InfoQ Homepage Cryptography Content on InfoQ
-
Keeping Credentials Safe, Google Introduces Cloud Secret Manager
In a recent blog post, Google announced a new service, called Secret Manager, for managing credentials, API keys and certificates when using Google Cloud Platform. The service is currently in beta and the intent of this service is to reduce secret sprawl within an organization’s cloud deployment and ensure there is a single source of truth for managing credentials.
-
Microsoft Patches Severe Crypto32.dll Vulnerability
Microsoft has released patches for various versions of Windows 10 and Windows Server 2019 and 2016 to fix a severe vulnerability affecting system validation of Elliptic Curve Cryptography (ECC) certificates. This vulnerability enables an attacker to spoof the validity of a certificate chain and signature validation and requires prompt patching.
-
BLAKE3 Is an Extremely Fast, Parallel Cryptographic Hash
BLAKE3 is the most recent evolution of the BLAKE cryptographic hash function. Created by Jack O'Connor, Jean-Philippe Aumasson, Samuel Neves, and Zooko Wilcox-O'Hearn, BLAKE3 combines general purpose cryptographic tree hash bao with BLAKE2 to provide a big performance improvement over SHA-1, SHA-2, SHA-3, and BLAKE2.
-
Poor Random Number Generation Makes 1 in Every 172 RSA Certificates Vulnerable
Research report by firm KeyFactor shows many IoT and network devices are using weak digital certificates that make them vulnerable to attack. Researchers Jonathan Kilgallin and Ross Vasko analyzed 75 million RSA certificates and found 1 in 172 keys share a factor with another, which means they can be easily cracked.
-
Microsoft Extends Azure Security Center Capabilities to Partners, Adds Automation
At the recent Ignite conference, Microsoft announced several updates to their Azure Security Center offerings. These updates include enhanced cloud resource threat protection, Customer Lockbox extensions, the release of a Secure Code Analysis toolkit, additional support for Azure Disk Encryption, certificate management extensions, API automation and partner integrations.
-
Recent Study Estimates That 50% of Websites Using WebAssembly Apply It for Malicious Purposes
A study published in June 2019 reveals that in the Alexa Top 1 million websites, one out of 600 sites execute WebAssembly (Wasm) code. The study moreover finds that over 50% of those sites using WebAssembly apply it for malicious deeds, such as cryptocurrency mining and malware code obfuscation.
-
Making 'npm install' Safe
At QCon New York 2019, Kate Sills, a software engineer at Agoric, discussed some of the security challenges in building composable smart contract components with JavaScript. Two emerging TC39 JavaScript proposals, realms and Secure ECMAScript (SES) were presented as solutions to security risks with the npm installation process.
-
Microsoft Releases Azure Bastion, Eliminating the Jumpbox Virtual Machine
In a recent blog post, Microsoft announced the preview of a secure remote desktop solution, called Azure Bastion, which does not require organizations to expose virtual machines using public IP Addresses. The platform as a service (PaaS) extends virtual machine connectivity using Remote Desktop Protocol (RDP) and Secure Shell (SSH) inside a modern web browser.
-
Cloudflare CIRCL Experiments in Post-Quantum Cryptography
Cloudflare has open-sourced CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library), a collection of algorithms for post-quantum (PQ), elliptic curve cryptography, and hashing for prime groups.
-
NGINX Plus Release 18 Available with Support for Dynamic Certificate Loading
NGINX has released version 18 (R18) of NGINX Plus, their all-in-one load balancer, content cache, and web server. This release includes support for dynamic certificate loading, enhancements to their OpenID Connect implementation, and the ability to specify port ranges for virtual servers.
-
Adiantum Brings Disk Encryption to Low-End Smartphones
Adiantum is a new encryption algorithm for low-end smartphones, smartwatches, and other Android Pie devices that are too slow to use the Advanced Encryption Standard (AES) standard for storage encryption.
-
Tink is Google Cryptographic Library for the Cloud, Android, and iOS
Tink is a multi-language, cross-platform cryptographic library developed by a group of cryptographers and security engineers at Google to help developers implement cryptography correctly without being cryptographic experts. Under development for the last two years, version 1.2 adds support for Cloud, Android, and iOS platforms, and C++ and Objective-C.
-
MIT Researchers Test Oracles and Smart Contracts on Bitcoin Lightning Network
The Massachusetts Institute of Technology (MIT) has revealed the results of their tests running smart contracts on the Bitcoin Lightning Network. Running smart contracts on the Bitcoin network isn’t necessarily new, however, the approach of using trusted entities called oracles with smart contracts is what makes their approach unique on the Bitcoin blockchain.
-
Coindesk 2018 State of Blockchain
Coindesk recently released their 2018 State of Blockchain report, which provides more than 160 pages of blockchain related research covering investments in top cryptocurrencies, enterprise blockchain solutions, raising capital through initial coin offerings, government, regulation and sentiment. InfoQ has analyzed this report and has compiled a list of key developments that impact our readership.
-
SaaS Platform for Managing Configurations Enters Private Beta
Config is a new SaaS offering for managing configuration files. Created by Bien David in 2017, the company looks to simplify how teams store and access configurations used by systems, apps, modules, environments, and server instances. InfoQ spoke to the team behind Config to learn more about how these problems are solved.