READY, SET, RUSTLS! ?? ISRG has been investing heavily in the #Rustls TLS library over the past few years. Our goal has been to build a library that is both #MemorySafe and a leader in performance, with the aim of replacing less safe alternatives such as OpenSSL. The progress we have made in 2024 has brought us much closer to achieving that goal, with the next steps being widespread adoption. Progress we’ve made this year: ?? Benchmarking ?? Cryptographic Flexibility ?? Post-Quantum Key Exchange ?? OpenSSL Compatibility ?? NGINX Integration ?? Memory Efficiency ?? Encrypted Client Hello (ECH) Read all about it in our annual report: https://lnkd.in/ghPT6zZX
Internet Security Research Group (ISRG)的动态
最相关的动态
-
New releases on the way, with even more quantum-ready capabilities. Here are a few highlights in the latest EJBCA PKI and SignServer milestone releases: ??Hybrid certificate issuance (one certificates signed with two algorithms, one classic and one PQ), using the X.509 alternative key/signature standard ?? Flexible container deployments for EJBCA and SignServer ?? One-stop for all documentation at docs.keyfactor.com ?? Even easier to ditch legacy Microsoft ADCS ??? Improved transparency with SBOM and new capabilities in SignServer Read all about it in our latest blog! #PKI #postquantumcryptography #codesigning
Get Ready for Post Quantum with New EJBCA and SignServer Capabilities
keyfactor.com
-
Not bad on a WDC?WDS500G2B0A-00SM50. RocksDB has soliid write performance but we can see K4-GO across the board offer's more speed across all operations. K4-C is indeed lacking; I am working on the shared library optimizations. #k4 #opensource #storageengines #comparison
-
-
?I often get this question: "I want to use #quantum-resistant encryption, but how to show lay people that I am indeed using, for example, #Kyber-768?" ? Here’s how: The demo version of Wireshark in the OQC project maps the relevant fields in your network capture to the correct #PQC cipher suite. ??An even better (and recommended) option is to hybridize your key with a traditional cipher suite. When you also add a #QKD source, you achieve the strongest encryption available today, one that no brute force attack with unlimited resources can break. ?? As tested by my colleague Xinhua (Frank) Ling, PhD, CISSP, GCED, this hybrid key appears as “Unknown” in Wireshark, which in itself serves as proof that your connection is quantum-resistant. ?? Here is the link to the demos available in the Open Quantum Safe repo: https://lnkd.in/g6P3Z_3g so you can try it yourself. If you know other ways to show this in a presentation to your CISO, please share!
?? Super excited to announce that I've successfully revised the OpenSSL v3.3 library suite to empower it with *3-party-hybrid keys* generated by classical (ECDH) + PQC + QKD, further enhancing the security of the ubiquitous TLS, following the defense-in-depth principle. ? This work opens the door for QKD to serve the Transport Layer (L4), which means it can now support a significantly greater number of use cases (just think about all kinds of software applications using TLS!) than those at L2 and L3 combined (mostly link encryptors and routers). ? One salient benefit of this work is that any software currently using libssl.so.3 and libcrypto.so.3 can get the enhanced security *out-of-the-box* without any source code change, just with proper configuration on the host systems and a working QKD network to support them. ? The library utilizes ETSI GS QKD 014 standard APIs to obtain QKD keys. Therefore, it can work with any vendor's QKD devices that are ETSI 014 compliant. ?? National Institute of Standards and Technology (NIST) just released three FIPS standards on PQC algorithms earlier this week. ?? Wireshark does not recognize the new 3-party-hybrid group name yet, so it shows "Group: Unknown" ?? #PQC #PostQuantumCryptography #QKD #QuantumKeyDistribution #DefenseInDepth Disclaimer: this post presents my personal opinions only and not my employer's.
-
-
?? Transitioning to Post-Quantum Cryptography? Here's your starting point. ?? As #NIST finalizes its #PQC standards, there’s no better time to dive into PQC migration for #TLS 1.3. In this blog, we unpack a simplified TLS example and highlight the key dependencies for a smooth transition. Read now. ??
Practical Advice for PQC Migration for TLS 1.3
appviewx.dsmn8.com
-
?? Transitioning to Post-Quantum Cryptography? Here's your starting point. ?? As #NIST finalizes its #PQC standards, there’s no better time to dive into PQC migration for #TLS 1.3. In this blog, we unpack a simplified TLS example and highlight the key dependencies for a smooth transition. Read now. ??
Practical Advice for PQC Migration for TLS 1.3
appviewx.dsmn8.com
-
?? Super excited to announce that I've successfully revised the OpenSSL v3.3 library suite to empower it with *3-party-hybrid keys* generated by classical (ECDH) + PQC + QKD, further enhancing the security of the ubiquitous TLS, following the defense-in-depth principle. ? This work opens the door for QKD to serve the Transport Layer (L4), which means it can now support a significantly greater number of use cases (just think about all kinds of software applications using TLS!) than those at L2 and L3 combined (mostly link encryptors and routers). ? One salient benefit of this work is that any software currently using libssl.so.3 and libcrypto.so.3 can get the enhanced security *out-of-the-box* without any source code change, just with proper configuration on the host systems and a working QKD network to support them. ? The library utilizes ETSI GS QKD 014 standard APIs to obtain QKD keys. Therefore, it can work with any vendor's QKD devices that are ETSI 014 compliant. ?? National Institute of Standards and Technology (NIST) just released three FIPS standards on PQC algorithms earlier this week. ?? Wireshark does not recognize the new 3-party-hybrid group name yet, so it shows "Group: Unknown" ?? #PQC #PostQuantumCryptography #QKD #QuantumKeyDistribution #DefenseInDepth Disclaimer: this post presents my personal opinions only and not my employer's.
-
-
KR2280V1, KR4268V2, KR6298V2 -- what do these numbers mean? Here's a helpful guide to understanding Aivres #server model names so you can quickly decipher which product in our diverse portfolio is right for your business. https://buff.ly/4dvixh1
-
-
Enterprise Sales | Channel & Partner Strategy | Driving Revenue Through Strategic Partnerships
Check out Keyfactor's quantum-ready capabilities in the latest EJBCA PKI platform and SignServer digital signing milestone release. Here are a few highlights: ?? Flexible container deployments for EJBCA and SignServer ?? One-stop for all documentation at docs.keyfactor.com ?? Even easier to ditch legacy Microsoft ADCS ??? Improved transparency with SBOM and new capabilities in SignServer Read all about it in our latest blog! #PKI #postquantumcryptography #codesigning
Get Ready for Post Quantum with New EJBCA and SignServer Capabilities
keyfactor.com
-
On the last day of #LinuxPlumbers, Kumar Kartikeya Dwivedi (EPFL) took a look at how we could redesign the network stack in a backward compatible way to improve its efficiency without losing isolation. Basically the holy grail of network stack research (dataplane OSes, kernel bypasses, kernel offloads). He thinks #eBPF could help implement a new Fibers abstraction to solve this problem. Slides: https://lnkd.in/eXVUptDb Recording: https://lnkd.in/e8Ywfjft
-
