Root Causes PodcastA new paper from Google Quantum AI and others documents a new technique for breaking ECC, particularly the curve protecting crypto currencies, smart contracts, and blockchain. This accelerates post quantum cryptography (PQC) timelines.
Root Causes PodcastNew research suggests that a cryptographically relevant quantum computer is achievable with only 10,000 qubits. This was an important contributor to Google moving its PQC target to 2029.
Google has announced that it is moving its target for full PQC support to 2029. This is a strong statement from one of the most knowledgeable PQC technology companies that the existing 2030 target is too late.
Legacy PKI implementations hold back technical progress and create security risk. We discuss reasons why, consequences, and what to do about it.
In our previous episode we defined cryptography as the new geopolitics. We follow up to explain how all cryptographic decisions reflect social, political, and legal viewpoints of the cryptography's designers.
In the last decade or so, nations around the world have become keenly determined to use cryptography for their own legal, economic, and military advantage. We explore this concept.
A recent CISA report declares that the nation's OT infrastructure is incapable of keeping up with the crypto agility and certificate management needs that modern security demands. We examine this finding.
Microsoft has publicly stated that it will hand over Bitlocker keys to US law enforcement agencies without requiring a subpoena or court order.
We usually think of Certificate Lifecycle Management (CLM) as a security category. But we could equally well call it an operations category that enables uptime.
We introduce the concept of a "digital parasite," explaining why this attack philosophy appears to be on the rise.
In a recent blog post Google made five recommendations for policy makers.
CISA (Cybersecurity and Infrastructure Security Agency) has released new guidance about post-quantum cryptography in critical infrastructure, including some sobering warnings.
CAA records exist to restrict issuing CAs for a given domain to as few as one CA. But what happens when the CAA record outlives the CA?
Chrome's deadline for deprecation of the clientAuth EKU and mTLS in public certificates has moved out. We give you the what, when, and why.
Root Causes PodcastWe recently heard the argument that it's simply too expensive to develop a cryptographically relevant quantum computer. We vehemently disagree. In this episode we explain why.
The transition to PQC is not just a change in cryptographic algorithms but also a fundamental shift in how we treat our cryptography. From here on out, IT systems need to be fundamentally crypto agile as never before.
It would be easy to believe that the amount of risk posed to the WebPKI by any individual public CA is somehow proportional to the number of active certificates that CA has. This is false, however. In this episode we address this misconception.
Jason describes a recent intrusion almost entirely operated by off-the-shelf AI tools. This is an important milestone in security. We describe its potential consequences.
