Archives for encryption
AES ciphertext length close to plaintext length – leakage
AES Ciphertext Length Leakage Does AES Ciphertext Length Leak Information? 1️⃣ What Can Be Leaked Even though AES encryption is strong, some metadata can still be inferred from ciphertext: Length…
AES 256 Ciphertext Length versus Input String length
AES Ciphertext Length Explanation AES Ciphertext Length Explained 1️⃣ AES Block Size AES always operates on 128-bit blocks (16 bytes). The key size (128/192/256 bits) does not affect the block…
Thales HSM – Key Concepts
Thales HSM – Key Concepts Applies to Luna, nShield, and Thales Data Protection on Demand (DPoD) 1) What an HSM Does Tamper-resistant hardware for generating, storing, and using cryptographic keys…
Why are Root CAs often offline?
Root Certificate Authority Often a Standalone Server? 1. Ultimate Trust Anchor The Root CA is the trust anchor of the entire PKI hierarchy. If compromised, all subordinate certificates become untrustworthy.…
Hashing and Loss of Information
Hashing and Loss of Information, Key Derivation Hash functions lose information that is present in the input data. This is required in order to generate a fixed-length output hash value. This…
Hash and then Encrypt?
Hash and then Encrypt? Recently, I came across some code that did this -hashed the data and then encrypted the hash. It makes no sense to do this. Hashing an…
Alternatives and Competitors to PKI Encryption
Competitors to PKI: Identity-Based Encryption (IBE): Instead of relying on certificates like PKI, IBE uses identity information (, email address) as the public key. Competitors: Voltage Security (now part of…
Cloud Encryption as a service providers
Also read Cloud KMS - Encryption as a service Encryption-as-a-Service Providers: Amazon Web Services (AWS) Key Management Service (KMS): Provides encryption services with integrated key management for AWS services and…
Installing certbot on an EC2 using AWS Systems Manager
Registering the certbot client and requesting a certificate - sudo yum -y install yum-utils - sudo yum -y install - sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional - sudo yum -y install certbot - sudo certbot register --server {{ CertServerUrl }} -m {{ contactEmail }} --no-eff-email - sudo certbot certonly --server {{ CertServerUrl }} --cert-name {{ certName }} -d {{ certDomains }} --webroot-path {{ webrootPath }} > / The terraform file () # input variables variable "instance_ids" { type = list default = } variable "cert_common_name" { type = string default = "avTestCert" }…
Tokenization versus Encryption vs Data Masking
Tokens are pointers to data - and substitute data (not transform it) Tokenization Pros Use Cases - PCI Data - Credit Card info etc. Tokenization reduces the in-house responsibility of…