Conversations about cryptography are common place in the cyber-security world. One can find security professionals discussing everything from PKI to issues with RSA. But while we are discussing issues with algorithms, implementation of cryptographic protocols, authentication algorithms, and other such topics, we often lose sight of a fundamental part of the entire process – key generation.
CRYPTO BLOGA collection of cryptographic articles and resources
Generating Cryptographic Keys: Will Your Random Number Generators (PRNGs) Do The Job?
Simplifying the Complex Process of Auditing a Key Management System for Compliance
This article explains some of the cryptographic key management tasks involved in demonstrating and proving compliance to acceptable standards, and how this process can be simplified by centralization, automation, and adequate preparation.
Key Management Interoperability Protocol (KMIP): achievements and challenges
The Key Management Interoperability Protocol standard intends to provide interoperability across various key management environments and hence to reduce costs and increase efficiency of heterogenious cryptographic applications.
However, there are 3 tendencies which challenge the current standard and its interoperability protocol: a) the shift of a big share of internet traffic towards mobile communications, b) the growing Internet of Services with the related service-based communication and c) the advance of cloud computing.
This article first looks at the achievements of KMIP so far, then sheds light on the current challenges to and shortcomings of the protocol and tries to provide answers and solutions to these in the remainder of the article.
What is Key Management? a CISO Perspective
Key management refers to managing cryptographic keys within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level. A key management system will also include key servers, user procedures and protocols, including cryptographic protocol design. The security of the cryptosystem is dependent upon successful key management.
This article introduces into key management from a perspective of a CISO or any person in charge of maintaining information security within an organization.
How to Deploy and Manage Cryptography in a Project the Right Way
With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers. Cryptographic implementations are often considered to be a project bottleneck due to its time consuming nature and increasing cost within IT budgets.
In recent years, cryptography has been identified as an area that required further innovation to meet the needs of large businesses. Organizations are facing multiple challenges with the implementation and ongoing maintenance of cryptography on both new and legacy systems. In this article, we present a few recommendations based on Cryptomathic’s approach to simplifying the implementation of cryptography in a project.