The Latest in IT Security

DUHK Attack Exposes Gaps in FIPS Certification

24
Oct
2017
DUHK Attack Exposes Gaps in FIPS Certification

screen-shot-2017-10-24-at-12-34-54-pm-680x400

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack (Don’t Use Hardcoded Keys), isn’t likely to be part of many threat models.

Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementation errors in admittedly ancient security appliances to trigger a vulnerability known for two decades in a pseudorandom number generator.

Read More

Leave a reply


Categories

THURSDAY, DECEMBER 13, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks