Post-Quantum TLS 1.3 and SSH Performance (preliminary results)
So far, the industry has been testing post-quantum key exchange and authentication separately in a quest for a quantum-secure future. We recently have been experimenting with TLS and SSH using both post-quantum key exchange and authentication. The preliminary results are promising for some algorithms.
Post-quantum MACsec in Cisco switches
Quantum Computers could threaten encryption tunnels like IPsec, MACsec, and TLS. MACsec is an authenticated encryption protocol that, if appropriately configured, can be quantum-safe. The whitepaper shows how.
Promising Results for Post-Quantum Certificates in TLS 1.3
Quantum Computers could threaten the security of TLS key exchange and authentication. To assess the performance of post-quantum certificates TLS 1.3, we evaluated NIST Round 2 signature algorithms. See results.
Collaborating with NCSU to deliver certificate validation and crypto validation reusable implementations.
Cryptography is very important in today’s world. Improper or maliciously altered crypto implementations have been a concern for the industry in recent years.
Towards Backward-Compatible Post-Quantum Certificate Authentication
Quantum computers would pose a threat to PKI algorithms and systems as we know today.
Collaborating with NCSU to promote lightweight crypto validation and assessment
Cryptography is very important in today’s world. Improper or maliciously altered crypto implementations have been a concern for the industry in recent years. To alleviate the risk, Cisco has been working with the industry, the National Institute of Standards and Technology (NIST) and other international organizations on finding ways to validate crypto implementations and speed […]
Taking certificate enrollment to the next level
Bouncy Castle adds support for EST Note: We would especially like to thank the Crypto Workshop team for their contributions to this post and the fruitful collaboration. Recently Crypto Workshop has been working on adding support for the EST protocol in Bouncy Castle (BC) Cryptography APIs. Bouncy Castle (BC) is a prominent library that provides cryptography […]
Lessons Learned from Testing Cisco EST Implementations with Entrust Datacard
[Note: We would especially like to thank the Entrust Datacard team for their contributions to this post and the fruitful collaboration. More info at Entrust Datacard’s Digital DNA blog series and Twitter handle (@entrustdatacard).] Products and solutions do not operate in silos. In technology, interoperability is a top priority. Thus, making a transition to different communication […]
FIPS and Deterministic ECDSA: Achieving robust security and conformance
Digital signatures are used to verify the authenticity of a message. For example, when a message is signed, the verifier can rest assured that only the signer could have signed it. ECDSA and DSA are two widely used, standardized digital signature schemes. In order to sign a message, internally both of them require the use […]