I’m a huge fan of elliptic curve cryptography. Small beautiful keys make better security than the larger older ones. Its used in web security (https), in ssh, many areas. Absent going to some quantum-proof area its the current state of the art, its the best out there. But only if its working. Test your encryption periodically to check.

What makes it weak are vulnerabilities in implementations. And one recently came to light in CVE-2020-0601, sometimes called Curveball. And you, yes you, might have some of it, and some is more than none, and none is the right amount. So, open https://curveballtest.com/ in a new tab. If its not all green, you my friend need to update some software (its a vulnerability in Windows CryptoAPI Crypt32.dll, and you would run Windows Update).

OK, back? Feeling smug? or sad? Doesn’t matter, its behind you now, you’ve tested your encryption and resolved any issues. While you are here, lets test your server. Head on over to https://www.ssllabs.com/ssltest/ and type in the name of one of your many TLS sites. A+ is really the only score to accept here. You can look at our results https://www.ssllabs.com/ssltest/analyze.html?d=www.agilicus.com if you wish. If you are setting up a server, pick Modern (or Intermediate) from https://wiki.mozilla.org/Security/Server_Side_TLS, don’t try and build the list yourself, the order matters.

Remember, strong encryption, properly setup, is one (and only one) of the elements of Defense in Depth.

Share This

Share this post with your friends!