Matrix messaging security is so tight that I can't even decrypt my own messages after signing into other Matrix clients. Let me know if I'm wrong.
#Matrix #EndToEndEncryption #SecureMessaging #PrivacyTech #DecentralisedWeb #ElementClient #EncryptionIssues #DigitalSecurity #TechChallenges #OpenSource #CrossDeviceSync #Cybersecurity #MessagingApps #MatrixProtocol #KeyManagement
AWS CloudHSM là dịch vụ Hardware Security Module (HSM) trên đám mây, cho phép tổ chức tạo, lưu trữ và quản lý khóa mã hóa trong phần cứng chống can thiệp. Tuân thủ FIPS 140-2 Level 3, hỗ trợ PKCS#11, JCE, OpenSSL, tích hợp DevSecOps để bảo vệ dữ liệu, ký số và đảm bảo tuân thủ (PCI-DSS, HIPAA). Quản lý qua AWS CLI/SDK. Thanh toán theo giờ, không cam kết trước.
#CloudHSM #AWSServices #DevSecOps #Security #FIPSL3 #KeyManagement #MãHóa #BảoMật #TuânThủ #CloudSecurity
There is something darkly funny about one of the world's leading cryptography communities having to cancel its own leadership election because a decryption key walked off into the void. Oops. 😬 A failure of governance, key management, and the very human tendency to treat operational tasks as afterthoughts in systems that look elegant on paper.
The voting system was solid: Helios, with verifiable, privacy-preserving ballots and a split key held by three trustees so that no two people could quietly rewrite the result. Then, everyday life intervened. One slice of key material is "irretrievably lost," and suddenly the only honest option is to throw out the entire election and start over. That's what happens when resilience to human error isn't a part of the threat model.
The real lesson for CIOs and security leaders is simple: if your system assumes perfect humans, it is already broken. Cryptography gives you strong guarantees right up until someone misplaces a token, fails to back up a shard, or stores a key in the wrong place. Good design assumes keys will be lost, people will be unavailable, and someone will eventually click the wrong button on a bad day.
This is why key management, recovery procedures, and threshold designs matter more than the logo on your algorithm. Always, always build for messy, imperfect human behavior: clear key ownership, documented handover, tested recovery drills, and quorum-based access that can tolerate one person making a mistake without taking the whole system down. The irony is that the more advanced your cryptography becomes, the more mundane your operational discipline needs to be.
TL;DR
🧠 Strong crypto fails fast when key management is weak
⚡ One lost key can nullify an entire election
🎓 Design systems that expect human error, not perfect behavior
🔍 Treat key governance and recovery as core security, not boring paperwork
#CyberSecurity #Cryptography #KeyManagement #CIO #security #privacy #cloud #infosec
International Cryptology Association Loses Crypto Keys, Voids Leadership Election
#Cybersecurity #Encryption #Security #IACR #Cryptography #ElectionSecurity #HumanError #Voting #Governance #KeyManagement #HeliosVoting #Privacy
That said, I am glad that IACR is addressing this "human mistake" by making a "system design change" to a 2-of-3 quorum for the re-run.
https://www.iacr.org/news/item/27138
#IACR #Cryptography #KeyManagement #InfoSec #OPSEC #Elections
Diving into the rabbithole of multi/hybrid cloud environments with regard to encryption, key-management, certificates, IAM etcetera. Big fun 😀
Always looking for recent and relevant literature on this subject.
#cloud #iam #encryption #certificates #cybersecurity #keymanagement
🔐 Tired of SSH keys that never expire?
New blog post: SSH Authentication Key Rotation: Why and How to Expire SSH Keys
• How to use AuthorizedKeysCommand
• Custom JSON-based expiry config
• Lightweight alternative to SSH CAs
Read it here:
➡️ https://richard-sebos.github.io/sebostechnology/posts/SSH-Auth-Key-Rotation/
DSGVO, Cloud und das Märchen vom sicheren Rechenzentrum
Oder: Warum Hetzner kein Zauberschloss ist und AWS kein dunkler Wald
TL;DR
Wer seine Schlüssel nicht kennt, ist nicht sicher. Wer BYOK nicht versteht, ist nicht compliant.Und wer Cloud-Skepsis verkauft wie Omas Lebensversicherung, gehört nicht in den Maschinenraum der IT.
[…]
#GhostTips #DeadSwitch #EncryptionIsPower #KeyManagement #ProtectTheKey #DigitalVault #OPSECFirst #CryptoMindset
The European Union Agency for the Space Program is looking for a Crypto Custodian, implementing and auditing security practices for the Galileo and secure SATCOM programs (GOVSATCOM & IRIS2).
### Applied Murphy's Laws for Cryptography (Loose Interpretation)
1. **Law of Encryption Complexity:**
The more complex the encryption algorithm, the faster someone will find a simple way to break it.
2. **Law of Limited Time:**
When there's no time to generate the perfect key, "1234" becomes the default password.
3. **Law of Trust:**
The greatest vulnerability in any cryptosystem is the person using it.
4. **Law of Privacy Illusion:**
The moment you feel completely anonymous, someone will access your metadata.
5. **Law of the Forgotten Key:**
If a private key is created and perfectly secured, you’ll lose access to it at the worst possible moment.
6. **Law of Overconfidence:**
"This algorithm is unbreakable" — until a student proves otherwise in their thesis.
