Category Archives: Uncategorized
It is commonly agreed that the market for cybersecurity products and services is what economists call a lemon market (according to the 1970 work of the economist George Akerlof who was jointly received the prestigious Nobel Memorial Prize in Economic … Continue reading
In these days, my new book entitled End-to-End Encrypted Messaging is being printed and prepared to be shipped. Due to this fact, but mainly due to the Corona crisis, I am often asked these days whether the various conferencing tools … Continue reading
My new book about secure and end-to-end encrypted (E2EE) messaging will be released soon. It addresses E2EE messaging protocols, like OpenPGP and S/MIME, as well as OTR, Signal, iMessage, Wickr, Threema, Telegram, and many more. The core of the book … Continue reading
In a 2015 article, I argued that conventional wisdom in information security management is deeply flawed, because it requires a risk-based approach knowing well that any form of risk analysis – be it quantitative or qualitative – is somehow arbitrary … Continue reading
I have added a cryptology blog named CRYPTOlog to the Web site of eSECURITY Technologies Rolf Oppliger (cryptolog.esecurity.ch). The aim is to answer questions related to cryptology that are of common interest. I am looking forward to receive many interesting … Continue reading
A topic that is ultimatively important to understand the current discussions about secure and E2EE messaging is related to the different notions of secrecy. Assume some long-term keying material being compromised. What is the impact on the secrecy of the … Continue reading
After the development and deployment of OpenPGP and S/MIME, it was commonly agreed that the secure messaging problem was solved, and that public key cryptography provides a viable solution: Digital signatures for authentication (and nonrepudiation) and digital envelopes for confidentiality … Continue reading
David Wong has created an animated TLS 1.3 specification that is more readable and accessible than the purely text-based RFC 8446.
If you want to delve more deeply into the technical specificities and details of the TLS 1.2 and TLS 1.3 protocols, then you may consider downloading and analyzing two log files that have been captured with Wireshark (TLS12Handshake.pcapng for TLS … Continue reading
The 2019 program is available at esecurity.academy. There are several new courses and bootcamps on TLS 1.3, messaging security (including Signal and WhatsApp), cryptography, and cybersecurity.