The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can easily be cracked by hackers.
Tech moves fast, but cryptography - the field which holds it all up - runs at a decidedly slower pace, marking its breakthroughs in years, not quarters. With something so inherently important, why would it be so slow to evolve?
The clock is ticking and in few years, quantum computers will become powerful enough to break the all-important encryption techniqueused billions of times every day by businesses, banks, credit cards, government and consumers.
Richard Moulds takes a look behind recent crypto vulnerability headlines - the ability to calculate the private key of an RSA keypair purely by knowing the public key - and asks if they are a prelude to a 'cryptoapocalypse'.
Estonia on Friday blocked the certificates of 760,000 national ID cards in response to a cryptographic vulnerability that researchers have discovered is even more dangerous than originally reported.
Weak cryptography in a standard developed by the IEEE could result in hackers bypassing encryption safeguards to steal intellectual property in plaintext, scientists discover.
Brian Cox explained that the use of quantum computing for factoring large numbers for cryptography was so effective that it makes classic cryptography redundant.
Quantum computing is arriving now and could break public key encryption in a decade - so long term valuable data could be obtained and held now to be decrypted later warns Graeme Park.
It looks like China is the latest to apply quantum cryptology to create a supposedly unhackable network. But just how valid are these claims?
Researchers from five universities have published a paper demonstrating full key recovery for libgcrypt's implementation of RSA-1024.
True randomness is impossible to achieve with conventional hardware, and some applications are terrible at it, but are our current random number generators 'good enough' and is it worth using quantum technology to achieve better randomness?
TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities. All vulnerabilities have been patched prior to publication.
TruffleHog could be used to search for secret keys used to access servers
Kaspersky Lab researchers Anton Ivanov and Fedor Sinitsyn spotted what they are calling the first encryption malware to exploit the Telegram protocol.
The problem of certificates baked into firmware continues to jeopardise the security of consumer internet devices despite warnings to vendors, according to a researcher.
A cryptography Ph.D. student has accused WhatsApp of blocking calls to Saudi Arabia phone numbers and deceiving users
The RSA cryptographers' panel was the occasion Tuesday for the announcement of the winners of the annual ACM AM Turing Award.
The latest In Case You Missed It (ICYMI) looks at Rusian bank attack thwarted; need for UK CISO?; banks hack themselves; Cypto key hack; US hospital ransomed.
An Israeli security research team has described how to steal a cryptographic key from a computer simply by monitoring the radio waves it emits while decrypting a cipher.
Two vulnerabilities have been discovered (and fixed) in OpenSSH which could have been exploited by hackers to force clients to leak cryptographic keys.
Researchers at Linkoping University and Stockholm University find a vulnerability that compromises the integrity of quantum cryptography technologies.