Stellar Development Foundation’s Post

Key contrast of Authorization vs Authentication..!

Authentication and authorization work in tandem to form a secure digital fortress. Authentication guards the gate, ensuring only authorized individuals enter. Authorization then grants the keys to specific rooms, carefully controlling what each user can access. Neglecting either leaves your data vulnerable, so understanding and implementing both is essential for building a secure digital world.

Join this webinar to hear our team talk about Post-Quantum FHE for multiparty thresholds. The speed at which this technology is advancing is opening up more use cases everyday, leading us to better security, privacy, and efficiencies in how we use sensitive data. Yuriy Polyakov Andreea Alexandru #dataprivacy #postquantumcryptography

OWASP Top Ten: Cryptographic Failures Explained 🔥👩💻 Cryptography, the bedrock of digital security, is the art and science of securing communication and data. In this exploration of the fundamentals, we unravel the core concepts shaping the protection of information in the digital realm. Continue Reading: https://lnkd.in/dCNvr-mV

Back in June, the CA/B Forum passed ballot mandates for certificate generation and storage of signing keys to be protected in a certified hardware crypto module. The intent is to increase the protection of code-signing certificate private keys. How does your organization comply with the new CA/B Forum code signing requirements?

Many people mistakenly believe that storing data in a JWT inherently makes it "safe." JWTs do not encrypt data, they only provide a mechanism to verify the integrity of the information via a signature. The contents of a JWT, specifically the header and payload, are simply Base64Url encoded, not encrypted. This means anyone with the token can easily decode and view its contents. Further Reading on the topic: https://lnkd.in/gbVcAh5Q #authentication #jwt #systemdesign

CVE-2023-33241: Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in... #internationalnews #news #worldnews

Today at #ICMC @ 14:00 The State of the Art in Stateful Hash-Based Signatures (Q22b)  "The recent release of CNSA 2.0, and its encouragement for vendors to begin adopting stateful hash-based signatures (HBS) immediately for FW/SW signing applications has renewed interest in a technology that had largely been ignored until now. We’d like to shed some light on stateful HBS, describing the different variants and the intricacies associated with managing their state. We will then take a look at NIST’s SP800-208 standard, some of the implications it has on the adoption of stateful HBS in real-world scenarios, and some potential solutions that might help ease their adoption in the aggressive timelines being suggested by CNSA 2.0." Jim Goodman, Principal Security Architect, Crypto4A Technologies, Canada https://lnkd.in/dcPCPSfw

CVE-2023-33241: Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in...

🔒 How does t3rn enhance security and reliability in cross-chain transactions using The Arbitrum Foundation's L3? t3rn employs bonded Attestors on Arbitrum’s L3 to verify transactions, ensuring high security and cost-effectiveness. This method significantly reduces risks associated with traditional bridges. 🌐 Learn more about it in our latest blog post: https://lnkd.in/dhUrnJhN