Tag: cryptography

Although we are dealing mostly with asymmetric encryption here at Trustica, truth is that in the end you need to encrypt stuff using some symmetric algorithm. Just exchanging the symmetric keys is not enough - the symmetric cipher must be built from strong cryptographic primitives creating both confusion and diffusion. Read on to find out what one of my Cryptography class students proposed.

After creating a robust solution for mail sending, filtering, delivering and storing, one starts wondering how to add more confidentiality and integrity to such communication setup security mix. DKIM signatures and SPF records are mostly helpful for fighting spam, but for an targeted attack they pose little to no threat. And as targeted attacks are always really big threat, this does not make the situation look very optimistic for the email user. Nowadays, there are at least two major standards used for securing email communication. Both have their advantages and both have their disadvantages - so let's have a closer look at both of them. And as you can probably guess, we are getting closer to our goal of securing email communication using at least one of these standards.

As I have had to give a talk about elliptic curve cryptography for the testing community in Czech Republic at the regular pro[test] event held in Prague two weeks ago, I wondered what could be actually tested about ECC in real-world scenarios. As I was digging through my notes, I realized there is something everybody really hates - waiting for web page to load. And with HTTPs everywhere now the crucial part slowing the whole browsing experience down is how fast the connection can be established. That is because encrypted connection requires exchanging quite a lot of information at the beginning and can go on without much overhead afterwards.