Informations about SSL certificates and networks security
Auto Added by WPeMatico
NIST has completed a study — it was published last year, but I just saw it recently — calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits … Read More “Calculating the Benefits of the Advanced Encryption Standard” »
This one is from NIST: “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.” It’s still in draft. Remember, there are many others. Powered by WPeMatico
NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions — it’s all in the 150-page report, though — but I do … Read More “AES Resulted in a $250-Billion Economic Benefit” »
This is interesting: Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant … Read More “NIST Issues Call for “Lightweight Cryptography” Algorithms” »
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.) Powered by WPeMatico
NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s … Read More “Changes in Password Best Practices” »
NIST is accepting proposals for public-key algorithms immune to quantum computing techniques. Details here. Deadline is the end of November 2017. I applaud NIST for taking the lead on this, and for taking it now when there is no emergency and we have time to do this right. Slashdot thread. Powered by WPeMatico
Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security … Read More “The Cost of Cyberattacks Is Less than You Might Think” »
NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance. Powered by WPeMatico