. This discovery could make quite a difference to the NIST PQC competition, although there is already some controversy surrounding these results.

We're hiring!
Are you interested in solving the problem of cryptography management at scale? We're hiring in both our development and sales teams. Check out our current vacancies here.

To get the latest crypto news as it happens, subscribe to our Youtube channel.

Graham and the Cryptosense Team