Phil Roberts – CrypTech.is https://cryptech.is Making the Internet a little bit safer Tue, 09 Oct 2018 15:52:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 External Security Audit Completed https://cryptech.is/2018/10/external-security-audit-completed/ Tue, 09 Oct 2018 15:52:33 +0000 https://cryptech.is/?p=496 The Cryptech project is proud to announce the completion of the third
party security audit by Cure53. The Cryptech team is grateful for the
feedback provided by the auditors on the code, design and security of
the Cryptech Open HSM. The Cryptech core team have reviewed the issues
and agree with the auditors’ conclusions.

The Cryptech core team has begun updating the design and implemention
in accordance with the recommendations in the audit report. Furthermore, the core team is reviewing and updating our development process and how to augment the toolchain to ensure that an even higher, and more consistent quality and level of security will be reached. It is expected that there will be
incremental updates to address the identified issues, and these will be finished by
the end of year.

 

CT-01-report

]]> CrypTech version 3 firmware and software now available https://cryptech.is/2017/05/cryptech-version-3-firmware-and-software-now-available/ https://cryptech.is/2017/05/cryptech-version-3-firmware-and-software-now-available/#comments Mon, 15 May 2017 18:45:43 +0000 https://cryptech.is/?p=441 This post is from Rob Austein:

The Cryptech Project is pleased to announce that version 3 of our
firmware and software package is now available. Like version 2, this
runs on the Alpha board. For those who have been following, this is
the code that until last week was the “ksng” branch.

Major new features:

* New keystore implementation which supports thousands of keys instead
of six. 🙂

* Support for multiple clients (eg, the OpenDNSSEC “enforcer” and
“signer” daemons) talking to the HSM in parallel.

* Key backup.

* Verilog support for (much) faster key generation and signing on the
ECDSA P-256 and P-384 curves.

See https://wiki.cryptech.is/ReleaseNotes for more details.

See https://wiki.cryptech.is/BinaryPackages and
https://wiki.cryptech.is/Upgrading for information on how to
download the new packages and upgrade the HSM firmware.

Please read the upgrade instructions BEFORE attempting to update the
firmware. The upgrade is a multi-step process, and the keystore
format change triggers a bug in the old bootloader which can brick
your HSM if you perform the upgrade steps in the wrong order.

If you ignored the above or managed to brick your HSM anyway, see
https://wiki.cryptech.is/DisasterRecovery and
https://wiki.cryptech.is/UsingSTLink .

Thank you for your patience with how long this has taken. We spent
far more time than we would have liked in a twisty maze of RTOS bugs
(eventually solved by removing the RTOS, see the release notes).

Special thanks to Yuri Schaeffer for help testing both the upgrade
process and the multi-client support with OpenDNSSEC.

]]> https://cryptech.is/2017/05/cryptech-version-3-firmware-and-software-now-available/feed/ 1 CrypTech annual report is now available https://cryptech.is/2017/04/cryptech-annual-report-is-now-available/ Wed, 12 Apr 2017 20:23:10 +0000 https://cryptech.is/?p=436 The CrypTech End-of-Year Report for 2016 is now available.  It includes a summary of the work completed during 2016 including the release of the CrypTech alpha board and a list of items that the project continues to add to the release.

There is a link to it on the main page or you can find it here:

CrypTech End-of-year Report for 2016

Thanks again to all our supporters for past support and continuing support.

 

]]>