crypto

Intro to HSMs

Hardware Security Modules(HSMs) are basically dedicated cryptography devices, and are often one of the first links in the chain of trust in so much of what we do with technology today.  They allow you to offload sometimes computationally expensive, cryptographic functions like signing or encryption and are often required in industries whose regulations require tight control of private key material(e.g. banking, certificate authorities).  They also allow you to have reliable auditing capabilities and are designed to be extremely difficult to tamper with.  This article does not try to sway you one way or the other in terms of using an HSM, whether or not you need an HSM is usually determined by regulation or security requirements and not performance reasons. If you want are not interested how I arrived at the numbers, click here to see the results. Read Full Article

PKI vs. CA

First we need to get a few terms straight.  I have heard the terms public key infrastructure(PKI) and certificate authority(CA) sometimes used in conversation interchangeably.  The difference is that a CA by itself doesn’t perform all of the functions of a PKI.  PKIs contain CAs, but they also have other components like certificate revocation lists(CRLs), online certificate status protocol(OCSP) responders that allow clients a higher degree of certainty when assessing whether or not a certificate is valid, even things like policy, which allows you to specify what kinds of certificates or what attributes can be signed by CAs within the PKI.

What is AD CS?

Active Directory Certificate Services(AD CS) is made by Microsoft and it is what a lot of companies use for their PKI needs.  It works well, gives you nice ways to interact with it and runs on Windows Server.  You can request certificates through a (somewhat ugly) web interface, you can also request/issue certificates through a Microsoft Management Console(MMC),  you can request/issue certificates at the command-line with certutil/certreq.  AD CS even handles things like CRL publishing over FTP or SMB and running an OCSP responder, in concert with IIS.  Even though certificate revocation is utterly broken in the consumer world, many PKI uses in the enterprise, e.g. EAP-TLS, generally require revocation to be ‘working’.
Read Full Article

With the recent interest in TLS, due to Heartbleed and the concerns about privacy due to the actions of certain agencies responsible for national security, there has been some really good discussion about TLS and how it is implemented.  Many people have talked about cipher suites in the context of server configuration.  Basically they have talked about how to set up your servers to only use secure protocols(no SSLv2, and no SSLv3 if you can get away with it), secure key exchange(preferring Perfect Forward Secrecy mechanisms), secure symmetric ciphers(AES-GCM, AES-CBC, and 3-DES if you have to) and good integrity checks a.k.a. HMACs(e.g. not using MD5, SHA-1).  While I love this discussion and am glad it seems to be getting moving in the right direction, I think it is also important to talk about what is going on with clients.  The configuration of my servers is important to the people who connect to my servers(all twelve of you), but it doesn’t affect the rest of my web browsing.  If I’m on my banks website browsing with IE8 on Windows XP, the security of my web server configuration doesn’t make me any more secure :).  In this article I am going to talk about which cipher suites the different browsers support, how they negotiate, and I will speculate a bit on the different design decisions made by each vendor.  I will also list whether Server Name Indication is supported or not.  This isn’t really a feature that improves security per sé, but it is important in terms of moving things forward as IPv4 addresses get more and more scarce.

ciphersuitesanalysis
Read Full Article

I have been doing a lot of thinking about public key cryptography lately.  It is a topic that a lot of people don’t understand, even those with a technical bent.

Every time you connect to a secure site a lot of stuff, there is a lot going on in the background.

Myth 1: As long as things are encrypted, I’m secure.
This one is kind of obvious, but I bring it up to help point out a problem I see all the time.  People focus on the encryption part of TLS without realizing that public key crypto does more for you besides encryption.  The other major thing that you get with public key crypto is authenticity(verification that you are talking to who you think you are taking to).  If you are securely communicating with an attacker, you are not communicating securely.
Read Full Article