 |
Post Auxn0TENvZUXRRY4Qa by [email protected] |
 |
More posts by [email protected] |
|
Post #AuxlUrkd7weKGhzrtI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
It's not just me, right? Post-quantum crytography aka #PQC, especially quan… |
|
|
|
Post #AuxmGQ7x8QxIUja7Wq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb bb84 is just alright |
|
|
|
Post #AuxmJL8w7eHzuCQxgu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb Some of the math nerds make claims on theory, but the vendors all seem to… |
|
|
|
Post #AuxmJLEbmYpIBn5UX2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w right exactly. I mean, traditional cryptography like elliptical curve and… |
|
|
|
Post #AuxmWl8KnoASHGYEGO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb it's been running in production for quite a while now; Cloudflare has… |
|
|
|
Post #Auxmdl6DKOLYCMtfDE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb also: the timeline of regulatory compliance / PQC adoption is entirely se… |
|
|
|
Post #AuxmnQMDIi3mlRzOoS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle Thanks for the pointers -- to be more specific, how do you test the … |
|
|
|
Post #Auxmt1Pkx04j8vJd0i by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb I've been in talks with people in my field lately about how we're… |
|
|
|
Post #Auxmt1WqWdkLUudI3s by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @todb until a quantum computer that can actually do stuff arrives, this i… |
|
|
|
Post #Auxmt1dE8uqnohcO0W by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @todb :1000: Scared or looking to profit off the fear. Wait, isn't th… |
|
|
|
Post #AuxmuY1bBwCOZVkB2u by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @cR0w @todb That's kind of the point, drive sales without having to p… |
|
|
|
Post #AuxmyRyRd9T4xo84jA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @todb i thought infosec motto was "compliance is security"? |
|
|
|
Post #AuxmyS4TGkHxGUwt7Y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @todb No, that's GRC's motto. |
|
|
|
Post #Auxn0TENvZUXRRY4Qa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb NordVPN has some sort of "quantum hacking protection" you can t… |
|
|
|
Post #Auxn0TKPZAJPk8Msoy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Unsightly3055 heh, NordVPN claims a lot.See Omer Akgul's work in this spac… |
|
|
|
Post #Auxn1TDpRjszhflVAW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@FritzAdalis @cR0w @todb its amusing the phrase they use is "post quantum … |
|
|
|
Post #Auxn1TKD40zS1Skb7A by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @FritzAdalis @todb We also haven't gotten to artificial intelligence … |
|
|
|
Post #AuxnD5GYL9sOscZqNM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle ah haaaaaahttps://www.sectigo.com/resource-library/nist-move-towards… |
|
|
|
Post #AuxnHMo34H80RFHpsO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @cR0w @todb I had to look up PQC this morning as today was the first time… |
|
|
|
Post #AuxnHUelseScmn0XWi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @todb oh, there's a PQC hype train starting? can't wait to… |
|
|
|
Post #AuxnTgHAVQmaIVmMhE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @todb if you ask grc, they will tell you that they do security |
|
|
|
Post #AuxnU5dME4O0wZLwFk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb Impossible to test in production? Can you elaborate?My (very poor) unders… |
|
|
|
Post #AuxnVyyfwbxSsZE7E0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb so there's a couple of things to consider when testing here: one is t… |
|
|
|
Post #AuxnhYyURsQthuf6cS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb not just NIST; the EU's DORA and NIS2 both mandate adoption now, alon… |
|
|
|
Post #AuxolosrLApYA3ccAy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @cR0w @todb Idk I think if we didn't have compliance standards nobody… |
|
|
|
Post #AuxouR0nSuTOjJRUga by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis @Viss @todb I know my industry sure would be a lot worse without c… |
|
|
|
Post #Auxov6PLYXTL7KFB8y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @cR0w @todb so this goes right to the core of the most common question th… |
|
|
|
Post #AuxpjCjcJ5DXDdcDxY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @Viss @cR0w @todb i'd argue that lots of antiquated insecure cru… |
|
|
|
Post #AuxqB89gvVbX7m7zQO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb there's a lot of mathematics behind what functions a theoretical quan… |
|
|
|
