Exploits Against Legacy Encryption – A Conversation with Cisco
You should already realize that you cannot just change your standard encryption algorithms and key lengths on a moment’s notice. Those are decisions that you made after careful research and testing. So while you might have some cryptography in place that isn’t the latest and greatest Elliptic Curve or Quantum Cryptography fad, you’re confident that it adequately protects your assets.
Or at least you selected cryptography that protected against known attacks when you selected it. And that’s the problem. Attackers never stop looking for exploits, be they weaknesses in the algorithm, attackable key sizes, or using Moore’s Law to simply brute force the math.
At the RSA Conference I had the pleasure of discussing a new type of possible attack against legacy encryption with Cisco Fellow David McGrew. He explains the potential weakness of 64-bit block ciphers including the American Data Encryption Standard (DES) and Triple-DES algorithms as well as the Soviet GOST 28147-89.
David and I we discuss the potential attacks as well as the fact that Triple-DES, or 3DES, is actually a 168-bit block cipher that uses three iterations of DES. Because 3DES is frequently used in IT today that topic is especially interesting. In fact, if your infrastructure supports mobile platforms like Apple iOS or Google Android, you probably have 3DES implemented right now. That makes watching this video even more important for you.
Check out the video of myself with David McGrew.
Be well and be safe!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor
Agile Methodology in Project Management
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
JavaScript for C# Developers – September 24, 2014
Is JavaScript worth taking the time to learn if I’m a server-side .NET developer? How much of C# carries over to JavaScript? In this recorded video from Dan Wahlin’s webinar on September 24,2014, Dan answers these questions and more while also discussing similarities between the languages, key differences, and the future of JavaScript (ES6). If … Continue reading JavaScript for C# Developers – September 24, 2014
Detailed Forensic Investigation of Malware Infections – April 21, 2015
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015
Write a Comment
See what people are saying...
Share your thoughts...
i just want know about ccnax…which one is good ccna or ccnax…and what about course ccnax…can u send me the new course of ccnax…