Hash Algorithms
Cyber Attacks, Code Signing, and the Digital Supply Chain
Hello again! Welcome to my second blog. Going to shift gears a bit from my personal PKI journey to discuss cyber-attacks. With the recent SolarWinds and Colonial Pipeline incidents, cyber-attacks have been dominating the news. These are just two of the latest in a string of attacks that are becoming all too frequent. These assaults…
Read MoreAnnouncing the Online PKI Assessmental Portal
I am extremely proud to announce that today we have launched our Online PKI Assessment Portal. This new service is the first of its kind to offer online, automated, self-paced review and assessments of Microsoft ADCS based PKIs. We have been performing onsite PKI Assessments for customers for years now. Typically focused on the design,…
Read MoreAre You Preparing for Quantum?
Quantum supremacy is looming…some year in the future. However, contrary to what you may have heard, the advent of quantum computing won’t spell the end to encryption as we know it. That is, if enterprises take the necessary steps to prepare for a post-quantum future. Enterprises must begin the process of assessing their current systems,…
Read MoreRSASSA-PSS – Why Your Certificate Can’t Be Validated
A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA…
Read MoreCertificate Template Request Hash – The Real Story
With a lot of focus on moving from SHA1 to SHA256, one question that I get a lot of is how to get certificates issued with SHA256. The short answer is that a CA signs everything is creates with a single hash signature algorithm. There is no mechanism that enables per-template based signature hash specification. So…
Read More