I wanted to share an interesting development in the NSA’s quest to have their lightweight cryptographic tools (i.e., tools for constrained environments such as Internet of Things (IoT) and implanted medical devices (IMD)) “Simon” and “Speck” adopted by the International Organization for Standards (ISO – ever wonder why it’s ISO instead of IOS, ISO provides […]
The NSA’s Simon and Speck: Trust versus Security Read More »
It’s official. SHA-1 has been broken. As reported on pretty much every tech-focused news source and blog yesterday, two PDFs were created resulting in identical SHA-1 hashes. For years, security experts and cryptographers from industry to government, have warned against the use of SHA-1 as it was theoretically broken, just not practically (well…that we know
Digital signatures verify the authenticity of digital messages through the use of a cryptographic hash function and asymmetric encryption. It provides message integrity (via the hash function and encryption), authentication (via encryption), and non-repudiation (via asymmetric encryption).
Digital Signatures Read More »
Hashed message authentication codes (HMAC) are a type of message authentication code employing a cryptographic hash function and secret key. It provides message integrity (via the hash function and encryption) and authentication (via encryption). It does not provide non-repudiation, as it uses a symmetric key which anyone can use to sign a message (no guarantee
A secure hash is a one-way cryptographic hash of a message whose producing algorithm should be intentionally slow. Why is the latter part important? It combats against brute-force and word list attacks. That is, it requires so much time to create a hash from an attempt, searching the entire password space becomes infeasible. To increase
Secure password hashing Read More »
In Java, the java.util.Properties class allows access to persistent properties defined in a file. Those values are kept as key=value pairs. For sensitive data (such as passwords or access codes), these files provide direct access to the values by simply opening them. Therefore, it is sometimes necessary to encrypt those values. In this post, I
Encrypted Properties Read More »
This post will discuss AES 256 in Java. To achieve the desired key length of 256, the Java Cryptography Extension (JCE) must be installed. If you’d rather not worry about adding the files for the JCE, simply change keyLength in AESTest.java from 256 to 128 (the maximum limited strength key length).
Java is capable of unlimited strength cryptography, just not out of the box. As the README from the Java Cryptography Extension (JCE) states, “Due to import control restrictions of some countries, the version of the JCE policy files that are bundled in the Java Runtime Environment, or JRE(TM), 8 environment allow ‘strong’ but limited cryptography
Install Java Cryptography Extension Read More »
A message digest is simply a one-way cryptographic hash of a message. In theory, the results cannot be reversed; i.e., retrieving the message from the hash (hence, this is not a form of encryption, but a check). Message digests are commonly used to, e.g., sign messages, validate downloads, and protect passwords (in legacy instances –
Message digest (one-way cryptographic hashing) Read More »