Post #AuxqFpnSbvK5dNyMJU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@paul_ipv6 @Viss @cR0w @todb 1000% this(also, what everybody else has been sayi… |
|
|
|
Post #AuxqVQodG1pon2xRtQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @Viss @cR0w @todb i've thought before about having a "just … |
|
|
|
Post #AuxqZXH7BRXZywEmYK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@paul_ipv6 @Viss @cR0w @todb and also: if you can't do the basics with cons… |
|
|
|
Post #Auxrey0hJHgYIliCvo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ftp_alun right, and I'm not saying the math is hokum -- I'm saying tha… |
|
|
|
Post #AuxswIkTYgUdUuxD4i by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@darkuncle @paul_ipv6 @cR0w @todb just like the discussion about how secure the… |
|
|
|
Post #AuxswIrD9dsfpo6aZc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @paul_ipv6 @cR0w @todb this is a both/and not an either/or situation (but… |
|
|
|
Post #AuxsxOGiWL5quJYP8C by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb those implementation screwups will be found without a quantum bit being u… |
|
|
|
Post #AuxuKKQN4zmTbCZTHc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @todb I don't doubt there's probably a problem involving quantum … |
|
|
|
Post #AuxuKKWOiabLttOHg0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@logan @todb CISO bragging rights on LinkedIn. |
|
|
|
Post #AuxuSbLU3DgeObEJO4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @todb Damn, I didn't think about that... Can't put a price tag on… |
|
|
|
Post #AuxuSbSDeB4gjUNgsy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@logan @todb Depending on the CISO, it's potentially the top priority. |
|
|
|
Post #AuxyE3BgeW32Ddxrc0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb Do not chase the PQC ghost thru the swamp.You are better off using 25519 … |
|
|
|
Post #Auy4LX6CRLaIjwLhZ2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@darkuncle @Viss @cR0w @todb I’d also add that if you look closely at most so… |
|
|
|
Post #Auy4LXCa3cgl3jKnVg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@donaldh @Viss @cR0w @todb 100% - that's why this is going to be a decade-l… |
|
|
|
Post #Auy5yBWAiC3h3UUYNM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb IMHO there is no point in rushing out proprietary or custom so… |
|
|
|
Post #Auy6Vv2kTDYJo2oaxM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb currently I see more tangible risk from bugs in PQC integratio… |
|
|
|
Post #Auy6lcHG0eIWEo5Q9o by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb with as long as the discovery and remediation is going to ta… |
|
|
|
Post #Auy6ovN1TjiWK3MQ6a by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb it depends on your org and your risk profile. Orgs that meas… |
|
|
|
Post #Auy74QdvURFPelezNA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @darkuncle yuuuup. Increased attack surface as people muddle aroun… |
|
|
|
Post #Auy7lp5aTXizvXI3xA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb For in-house development it should hopefully not take anywhere… |
|
|
|
Post #Auy8DHgIHMNwQFYPSq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb and in terms of planning, it should mostly be down to tracking… |
|
|
|
Post #Auy8GHYbCGkQuFNtIG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb the biggest chunk of most org's exposure isn't the s… |
|
|
|
Post #Auy8WUAw39yMft2gRE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb it's *so much* more effort than that :) Some orgs I talk… |
|
|
|
Post #Auy9OHwPkiYAMtuBxQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb @darkuncle @todb that is true and it is certainly a lot of wor… |
|
|
|
Post #Auy9ettsOCWmjIdi08 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb well, yes? If they've been running blind before then it… |
|
|
|
Post #AuyAOpu1aIsVeUc2dM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@darkuncle @todb I've seen that NIST apparently wants to deprecate ECC enti… |
|
|
|
Post #AuyBIifHgIvhQBMhDk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb we will need hybrid for the foreseeable future, I agree |
|
|
|
Post #AuyBNmfqCfwrIq2ZgO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thepwnicorn @todb also agree re: process gaps (but for many orgs, these compli… |
|
|
|
Post #AuyMAgaobHrgAqe9bc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0wNaah nahhh. Lets patch that 6.1 Zero Day because it is shiny and new and i… |
|
|
|
Post #AuyMAggqEsgYTXSy00 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@chillybot @todb So, kind of cool thing related to that: I have been able to us… |