7. **Developer’s Law:**
The best cryptographic solution you design will be broken by your own testing team.
8. **Law of Universality:**
The more universal the crypto algorithm, the more exposed it is to attacks on its weak points.
9. **Law of Resource Economy:**
Every cryptosystem is a compromise between security and performance, but breaking it will always be faster.
10. **Law of Government Interference:**
If your algorithm is good enough to thwart hackers, regulators will demand a backdoor.
11. **Law of the Attacker:**
Your cryptography is never too complex for a hacker, but always too complex for the average user.
12. **Law of Unforeseen Flaws:**
Every algorithm has a vulnerability, but you'll discover it only when it's too late.
13. **Law of Urgent Updates:**
The moment you deploy a new cryptosystem, its algorithm becomes outdated by current standards.
14. **Law of Retrospect:**
"No one will break RSA in our lifetime" — until quantum computers prove otherwise.
15. **Law of Entropy:**
The more complex the password, the more likely the user is to write it on a sticky note and attach it to their monitor.
16. **Law of Crypto-Anarchy:**
The more secure your system, the more it annoys governments and corporations.
17. **Law of Simplicity:**
If something in cryptography looks too simple to be broken, it's already been compromised.
18. **Key Length Law:**
The moment you double the key length, someone finds an attack that breaks both the old and new versions.
19. **Law of Paranoia:**
In cryptography, you’re either not paranoid enough or already too late.
20. **Law of the Last Test:**
The biggest vulnerability will be discovered one minute after the system goes live.
---
### **Hashtags (23):**
#MurphysLaw #Cryptography #CyberSecurity #Encryption #DataProtection #Privacy #DigitalSecurity #CryptoFails #QuantumComputing #Hacking #PasswordSecurity #CryptographicAlgorithms #CyberThreats #DataEncryption #KeyManagement #ParanoiaInSecurity #UnbreakableCode #SecurityFlaws #BackdoorThreat #ITHumor #TechAnarchy #StickyNotePasswords #QuantumThreats #cryptoinsights
Chanson des clés #keymanagement
https://youtube.be/watch?v=e3Z4C62ZNzY
Implement Azure Key Vault to securely store and manage your sensitive keys, secrets, and certificates in the cloud, ensuring their confidentiality and integrity. #AzureKeyVault #KeyManagement
Signal under fire for storing encryption keys in plaintext
https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/
#Signal #Privacy #Encryption #Cybersecurity #Messaging #DataProtection #SecureComms #DesktopApp #Vulnerability #InfoSec #DigitalSecurity #EndToEnd #PlainText #KeyManagement #TechNews #PrivacyBreach #SecurityAlert #Cryptography #DataSafety #MobileApps #UserPrivacy #SecurityFlaw #EncryptionKeys #Tech #MessageSecurity #PrivacyRisk #SecureMessaging #CyberRisk #DataExposure
🔒 Encryption Monday 🔒
Cyrill Krähenbühl and Adrian Perrig, both of ETH Zurich, are authors of our study on Trends in Data Protection and Encryption Technologies. They wrote a chapter about #keymanagement.
🔑 Key management is a central part of cryptographic systems. Part of key management is the creation, secure storage, distribution, recovery, and use of keys.
📈 In particular, advances in hardware security modules and the development of low-cost as well as high-quality random number generators present opportunities for secure and affordable key management. However, challenges such as quantum resistance require new key management systems.
📡 Key management also offers potential for the military to develop new systems through cryptographic keys.
📗 Study Trends in Data Protection and Encryption Technologies: https://lnkd.in/ebjKZSZr
🔜 Stay tuned for next week's encryption technology.
#EncryptionMonday #Securepositioning #Securelocalization #DataProtection #CyberSecurity
The #SMB market lacks affordable, off-the-shelf solutions for encrypted #LTO9 backups. However, there are effective #DIY options if you have basic knowledge of encrypted filesystems and #LTFS. While self-service requires more effort, cloud providers are all vastly more expensive at scale—and often still use the same basic equipment, minus robotic tape libraries and #keymanagement capabilities. You also won't need to trust your cloud provider with secret keys, manage third-party key escrow, or courier physical tapes for large-scale ransomware recovery operations.
If you don't already have a cost-effective plan for ransomware recovery, it's never too late to start—unless you wait until after your online systems have been compromised, of course. Please don't do that!
Came over the SSH-provider of 1Password. Wouldn't recommend in terms of how it doesn't allow for using a security key or even the Secure Enclave on macOS.
Could serve well for public keys used internally due to its traceability though.
https://1password.community/discussion/127278/storing-just-public-ssh-keys
https://blog.1password.com/1password-ssh-agent/
My web application needs to have my users' private keys to sign documents on their behalf. How do I handle that?
https://security.stackexchange.com/questions/269107/my-web-application-needs-to-have-my-users-private-keys-to-sign-documents-on-the
#digitalsignature #keymanagement #cloudstorage
In a web application, what would you consider the best way to store secret keys obtained via an SDK?
https://security.stackexchange.com/questions/268917/in-a-web-application-what-would-you-consider-the-best-way-to-store-secret-keys
#secretsmanagement #webapplication #keymanagement #localstorage #iframe
How do I best share a shared account's private key?
https://security.stackexchange.com/questions/268116/how-do-i-best-share-a-shared-accounts-private-key
#keymanagement #websites #oauth
