Guidelines on unsafe cryptographic algorithms
Posted on 18 March 2009.
Experts in the security community have indicted many commonly used cryptographic algorithms as insecure. Bases for these claims of insecurity often include advances in cryptographic research that have demonstrated previously unknown weakness in algorithms and advances in the computational power of readily available hardware.

In the face of an ongoing stream of advice from an active security community, the struggle for software developers has long been to differentiate problems that introduce real risk to their systems from hypothetical research focused on attacks that wonʼt be feasible in the mainstream for years.

This document by Yekaterina Tsipenyuk OʼNeil from Fortify provides best-practice guidelines for using modern cryptography in software systems. These guidelines are backed up by the research of the security community and strive to align themselves with the practical tradeoffs between maximal security and acceptable paranoia.

Even though there are a number of cryptographic primitives we could discuss, the "Crypto Manifesto" is limited to the following:
  • Cryptographic Hashes
  • Encryption and Encoding
  • Symmetric and Public Keys
  • Pseudo-Random Number Generators (PRNGs).


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Sep 19th