KeyChest now runs over 500,000 TLS checks every day

We checked recent statistics of the KeyChest service. While the overall load is gradually increasing, we also increase the number of checks we perform. It’s now over 500,000 a day since March 26. But we should be fine till a major system upgrade coming soon.

“Read More”

Rick Dickinson – designer of ZX Spectrum – passed away

Category : Uncategorized

Rick is for me a real legend. He helped me with a design of one of my products and ever since, I admired his personality, approach to the design and his general attitude to technology and design. I was very sad to read he had passed away on the 24th of April.

“Read More”

KeyChest becomes part of Radical Prime Limited

As the core technology of Enigma Bridge had been in its cloud encryption platform, there was always a question whether we wanted to keep use-cases of this technology under the same company. This thinking resulted in a decision to create a spin-off. This was executed in January 2018 and resulted in funding of Radical Prime Limited.

“Read More”

Major KeyChest Incident – We Turn It Into Serious Business

KeyChest HTTPS monitoring started small – to help us manage our certificates and its free service grew with interest. It’s the right approach from the business point of view, but it has its dark side. A major incident flashed it out last Saturday.

“Read More”

ROCA details published – taste of quantum cryptography

If you want to see raised eyebrows, just say “unbreakable crypto”. Yet everyone assumes their use of crypto is “unbreakable”. Security experts know it’s safe to reject “unbreakable systems” out of hand, but they often rely on the unbreakability of security protocols day in, day out.

“Read More”

ROCA vulnerability impact on Gemalto IDPrime .NET smart cards

We have reasonable grounds to believe that all Gemalto IDPrime .NET smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (CVE-2017-15361, VU#307015). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
“Read More”

ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards

I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.

“Read More”

ROCA – Critical vulnerability in Infineon security chips

Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.

“Read More”

Let’s Encrypt uptime is 99.9% — or 98.8% without defects in 2017

Category : https , letsencrypt

As I was collecting reliability data for several PKI systems, I included Let’s Encrypt as it’s by far the biggest PKI system I was aware of. It provides its status data and its history at and here’s my informal analysis of its production systems.

“Read More”

Let’s Encrypt certificates with one name on different servers

Category : https , letsencrypt , security

This is an interesting one. The first impulse is to simply answer NO, you can’t do it, that’s the point of HTTPS. But it’s all about networking and one can do quite some magic with proxies, forwarding, and the SNI extension in TLS protocols.

“Read More”

Browse by date

Dec 2018
« Nov