Category Archives: Information

General news/information to the CAcert community or about security in general

Historical contaminated sites are the greatest danger (Part 5 and conclusion)

It is not only the computers of the future that pose a threat to security, it is also the legacy of the past. Over the past two or three decades, it has become clear time and again that the majority of Internet users are struggling to replace insecure protection mechanisms. It usually takes more than ten years to introduce an improved security protocol on a large scale. If the fear of quantum computers helps to overcome this inertia, i.e. if the efforts of post-quantum cryptography are conducive to “crypto-agility”, then these novel computers have proven to be useful – even if they will never exist.

Grid-based cryptography will continue to provide protection (Part 4)

RapperswilThe grid-based cryptographic methods are considered to be very secure. This assessment is based on theoretical considerations and mathematical calculations. At the Institute for Microelectronics and Embedded Systems at the University of Applied Sciences of Eastern Switzerland, the focus is less on mathematical theories than on the way in which these theories are technically implemented. On the one hand, the researchers in Rapperswil (on the Lake Zurich, Switzerland) want to advance the development of fast computer chips for post-quantum cryptography. On the other hand, they also want to analyse the security of such systems. “Some algorithms that look good on paper,” explains Dorian Amiet, “prove vulnerable in practice to so-called side-channel attacks. Amiet has been working as a project member in Rapperswil for about two years on programming aspects of post-quantum cryptography.

For side-channel attacks, the Rapperswil researchers like to use an oscilloscope, a measuring device that makes electrical voltage fluctuations visible. This is because every algorithm, when used on computer hardware, is dependent on electricity. Sometimes an analysis of voltage fluctuations allows conclusions to be drawn about the inner workings of a computer program and the data it processes.

In a new paper, Amiet and other colleagues deal with “Newhope”. This grid-based method had been developed by major European companies and universities and was considered a favourite in the nesting selection process until recently. But in the Rapperswil laboratory this software did not cut a good figure. Under certain circumstances, the secrets that had been entrusted to this software could be read with the naked eye on the oscilloscope.

“Newhope” did not make it to the third and final round of nest evaluation. And the attack that brought “Newhope” to its knees in Rapperswil also works against “Crystals-Kyber” from IBM. Amiet plans to present this new finding at an international conference on post-quantum cryptography in September.

When will quantum computers be ready for use? Employees of the American consulting firm Rand Corp. have undertaken to confront 15 experts with this question as part of the aforementioned study. On average, the commissioning of a cryptographically relevant quantum computer is set for the year 2033. But the answers vary widely. There are experts who see this technology coming as early as 2022 or 2023, others believe that quantum computers will remain a chimera forever.

Andreas Curiger is also one of the doubters. The electrical engineer – co-founder and head of technology at the young Zurich security company Securosys SA – compares these computers to nuclear fusion reactors: In both cases, he says, despite decades of research, they are still far from being used in practice. Curiger does not believe that he will be dealing with a functional quantum computer in his professional life. Nevertheless, he is committed to the development of post-quantum cryptography. His company cooperates in research with the Rapperswil Institute for Microelectronics and Embedded Systems.

Securosys sells devices for the protection of data transmission, which are used by banks for the authentication and verification of financial transactions, for example. These customers appreciate the fact that these devices have been developed and manufactured entirely in Switzerland. Together with researchers from Rapperswil, Curiger wanted to find out what effort is required to adapt the Securosys devices to post-quantum cryptography. “It looks good,” says Curiger, “we were able to develop the prototype of a quantum-safe hardware module.”

Protecting cryptography from quantum computers (Part 3)

RüschlikonGrid-based methods are currently raising great expectations in the development of cryptography that is secure from quantum computers. Mathematicians associate grids with a number of difficult tasks involving the measurement of vector spaces. The difficulty of these problems increases exponentially with the complexity of the grid. For cryptographic applications, grids with hundreds of dimensions are used.

One of the first to make mathematical grids usable for cryptography was the Hungarian-American computer scientist Miklós Ajtai, who worked at the IBM research centre in Almaden. In the mid-1990s, he opened the door to a new field of cryptography. Shortly after the turn of the millennium, grid cryptography was still the work of a small group of researchers, reports the Italian-American computer scientist Daniele Micciancio in a YouTube lecture. In the meantime, one has to read more than 100 essays a year to keep track of this rapidly expanding field of research.

Vadim Lyubashevsky is one of the researchers who have excelled here. He worked with Micciancio at the University of California in San Diego as a doctoral student. Today, he conducts research at the IBM research laboratory in Rüschlikon on the Lake Zurich, Switzerland.

