Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...
Outlook Business

The Countdown to Q Day: Why Banks Must Act Now

As quantum computing edges closer to reality, banks are racing to overhaul the cryptographic foundations that keep digital ...

Password managers’ promise that they can’t see your vaults isn’t always true

All eight of the top password managers have adopted the term “zero knowledge” to describe the complex encryption system they use to protect the data vaults that users store on their servers. The ...
Infosecurity Magazine

Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords

A group of academic security researchers have detailed a set of vulnerabilities in four popular cloud-based password managers ...