-
Podcast Jan 20, 2023
Root Causes 270: What Is the Difference Between KEM and PKE?
We explain the difference between Public Key Exchange (PKE) and Key Encapsulation Methods (KEM) and why we're moving from one to another.
-
Podcast Jan 16, 2023
Root Causes 269: Did a Patent Dispute Nearly Derail PQC?
On July 5, 2022 NIST announced its Round 3 PQC winners. That same day, a patent cleared that made this possible.
-
Podcast Jan 12, 2023
Root Causes 268: WAFs Subverted by JSON Bypass
Rising attacks can overcome the protections of Web Application Firewalls (WAF). We explain these attacks and what you should do to ensure you're safe.
-
Podcast Jan 09, 2023
Root Causes 267: Can Quantum Computers Break RSA Today?
New research suggests a quantum computer may be applied to breaking RSA in a different way from Schor's algorithm. We discuss the potential implications.
-
Podcast Jan 04, 2023
Root Causes 266: End-to-end Encryption in the Apple Technology Stack
Recent announcements from Apple lay out a set of expansions in the scope and capability of encryption throughout the Apple ecosystem.
-
Podcast Dec 28, 2022
Root Causes 265: A Banner Year for Post-quantum Cryptography
2022 was post-quantum cryptography's biggest year so far. We go over many developments in PQC, including the NIST round 3 winners.
-
Podcast Dec 23, 2022
Root Causes 264: Crypto Agility for 2023
We define the important needs that are changing the crypto agility landscape, including CA independence, public cloud, PQC, and FIDO 2/WebAuthn.
-
Podcast Dec 20, 2022
Root Causes 263: Secure Connection Methods Roundup
We discuss the three methods a user might choose for secure remote communications: VPN, SSH, and TOR, with use cases and the pros and cons of each.
-
Podcast Dec 14, 2022
Root Causes 262: The Continuing Erosion of Online Identity
We look back at the continued erosion of reliable online identity, including deep fakes, celebrity phishing, AI-generated art and Twitter blue check marks.
-
Podcast Dec 13, 2022
Root Causes 261: Why I Don't Say Spoof
The word spoof is a security industry term used regarding social engineering attacks. We discuss why this word is problematic in a security context.
-
Podcast Dec 08, 2022
Root Causes 260: CA TrustCor Deprecated
Public CA TrustCor has had its roots deprecated by Microsoft and Mozilla. We explain what happened and why these roots ultimately were distrusted.
-
Podcast Nov 30, 2022
Root Causes 259: What Went Wrong with the Twitter Blue Check Marks
We explore why the Twitter blue check marks failed and the challenges in authenticating and vouching for the identity of an individual or organization.