The IBM researcher has done much to transform the lattice theory, which has been developed over the past 25 years, into computer software that is relevant to practice. According to Lyubashevsky, a so-called Cryptographic Suite for Algebraic Lattices (Crystals) is already being used internally by IBM, but also by Google and Cisco for testing purposes. It has been shown that these programs work very efficiently, they are faster than conventional cryptographic methods. Only the memory requirements are slightly higher because the keys are longer.

IBM has not only developed software, but also hardware: the prototype of a tape drive can store encrypted data on 20-TByte tape cartridges in a way that cannot be converted into plain text even by quantum computers.

However, such products cannot be commercialised as long as there are no binding standards for post-quantum cryptography that ensure the interaction of hardware and software components from different manufacturers. The computer world is therefore waiting for the American National Institute of Standards (Nist) to complete a long-term evaluation of quantum-safe cryptographic procedures. An important milestone has just been reached in this process: at the end of July, the American authority announced the end of the second round of evaluation.

When the Nist began to deal with quantum-secure cryptography in 2015, 82 proposals were available for selection. After two evaluation rounds, 7 algorithms remained, including several proposals from IBM. According to the latest Nist evaluation report, the grid-based proposals are considered the most promising. After a third round, which is expected to take 12 to 18 months, binding standards should finally be in place by the end of 2021.

Quantum computers threaten cryptography (Part 2)

quanten computerIn 1994, the American mathematician Peter Shor was able to show that quantum computers, which were still hypothetical at the time, could greatly accelerate the decomposition of prime factors. Thus, the security of asymmetric encryption is no longer guaranteed. New encryption methods have to be developed that can withstand the quantum computers: Post-quantum cryptography is needed.

It is not possible to wait until the new computers are ready for use and then solve the security problems they raise. For one thing, the development of cryptographic procedures takes time. On the other hand, data sometimes have a long life span. If their confidentiality has to be guaranteed for decades, it is essential to develop an idea today of what tools will be available to an attacker in ten or twenty years’ time. Moreover, it cannot be ruled out that malicious actors are already hoarding encrypted data today in order to read them in plain text later, when quantum computers become available.

The fact that the dangers that quantum computers pose to cryptography have been discussed for a long time, and that it may take a long time before these dangers become real, weakens the awareness of the problem in some places; this “long time and not for a long time” lends many people a false sense of security. But the task of dealing with post-quantum cryptography can no longer be put off any longer.

“The danger is acute,” says the introduction to a report published in April by the American consulting firm Rand Corp. “Quantum computers pose a threat to every government agency, all critical infrastructures and all branches of industry.” This is a new type of threat that is not comparable to conventional security problems. It is directed against the very foundations of the Internet. It threatens to be a “quantum disaster”, an author of the study told journalists. The German Federal Office for Information Security (BSI) also sees an “acute need for action” with regard to post-quantum cryptography.

How secure is cryptography still? (Part 1)

Lake ZurichA revolution is imminent: With the help of quantum mechanical effects, new types of computers could one day quickly solve computing tasks that today’s machines cannot cope with. That is good news. On the one hand. On the other hand, it is bad news. Because commercial computer science as we know it today depends on the existence of computing tasks that computers can cope with. The high computational effort forms a protective wall that secures communication channels. Quantum computers could tear down this protective wall.

Around Lake Zurich, researchers are involved in various teams for the development of post-quantum cryptography. The new encryption methods should protect secrets entrusted to the Internet for decades to come.

For centuries, and even in the late 1970s, it seemed inevitable that the sender and recipient of secret messages would use the same key. This form of protected message exchange is called symmetrical. Since then, asymmetric encryption methods have become generally accepted. They enable the secure exchange of information between two communication partners who are facing each other for the first time and have not had the opportunity to agree on a common key beforehand.

The asymmetric encryption methods use mathematical functions that can only be inverted with great effort. These are one-way or trapdoor functions: In one direction, the passage is easy to pass through, but the way back is blocked. A widely used encryption method is based on the multiplication of two large prime numbers. It does not demand much from a calculating machine, but the opposite way, the prime factorization, is too much for common computers.

CAcert’s European Bank Accounts

Ab sofort können Zahlungen aus dem SEPA-Raum* auf das europäische Bankkonto von CAcert überwiesen werden. Für Spenden können Sie weiterhin das Bankkonto von Secure-U in Deutschland verwenden (so vermeiden wir, dass Geld sinnlos hin- und her geschoben wird, da Secure-U für uns die Server mietet); für Mitgliederbeiträge sollte jedoch das untenstehende Bankkonto in der Schweiz verwendet werden, da nur dann der Mitgliederbeitrag dem Mitglied zugeordnet werden kann. Sie finden untenstehend Name, Postleitzahl/Ort, IBAN-Kontonummer und Bank:

CAcert Inc
7514 Sils im Engadin
IBAN: CH02 0077 4010 3947 4420 0
Graubündner Kantonalbank, Chur
Clearing 774

Payments from these countries (SEPA) are particularly easy.

