2 min read
NIST is Sunsetting Triple DES - so what will the Financial Industry do?
NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple DES by...
cryptography (2)
4 min read
NIST Update to Format Preserving Encryption Standard affects PCI Use Cases
Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation...
7 min read
NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe
Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography. In 2016,...
2 min read
7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise
Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has...
2 min read
SHA-1 Is Dead!
History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1....
4 min read
Why the Apple vs. FBI Dispute Is A Good Thing
The Internet and mainstream media has been ablaze with articles and opinion pieces about the dispute between the FBI and Apple over an iPhone used by...
2 min read
Sunset of SSL Extended
If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent announcement by the...
3 min read
Must Format Preserving Encryption (FPE) be distinguishable from cardholder data for PCI?
Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI DSS. To...
1 min read
PCI DSS Version 3.1 Has Arrived
The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration guidance:...