A well-known security meme is that “encryption is easy, it’s key management that’s hard.” But while this may be true for certain encryption use cases, it’s most definitely not true across the board. It’s a convenient meme for vendors, of course, who’ll simply point at a “we use AES” or “we’re FIPS 140-2 validated” statement [...]
Entries Tagged as 'keys'
by Ramon Krikken | May 17, 2012 | 2 Comments
by Ramon Krikken | October 14, 2011 | 1 Comment
Yesterday at RSA EU 2011 I had a chance to present my “towards secure tokenization algorithms and architecture” talk, and it gave me an opportunity to validate some thoughts on the fundamentals of tokenization designs and attacks. One of my slides covered some lines from the PCI tokenization guidance, which I believe are well-intentioned but [...]