-
Simson Garfinkel on Spooky Cryptographic Action at a Distance
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an…
-
Practical Advice for PQC Migration for TLS 1.3
Numerous blogs and articles are urging security professionals to start migrating to quantum-resistant algorithms immediately. This urgency was heightened on August 13, 2024, when NIST finalized the FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) standards. In this article, I present a simplified example of a client establishing a TLS 1.3 connection to…
-
Friends don’t let friends reuse nonces
By Joe Doyle If you’ve encountered cryptography software, you’ve probably heard the advice to never use a nonce twice—in fact, that’s where the word nonce (number used once) comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every…
-
What You Need to Know About “Harvest-Now, Decrypt-Later” Attacks
As quantum computing leapfrogs at great speed, the spotlight is now on post-quantum cryptography (PQC). Recently, NIST released the first three PQC encryption algorithm standards, urging organizations to test the new algorithms and prepare their cryptographic infrastructures for the inevitable shift to quantum-resistant methods. This push for PQC readiness is driven by a growing concern…
-
Microsoft Is Adding New Cryptography Algorithms
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The…
-
2024: The year of growth for Tuta
One could call 2024 the year of growth for Tuta! From the launch of post-quantum cryptography for email, to a completely new look and feel with a beautiful new website, to an encrypted calendar app for Android and iOS, to the opening of our second office, 2024 has been packed with exciting developments. We’d like…
-
UI Improvement for Tuta Calendar
If you’re anything like us, your calendar app is your lifeline, and by the way, a private one. It’s where you organize everything—from work meetings to social gatherings—and sometimes, it feels like your entire life is neatly packed into those little squares. But, let’s be honest, even the most feature-packed calendar apps can get a…