Being able to verify that a piece of data originates from a trusted source (authenticity) and that it has not been altered in transit (integrity) is a common requirement in many use cases. It is needed for instance when distributing software packages and installers and when delivering firmware to an embedded device. Digital signatures allow the recipient to verify both authenticity and integrity of the received document. This blog post describes how to use digital signatures with OpenSSL in practice. First part describes what is a digital signature and then the second part shows how to use OpenSSL sign and verify functions to work with signatures.
Continue reading “How to sign and verify using OpenSSL”
Tag: Security
Researchers produce first SHA-1 hash collision
Google security blog announced that they have been able to produce the first SHA-1 collision. That is, two different PDF-files with the same checksum. Finding the collision required nine quintillion (9,223,372,036,854,775,808) SHA-1 computations in total.
This may sound like a ridiculous amount but the research shows that, given the right resources, it is possible to break this hash algorithm. It is also noteworthy that this was not a brute-force attack which would still be impractical. In fact it was 100,000 times faster.
Now it is a good time to start using stronger hash algorithms such as SHA-256.
How to use TPM for encryptions
Trusted platform module (TPM) is a secure element that can be used to securely generate and store keys. It has many possible uses, one of which is encryption of sensitive data. This article describes how to use TPM and tpm-tools package on Linux environment to encrypt different types of data, how to encrypt filesystem partitions and how to bind the encryption with device state.
Page Fault Blog 