Hacker News with Generative AI: Key Management

Best Practices for Key Derivation (trailofbits.com)
Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API signature forgery vulnerability is a famous example of misusing a hash function during key derivation.

Cryptography, Security, Best Practices, Key Management

3 points by tatersolid 23 days ago | 0 comments

Dumping Keys from the Linux Key Retention Service (ivision.com)
On May 22, 2022, the Kernel Key Retention Service (KKRS) was released as part of Linux 5.18. This introduced an in-kernel key management and retention feature, which provided a secure method for storing secrets on Linux systems.

Linux, Security, Key Management, Operating Systems

4 points by almostjson 93 days ago | 0 comments

Transitioning the Use of Cryptographic Algorithms and Key Lengths (nist.gov)
NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance on transitioning to the use of stronger cryptographic keys and more robust algorithms.

Cryptography, Cybersecurity, NIST, Key Management, Algorithm Transition

97 points by nabla9 122 days ago | 37 comments

A sensible Java key management tool for normal people (github.com/alastairmccormack)

Java, Security, Programming Tools, Key Management

15 points by mooreds 168 days ago | 6 comments