Cryptography

This Week's [in]Security - Issue 172 | insecurity | Control Gap
13 min read

This Week's [in]Security - Issue 172 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Twitter Hack/Breach. Facebook Ad boycott. Covid-19: Spread, Curves, Spikes & Waves. Lockdown, Reopening, & The...

Read More >
NIST is Sunsetting Triple DES - so what will the Financial Industry do?
2 min read

NIST is Sunsetting Triple DES - so what will the Financial Industry do?

NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple DES by...

Read More >
NIST Update to Format Preserving Encryption Standard affects PCI Use Cases
4 min read

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation...

Read More >
NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe | blog,pci,cryptography | Control Gap
7 min read

NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe | blog,pci,cryptography | Control Gap

Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography. In 2016,...

Read More >
7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise | blog,pci,cryptography | Control Gap
2 min read

7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise | blog,pci,cryptography | Control Gap

Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has...

Read More >
SHA-1 Is Dead!
2 min read

SHA-1 Is Dead!

History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1. The...

Read More >
Why the Apple vs. FBI Dispute Is A Good Thing
4 min read

Why the Apple vs. FBI Dispute Is A Good Thing

The Internet and mainstream media has been ablaze with articles and opinion pieces about the dispute between the FBI and Apple over an iPhone used...

Read More >
Sunset of SSL Extended | blog,pci,cryptography | Control Gap
2 min read

Sunset of SSL Extended | blog,pci,cryptography | Control Gap

If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent announcement by...

Read More >
Must (FPE) be distinguishable from cardholder data for PCI?
3 min read

Must (FPE) be distinguishable from cardholder data for PCI?

Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI DSS. To...

Read More >