A partire da ora, i pagamenti dall’area SEPA* possono essere trasferiti sul conto bancario europeo di CAcert. Per le donazioni prego di utilizzare il conto bancario Secure-U in Germania; tuttavia, per le quote associative, si deve utilizzare il conto bancario in Svizzera sotto indicato, poiché solo in tal caso la quota associativa può essere assegnata al socio. Qui di seguito trovate nome, numero postale/località, numero di conto IBAN e banca:

CAcert Inc
7514 Siglio in Engadina
IBAN: CH02 0077 4010 3947 4420 0
Banca Cantonale Grigione, Coira
Clearing 774

CAcert Inc
7514 Segl Maria
IBAN: CH02 0077 4010 3947 4420 0
Banca Chantunala Grischuna, Cuira
Clearing 774

As of now, payments from the SEPA area* can be transferred to CAcert’s European bank account. For donations, the Secure-U bank account in Germany can still be used (to avoid that money is transfered twice on the same account); however, for membership fees, the bank account in Switzerland listed below should be used, as only then the membership fee can be assigned to the member. Below you will find name, postcode/town, IBAN account number and bank:

The leading bank in southeastern Switzerland.

CAcert Inc
7514 Sils/Segl Maria
IBAN: CH02 0077 4010 3947 4420 0
Grisons Cantonal Bank, Coire
Clearing 774

The bank is rated AA/stable by Standard&Poor. It also has a state guarantee from the state (canton) of Grisons (one of Switzerland’s 26 provinces).

Dès à présent, les paiements provenant de l’espace SEPA* peuvent être transférés sur le compte bancaire européen de CAcert. Pour les dons, continuez d’utliser le compte bancaire Secure-U en Allemagne; en revanche, pour les cotisations, il convient d’utiliser le compte bancaire en Suisse indiqué ci-dessous, car ce n’est qu’alors que la cotisation peut être attribuée au membre. Vous trouverez ci-dessous le nom, le code postal/le lieu, le numéro de compte IBAN et la banque :

CAcert Inc
7514 Segl Maria
IBAN: CH02 0077 4010 3947 4420 0
Banque Cantonale des Grisons, Coire
Clearing 774

* SEPA Area: all 27 countries of the European Union, furthermore: Guadeloupe, French Guyana, Martinique, Réunion, Mayotte, Saint-Pierre, Miquelon, Canary Islands, Azores, Madeira, Ceuta, Melilla, United Kingdom, Gibraltar, Isle of Man, Jersey, Guernsey, Switzerland, Liechtenstein, Norway, Iceland, Monaco, San Marino, Holy Seed, Croatia, Andorra.

Browser manufacturers shorten certificate lifetime to one year

From September onwards, HTTPS certificates may only be issued for a maximum of one year.

Reading time: 1 min.

CAcert will adapt the free certificates

The maximum validity of certificates for proof of identity on the web will be further reduced – in the next step to one year. Although a vote on this issue in the CA/Browser Forum failed in September due to resistance from the certification authorities, it is still being discussed. But in March Apple came forward and declared that Safari will only accept certificates issued after September 1, 2020 if they are not valid for more than one year.

Now Mozilla and Google are following suit and creating facts. In the past, terms of 5 years were not unusual. Currently, certificates may still be issued for 2 years (more precisely: 825 days — i.e. plus some grace period). With the renewed tightening, Chrome, for example, delivers an ERR_CERT_VALIDITY_TOO_LONG if a certificate was issued after September 1, 2020 and is valid for more than 398 days.

Revocation broken

The main reason for the constant shortening of the certificate lifetime is the fact that there is no generally functioning revocation mechanism by which a certificate could be revoked. Revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP) have proven to be unsuitable and are now switched off by default.

The browser manufacturers still maintain their own internal revocation lists, which they can use to react to acute incidents. But this is a quasi manual procedure that can only cover significant problem cases. Ultimately, the browser manufacturers are now focusing on damage limitation: if, for example, the secret key of a certificate is stolen, an expiration date that is approaching as soon as possible should solve the problem.

No need for action for users

Lets Encrypt, which meanwhile dominates the market, is the pioneer and only issues certificates for 3 months anyway. Renewal is then automated via ACME. According to Mozilla, however, the other certification authorities have also agreed to only issue certificates for 398 days from September 1. In view of the demonstration of power of the browser manufacturers, they probably don’t have much choice.

