At re:Inforce we revealed two previously unannounced AWS network encryption features. One is embedded in our Nitro hardware security system, the other is for network links. But I want to take a second to zoom in just on multi-party key distribution ...https://twitter.com/colmmacc/status/1143572552180277248 …
-
-
This is incredibly simple; but it has the effect that if the pre-secrets in the key distribution systems become known somehow, that's not fatal to the system security, it doesn't disclose the actual keys we use.
Show this thread -
This technique works trivially for symmetric keys, but can also be used with a deterministic key generation algorithm to generate the same asymmetric keys on multiple hosts, without central knowledge.
Show this thread -
Boring, simple, patterns are re-assuring in cryptography and I really love this one, because for very little cost, it gives a very meaningful security property. It really surprises me that it isn't more common pattern.
Show this thread -
O.k. when I wrote "only export the private key" I *cough* meant "only export the PUBLIC key"! /end-of-thread
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.