About

  • Welcome to the Thales Key Management digital media news centre.

    As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

    This Thales media center provides information on international industry issues and trends relating to the general topic of key management. There's a also a Q & A page here which aims to answer some of the frequently asked questions on the subject. Key management affects organizations across all sectors and this site includes information on global best practices, regulation, technology, deployment scenarios and key management strategy.

    Thales leads in the provision of information and communication systems security solutions for government, defence, critical infrastructure, enterprise and the finance industry. Thales’s comprehensive portfolio of security products and services protect electronic information – safeguarding transactions, IT operations and information transfers within highly sensitive and regulated environments.

    Subscribe by email

    Find out more at http://www.thales-esecurity.com/

    Visit our payments site at www.paymentssecurity.com

Contributors

Resources

March 26, 2012

Random or pseudorandom?

If you want to use encryption, you need to use keys. A key is (or rather should be) a random number that can encrypt or decrypt your information. A strong key is strong because the random nature of the chosen number means it could lie anywhere on a virtually endless number line. As readers of this blog will know, once you have a strong key, effective key management is essential to ensure the data it protects remains secure.

A recent study (which I referenced in a previous post) found that a small percentage (0.38%) of over 7 million public keys share a common factor and subsequently can be easily compromised. As Bruce Schneier recognises in his blog post, these 'weak' keys were almost certainly created with a poor random number generator. A poor random number generator does not create 'random' numbers, only 'psuedorandom' numbers i.e. numbers generated by a predictable process. Keys based on pseudorandom numbers are liable to compromise, meaning that data encrypted with such keys are not secure.

Continue reading "Random or pseudorandom?" »

Posted at 09:16 in Encryption, Key management, Standards of due care |

|

March 21, 2012

Mediyes Trojan Shines Spotlight on Mismanaged Signature Keys

Just last week a new example of the consequences of inadequately protected signature keys came to light. As reported in Network World , Kaspersky Lab discovered that a recently distributed Trojan, Mediyes, was digitally signed using a stolen private signature key whose digital certificate was owned by Swiss firm Conpavi AG.

The Network World story notes how digitally signed code is assessed more favorably by anti-virus vendors from a risk perspective, so stealing the key and creating a perfectly valid signature on the code helps further promulgate the nefarious Trojan before it can be detected.

Continue reading "Mediyes Trojan Shines Spotlight on Mismanaged Signature Keys" »

Posted at 09:21 in Encryption, Key management, Standards of due care |

|

Key Management Q&A

  • Want to know more about key management? This Q & A might help provide some answers

Key management resources

Categories

Archives

Subscribe to this blog's feed

Press contact

  • Liz Harris
    Thales
    +44 (0)1223 723612