Últimas notícias

Fique informado

Performance Improvements via Formally-Verified Cryptography in Firefox

07/07/2020

Spotlight

Leia o Parecer de Plenário sobre a MP 983/20 e diversos artigos e entrevistas

Leia também outros artigos e entrevistas sobre a MP 983 2020 publicados pelo Portal Crypto ID

12/08/2020

Como gerenciar seus certificados TLS sob as novas regras do Google?

Em 01 de setembro de 2020, os principais navegadores passam a bloquear certificados TLS que têm um período superior a 398 dias.

10/08/2020

Quatro motivos para investir na autenticação de múltiplos fatores com Inteligência Artificial

Uma maneira de resolver problemas de acessos de usuários é aplicar sistemas de autenticação de múltiplos fatores, como a autenticação condicional.

10/08/2020

Presidente do ITI fala sobre a CertLive que abordou as MPs 951 e 983

Conversamos com Carlos Roberto Fortner sobre a primeira CertLive recebeu parlamentares e integrantes do governo brasileiro em torno das MPs 951 e 983 de 2020.

31/07/2020

Associações da Sociedade Civil manifestam seu apoio à aprovação da MP 951/2020

A MP autoriza a emissão dos certificados digitais, no padrão da Infraestrutura de Chaves Públicas Brasileira – ICP-Brasil, por meio de videoconferência.

31/07/2020

O pequeno herói e sua conexão com a tecnologia para acesso ilimitado e seguro

Neste ebook apresentamos a história do pequeno herói neerlandês e sua conexão com a tecnologia do SafeSign e todo o ecossistema de soluções da AET – Unlimited access to your world.

22/07/2020

The Real Cost Of Ransomware And How We Stop Paying It

Ransomware attacks are never far from the headlines and the impact of a successful hit can be devastating.

11/06/2020

How To Encrypt Your Internet Traffic 2020 Guide

There are numerous reasons why a user would want to

03/06/2020

Cryptographic primitives, while extremely complex and difficult to implement, audit, and validate, are critical for security on the web

To ensure that NSS (Network Security Services, the cryptography library behind Firefox) abides by Mozilla’s principle of user security being fundamental, we’ve been working with Project Everest and the HACL* team to bring formally-verified cryptography into Firefox.

In Firefox 57, we introduced formally-verified Curve25519, which is a mechanism used for key establishment in TLS and other protocols. In Firefox 60, we added ChaCha20 and Poly1305, providing high-assurance authenticated encryption. Firefox 69, 77, and 79 improve and expand these implementations, providing increased performance while retaining the assurance granted by formal verification.

Performance & Specifics

For key establishment, we recently replaced the 32-bit implementation of Curve25519 with one from the Fiat-Crypto project. The arbitrary-precision arithmetic functions of this implementation are proven to be functionally correct, and it improves performance by nearly 10x over the previous code.

Firefox 77 updates the 64-bit implementation with new HACL* code, benefitting from a ~27% speedup. Most recently, Firefox 79 also brings this update to Windows. These improvements are significant: Telemetry shows Curve25519 to be the most widely used elliptic curve for ECDH(E) key establishment in Firefox, and increased throughput reduces energy consumption, which is particularly important for mobile devices.

For encryption and decryption, we improved the performance of ChaCha20-Poly1305 in Firefox 77. Throughput is doubled by taking advantage of vectorization with 128-bit and 256-bit integer arithmetic (via the AVX2 instruction set on x86-64 CPUs). When these features are unavailable, NSS will fall back to an AVX or scalar implementation, both of which have been further optimized.

The HACL* project has introduced new techniques and libraries to improve efficiency in writing verified primitives for both scalar and vectorized variants. This allows aggressive code sharing and reduces the verification effort across many different platforms.

What’s Next?

For Firefox 81, we intend to incorporate a formally-verified implementation of the P256 elliptic curve for ECDSA and ECDH. Middle-term targets for verified implementations include GCM, the P384 and P521 elliptic curves, and the ECDSA signature scheme itself. While there remains work to be done, these updates provide an improved user experience and ease the implementation burden for future inclusion of platform-optimized primitives.

Source: Mozilla Security Blog

What to Expect from Brazil’s New Data Protection Law

Maximum SSL/TLS Certificate Validity is Now One Year. By Patrick Nohe

Ransomware Has A New And Very Valuable Hostage In Sight

Explore Crypto ID and keep up with cybersecurity updates!

  Explore outros artigos!-19