We are glad to declare that have received cross-signatures from IdenTrust. It means that now our certificates are considered entrusted in the majority of the main browsers. It is significant boundary: now all visitors of websites on whom the certificate of Let's Encrypt is set can enjoy safe viewing of Internet pages without any additional settings.
Both intermediate certificates of Let's Encrypt (Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2) have received cross-signatures. Web servers need to be configured now to service the suitable cross-signature of the certificate. The client of Let's Encrypt will make it automatically.
You can look at example of the server which uses the certificate of Let's Encrypt according to this link.
2 years, 11 months ago
On the next couple on "Information security" the teacher has given us task to think up own cryptography technique. The idea about happy unusual (and can and is not present) method has come at once to mind. That from this left, read under cat.
2 years, 11 months ago
In June, 2015 in Russia the standard of block encryption — GOST P 34.12-2015 has been accepted. It became interesting to me to integrate this GOST (more precisely, polynom which is used in it) and Blom's scheme.
The manager of files 1Password has declared change of format of files in which information of users is stored. The company has decided to take these actions in response to Dale Myers's post, the worker of Microsfoft which has found vulnerability in the current format. So, Myers has studied the .agilekeychain file left 1Password and has found out that metadata are not ciphered, and plain text are stored almost in open form. And as 1Password — rather popular password manager, data of many hundreds of thousands of users can be compromised.
If someone gets access to the corresponding file, this person without problems can receive information on the sites on which the user logged in recently. There is also opportunity to obtain data on bank account of the user, and to learn, what sort of the license for software have been acquired. All this information allows to address to bank from user name, plus the malefactor can reset all passwords. Plus to everything, Google indexes keychain-a of the users providing simple access to the different sites.
.agilekeychain — is directory where there is file 1password.html. All data of the user are stored in the file 1Password.agilekeychain/data/default/contents.js.
At the beginning of year I recommended to update SSL/TLS the certificates having the signature with algorithm of SHA-1. Now it did not become simple the recommendation, and warning.
Recent news have shown — assessment of that receiving collision for SHA-1 will be quite available to the criminal world by 2018, it was optimistical. Mark Stephens, Pierre Carpmen and Thomas Peyrin (they hope will forgive me for such transfer of their names) have published article and the press release in which urge to refuse SHA-1 as soon as possible. They show that creation of the counterfeit signature based on SHA-1 now can cost about $100 one thousand that quite on pocket to underworld, but not $700 one thousand as the famous cryptographer Bruce Schneier expected 2015.
2 years, 11 months ago
In this post we would like to acquaint Habr's users with basic rules of programming of cryptographic algorithms. This rule set under the name "Standard of Cryptographic Programming" ("Cryptography coding standard") has been created in 2013 at the initiative of one of the guru of modern cryptography Jean-Philippe Omasson. In spite of the fact that the approaches described in it are well-known that who professionally is engaged in protection development of systems, to beginners and students, we think, it will be interesting to study the offered text which is transfer of rule set from the site cryptocoding.net.
The member of team of Google Project Zero James Forshou (James Forshaw) has found two critical vulnerabilities in the TrueCrypt driver which the program installs in Windows-systems. Errors of safety of CVE-2015-7358, CVE-2015-7359allow malefactors to carry out escalation of privileges, having acquired full authority of the administrator and access to all data of the user even if they are ciphered.
2 years, 12 months ago
Unnoticed on Habré was incident with release of the certificate for google.com and www.google.com domains by the certifying center of the Symantec company. About it it is reported in the blog of "corporation of good".
The certificate has been issued on September 14 approximately at 19:20 (GMT) by the certifying Thawte center (belongs to the Symantec company) without permission or request from Google. And not the simple certificate, but Extended Validation (EV). Thus, it is the first recorded case of illegal release of EV of the certificate.
In the post, I would like to tell about the symmetric algorithm of enciphering of RC5 and my version it to implementation on python. This algorithm is developed by the famous cryptolog Ronald McDonald Rivest — one of system builders of RSA and founders of the firm of the same name. By number of users of RC5 costs in the same row with such known algorithms as IDEA and Blowfish. The abbreviation of RC designates, on different sources, either Rivest Cipher, or Ron's Code that in total gives us "Ron Rivest's cipher". Become interested I ask under kat.