" aes Archives - LuxSci

Posts Tagged ‘aes’

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

How Secure are Password-Protected Files?

Saturday, February 14th, 2009

We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs.  After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion.  Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure.  However, this is not necessarily the case.  Why?

Using password-protected files to secure data is fast and easy and built into many applications.  Why not use it?  Certainly, password protecting files is much better than not doing so.  However, there are several things that determine how secure these “protected” files really are.

Read the rest of this post »

iPhone: The Ultimate Mobile Email Client?

Wednesday, January 21st, 2009

The iPhone from Apple is an amazing Smart Phone, if not a mini personal computer in itself.  We at LuxSci have been using iPhones since they were first available in 2007 and we have optimized our Xpress WebMail portal with a mobile-centric interface inspired by the iPhone and come out with MobileSync push email and contact/calendar sync services that work beautifully with iPhone and other mobile devices.  Many of our clients use an iPhone or other Internet-enabled mobile device with our email services. The time seems right to share some of our knowledge and experience with iPhones.

Read the rest of this post »

Wireless WPA Security Already Cracking — Be Sure to use SSL!

Monday, November 10th, 2008

Security researches will be outlining attacks that can break the WPA wirless security protection of wireless networks this week at the PacSec conference in Tokyo.  Erik Tews and Martin Beck will discuss how networks protected by TKIP (Temporal Key Integrity Protocol — originally called WEP2) are vulnerable to attackers being able to inject small amounts of traffic into the encrypted data stream.  This can allow attackers to:

Read the rest of this post »

LUXSCI