As a web site operator, you don’t have to do anything else – even if you still have a certificate with a longer validity in operation. The new rule only applies to certificates issued after September 1, 2020.

Les fabricants de navigateurs ramènent la durée de vie des certificats à un an

À partir de septembre, les certificats HTTPS ne peuvent être délivrés que pour une durée maximale d’un an.

CAcert adaptera ses certificats

Temps de lecture: 1 min.

La validité maximale des certificats pour la preuve d’identité sur le Web est encore réduite – dans l’étape suivante à un an. Un vote à ce sujet au sein du CA/Browser Forum en septembre a échoué en raison de la résistance des autorités de certification. Mais en mars, Apple s’est manifesté et a déclaré que Safari n’acceptera les certificats émis après le 1er septembre 2020 que s’ils ne sont pas valables plus d’un an.

Aujourd’hui, Mozilla et Google suivent le mouvement et créent des faits. Dans le passé, des mandats de 5 ans n’étaient pas inhabituels. Actuellement, les certificats peuvent encore être délivrés pour 2 ans (plus précisément : 825 jours — c’est-à-dire plus un certain délai de grâce). Avec le nouveau resserrement, Chrome, par exemple, délivre un ERR_CERT_VALIDITY_TOO_LONG si un certificat a été délivré après le 1er septembre 2020 et est valable plus de 398 jours.

Révocation cassée

La principale raison de la réduction constante de la durée de vie des certificats est le fait qu’il n’existe pas de mécanisme de révocation généralement opérationnel permettant de révoquer un certificat. Les listes de révocation (CRL) et le protocole OCSP (Online Certificate Status Protocol) se sont révélés inadaptés et sont désormais désactivés par défaut.

Les fabricants de navigateurs tiennent toujours leurs propres listes de révocation internes, qu’ils peuvent utiliser pour réagir à des incidents graves. Mais il s’agit d’une procédure quasi manuelle qui ne peut couvrir que les cas problématiques importants. En fin de compte, les fabricants de navigateurs se concentrent maintenant sur la limitation des dommages: si, par exemple, la clé secrète d’un certificat est volée, une date d’expiration qui approche le plus tôt possible devrait résoudre le problème.

Pas de nécessité d’action pour les utilisateurs

Lets Encrypt, qui domine entre-temps le marché, est le pionnier et ne délivre de toute façon des certificats que pour 3 mois. Le renouvellement est ensuite automatisé via ACME. Selon Mozilla, cependant, les autres autorités de certification ont également accepté de ne délivrer des certificats que pour 398 jours à partir du 1er septembre. Compte tenu de la démonstration de puissance des fabricants de navigateurs, ils n’ont probablement pas beaucoup de choix.

En tant qu’exploitant de site web, vous n’avez rien d’autre à faire – même si vous disposez toujours d’un certificat d’une durée de validité plus longue en service. La nouvelle règle ne s’applique qu’aux certificats délivrés après le 1er septembre 2020.

Signer is working again

Today we were able to investigate the signer machine at the datacenter.

As previously assumed, the signer machine was powered off. It was not possible to power it on again, so either both PSUs or other components died.

As we ordered a replacement-machine of the same type we were able to use the existing harddrives to power up the signer again.

Currently the signer is catching up, which will take some hours. As soon as your certificate was processed, you’ll get an email from our server.

The certificate of is in the queue (together with your certificates and revocations), so we need to wait until it’s ready. It will get updated as soon as possible.

Update 2020-05-05: All pending certificates requests are processed now, new requests should now processed on the fly again.

Dirk Astrath
CAcert critical admin

Technical problems with signer machine

We have a problem with the signer machine, certificates are currently not created.

There is no way to access the signer machine via internet, to make sure that the machine can not be hacked, so a personal visit to the data center will be necessary to check the machine and get it running again.

Sadly the current Covid-19 pandemy makes travelling to the data center very difficult, so we have no way to fix this problem soon! I’m afraid that it may take several weeks till we get access to the machine and find out the reason for this problem.

Update: Currently we hope that we will be able to make the visit to the data center around easter weekend.

Of course this depends on other developments we have no influence on. For example further restrictions to travelling or intra-EU border crossing may prevent this visit.

Update: In case you can’t access or currently due to the expired certificate, you may reset the HSTS-status in Chrome:

Open chrome://net-internals/#hsts and delete and settings there. Accessing will then give you a warning about the expired certificate, but you’ll then be able to continue.

Update: A visit at the datacenter is planned for 2020-05-04 to enable the signer again as well as additional administration tasks on other hardware.

Update: All services are normal again, see new blog post.