The NIST Announcement on Quantum-Resistant Cryptography Standards is Out. Act Now!

The NIST Announcement on Quantum-Resistant Cryptography Standards is Out. Act Now!

An over five-year-long process has come to a preliminary end: On July 5, 2022, NIST issued the long-awaited announcement of the winners of Round 3 of the NIST Post-Quantum Crypto (PQC) Standardization Process, that is, which quantum-resistant cryptographic algorithms NIST has selected for standardization.

Read more
NIST PQC Finalists Update: It’s Over For The Rainbow

NIST PQC Finalists Update: It’s Over For The Rainbow

Last month, one of the three NIST finalists for post-quantum signature schemes has received its final nail in the coffin: Ward Beullens, a PostDoc at IBM Research, published a practical key recovery attack against the Rainbow signature scheme.

Read more
Understanding NIST’s Process on Post-Quantum Cryptography (PQC) Standardization

Understanding NIST’s Process on Post-Quantum Cryptography (PQC) Standardization

Most current public-key cryptography (asymmetric) algorithms are vulnerable to attack from large-scale quantum computers. In its efforts to standardize post-quantum cryptography (PQC), NIST has begun the process of evaluating several PQC candidates in order to standardize one or more public-key algorithms that are quantum-resistant.

Read more
Cryptomathic Integrates with CyberArk to Enable HSM-as-a-Service in Tier-One German Bank

Cryptomathic Integrates with CyberArk to Enable HSM-as-a-Service in Tier-One German Bank

Cryptomathic has completed a successful integration of its centralized HSM and cryptography management platform, Crypto Service Gateway (CSG), with the CyberArk Identity Security platform in a live setting at an unnamed tier-one German bank.

Read more
Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

This article discusses the misuse of X.509 certificates and keys in the SolarWinds attack and how Cryptomathic CKMS and CSG could help protect against such attacks.

Read more
The SolarWinds attack and best practices for code-signing

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Read more
Turning Cryptography into a Service - Part 2

Turning Cryptography into a Service - Part 2

Part 2 – Accelerating Time-to-Market

 

With the increase in e-commerce and electronic communications on the one hand and the growing challenges of cybercrime and data protection regulation, on the other hand, cryptography is becoming an increasingly important business enabler.

Read more
Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

The business world today is built on the pervasive use of cryptography, to authenticate people and processes, to secure communications, and to protect sensitive data.

Read more
The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The first practical chosen-prefix collision attack on SHA-1 was announced in January 2020 by researchers Gaëtan Leurent and Thomas Peyrin: “SHA-1 is a Shambles”.  

Read more