Security News
The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current...
Cryptography engineers often collaborate with cybersecurity teams to integrate robust cryptographic solutions into software, hardware, and network infrastructure, addressing potential...
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum...
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article: The first new algorithm Microsoft added to...
In this Help Net Security interview, Jean-Philippe Aumasson, discusses the writing and research process for Serious Cryptography, his latest book. With a career steeped in research and practical...
Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. Google started testing the post-quantum secure TLS key encapsulation mechanism in August and has now enabled it in the latest Chrome version for all users.
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping...
I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. "This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take"several years.
One of these standards is a generative AI content certification known as C2PA. C2PA has been around for two years, but it's gained attention recently as generative AI becomes more common. The C2PA specification is an open source internet protocol that outlines how to add provenance statements, also known as assertions, to a piece of content.
"NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." It's only four pages long, and it doesn't have a lot of detail-more "Volumes" are coming, with more information-but it's well worth reading. We are going to need to migrate to quantum-resistant public-key algorithms, and the sooner we implement key agility the easier it will be to do so.