|
|
|
Post #AuyMAh0L4OHVS0aXOC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0wOh absolutely, you have to use whatever you can to keep peoples eyes on th… |
|
|
|
Post #AuyMAh6igfNxlnZdKq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@chillybot @todb I caught that, I just saw an opportunity to share an unexpecte… |
|
|
|
Post #AuyMNhuD1xsq0gvXNI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0wYay!@todb |
|
|
|
Post #AuyMakbOJgWa8bLQrQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @[email protected] @todb Governance, Risk and Compliance, or Gibson Re… |
|
|
|
Post #AuyMakhlvxd2SOKWo4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@http_error_418 @todb Ground Jays, Ravens, and Crows |
|
|
|
Post #AuyMakmjdVbAhmeUXg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @http_error_418 Geese were right there |
|
|
|
Post #AuyMaksPIQ8SzNJ1No by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb @http_error_418 Geese are not Corvidae. And they're mean. |
|
|
|
Post #AuyMakyQw0xLI47pmC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb @http_error_418 But to answer for real, I was talking about Governance, R… |
|
|
|
Post #AuykUUyXttP6pqj7QW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb I'd argue #PQC as a technology is legit, but selling it to companies … |
|
|
|
Post #AuzKUl7PThLvFfIQym by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb @darkuncle I was curious if the answers from mathematicians gave you conf… |
|
|
|
Post #AuzKUlDR7IAnYM7FNA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@benjohn The math and the physics aren’t what’s tickling my Spidey sense - … |
|
|
|
Post #AuzWWIQQKSSYI2gnTc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@benjohn @todb that's the part I'm ironically the most certain about: t… |
|
|
|
Post #AuzWbaXsNzJRw8hNdA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb @benjohn the only way we as a security community are going to suss out th… |
|
|
|
Post #AuzWlDTF23KfGe7bn6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb @darkuncle I’m personally still a bit skeptical we will see workable QC… |
|
|
|
Post #AuzWlDZceKR7aR6hjk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@benjohn @todb I'm considerably more certain about the near-term arrival of… |
|
|
|
Post #AuzWlE0v0qGqx5sVHc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@todb fwiw - I don’t personally understand the maths or physics here at all! … |
|
|
|
Post #Av0FY2P3MjDx7BFjyi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb my take - cryptography isn't like the rest of infosec - the whole poi… |
|
|
|
Post #Av0OmH24faqO82MrNg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sawaba @todb Why would you expect to see a passive attack?I believe statistica… |
|
|
|
Post #Av0OmH8oGYEQSvWEsa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@marshray @todb I wouldn’t. If I was in-line with network traffic, the first … |
|
|
|
Post #Av0OqvwOW11GA6vu9Q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@marshray @todb any more details on the RC4 attack? |
|
|
|
Post #Av0XGhadIHPqodYJXM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@sawaba @todb https://www.zdnet.com/article/tjxs-failure-to-secure-wi-fi-could-… |
|
|
|
Post #Av0YEmlPBeMYEkF0zI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@marshray @todb good point, I guess that one counts - this is one of the first … |
|
|
|
Post #Av5exql4ki6bAll4Yy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sawaba @todb i'll just not lack of evidence of a breach != no breach. It&#… |
|
|
|
Post #Av5exqsAKLmDWl4jc8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr @todb sure, but once we understand the attacker's motives and goa… |
|
|
|
Post #Av5gehyJOcTQKOwwG8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sawaba @todb i guess i'm arguing that "we've never once seen a br… |
|
|
|
Post #Av5gei4h0tZseBw2Cm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr @todbHow breaches happen isn't much of a mystery these days.attac… |
|
|
|
Post #Av5rJIOeO6seQGGHQm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sawaba @todb I'm just gonna not comment anymore on this thread. |
|
|
|
Post #Av5sFDe4D9vCTy5nW4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr @sawaba the continued existence of Bitcoin seems to imply that fundam… |
|
|
|
Post #Av6CKEZ4DcSnrgQG1I by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@todb @hrbrmstr it is nice to have some solid foundations where there isn’t a… |
