DigiCert Blog

All posts under: Encryption

  1. PKI: Solving the IoT Authentication Problem

    Big data and connectivity are changing the way we live and do business. Connecting every day devices, products, and systems to the global Internet provides the ability to have rich data at our fingertips to improve our decision-making, analyze patterns, and, for businesses, improve the bottom line. This movement toward connecting everything to the Internet…


  2. SLOTH Attacks and the Risks Involved

    Researchers Karthikeyan Bhargavan and Gaetan Leurent have found that the use of weak hash functions in various cryptographic constructions within mainstream protocols has been justified by practitioners under the notion that their use of these protocols relies only on second preimage resistance; therefore, they are unaffected by collision attacks. These weak hash functions center on…


  3. OpenSSL Patches Seven Security Vulnerabilities

    Yesterday morning, OpenSSL released two patches—versions 1.0.2g and 1.0.1s—for seven new security vulnerabilities that were found in OpenSSL versions 1.0.1 and 1.0.2. These patches fix one “high” severity and six “low” severity vulnerabilities. One High Severity Vulnerability The OpenSSL advisory explained that the high severity vulnerability known as DROWN (Decrypting RSA with Obsolete and Weakened…


  4. Preventing the DROWN Attack

    Researchers recently uncovered the DROWN vulnerability in SSL v2. DROWN stands for Decrypting RSA with Obsolete and Weakened encryption. It affects HTTPS and other services that rely on the SSL and TLS protocols. Attackers can use the DROWN vulnerability to break the encryption that is used to protect your sensitive data from prying eyes. If…


  5. STRIPTLS Attacks and Email Security

    Major email providers such as Google, Yahoo, and Outlook encrypt and authenticate their emails. However, not all businesses are quick to follow these best practices. Many email organizations use SMTP (Simple Mail Transfer Protocol) the Internet standard for email transmission. Unfortunately, SMTP was not built with encryption or authentication in mind and SMTP email security…