You can use #Floppy #disks to store #private #keys offline. They can hold at least 300 #PrivateKeys. #Archaic #Technology #ModernTimes #informationsecurity #InformationAssurance @computers8networks tr.ee/wim7nV
You can use #Floppy #disks to store #private #keys offline. They can hold at least 300 #PrivateKeys. #Archaic #Technology #ModernTimes #informationsecurity #InformationAssurance @computers8networks tr.ee/wim7nV
@agwa : what makes you believe that the certificate's private key is shared?
That does not seem likely, as the last two certificates include a *unique* public key:
current cert: https://crt.sh/?spkisha256=92126e54f293c6220d1dce770e7e594a72721b48f720a3a5abeaf032002ec156
previous cert: https://crt.sh/?spkisha256=5826fce78ed8d8b041d418914f3c70e4d6b628036c21d7f39ca22ef1ecf99d79
Btw, keypair reuse looks like this: https://crt.sh/?spkisha256=9bfca9af02788c866e335e07a0b49ea53c2fe55554d3ff3b38a349d4ff2d775d (certs for boschconnectedcontrol.com and subdomains).
This absolutely has the potential to create a "liquidation event" for blockchain based crypto currencies!
Quantum Computing has the power to reverse engineer crypto private keys if the wallet keys have been exposed in public. The crypto industry needs to act quickly to figure out how to mitigate this threat before it truly becomes an existential crisis.
BTW, production grade Quantum Computing is commercially available now! https://decrypt.co/323512/existential-crisis-bitcoin-quantum-computing-threat-fast-approaching #BlockChain #Bitcoin #QuantumComputing #Cryptosecurity #CryptoCurrency #PrivateKeys #RSAencryption #crypto
This is what innovation can do!
#AirGapped #Offline #PKI #PrivateKeys #TwoFactor- #2FA #Yubico #Yubikey
======
Vincent Bernat Turns Three YubiKeys and a Cheap Single-Board Computer Into a Secure Offline PKI
https://www.hackster.io/news/vincent-bernat-turns-three-yubikeys-and-a-cheap-single-board-computer-into-a-secure-offline-pki-1735b4ad7fc2
---
Developer Vincent Bernat demonstrates how to turn three Yubico YubiKey USB two-factor authentication dongles into an offline public key infrastructure (PKI) using a low-cost single-board computer as an air-gapped host.
Crypto private keys definition and function https://nozycat.blog/crypto-private-keys-definition-and-function/ #Cryptocurrency, #PrivateKeys, #Wallets
Still Learning After All These Years - Last June, a sailing buddy (and aerospace engineer) asked if I could check out a f... - https://www.coindesk.com/coindesk-indices/2025/01/15/still-learning-after-all-these-years #cryptolong&short #coindeskindices #bitcoinadoption #cryptowallet #privatekeys #passwords #opinion
Russia seizes $10M in Bitcoin from ex-official in bribery case - The Bitcoin seized from former ICRF employee Marat Tambiev will be turne... - https://cointelegraph.com/news/russia-seizes-10-million-bitcoin-from-official-biggest-bribery #investigativecommittee #infraudorganization #marattambiev #privatekeys #enforcement #bitcoin #bribery #hackers #russia #crimes #ledger #court
Bitcoin investor ordered to hand over crypto keys in landmark tax case - A Texas federal court judge ordered Frank Richard Ahlgren III and any as... - https://cointelegraph.com/news/bitcoin-investor-ordered-hand-over-crypto-keys-landmark-tax-case #frankrichardahlgren #privatekeys #publickeys #seedphrase #taxreturn #taxfraud #case
Malicious npm Packages Attacking Developers To Steal Sensitive Data Including Private Keys
https://cybersecuritynews.com/malicious-npm-packages-attacking-developers/
Phishing scammers spoof Ledger’s email to send bogus data breach notice - Scammers are spoofing the support email for hardware wallet maker Ledger... - https://cointelegraph.com/news/ledger-support-email-spoofed-fake-data-breach-phishing-link #hardwarewallet #recoveryphrase #emailaddress #privatekeys #ledgerhack #phishing #spoofing
Protect your #cryptocurrency by securing your private keys! Learn the best practices to safeguard your assets with hardware wallets, multi-signature wallets, and more.
https://finixyta.com/best-practices-for-protecting-your-private-keys-ultimate-guide-to-securing-your-crypto/ #CryptoSecurity #Blockchain #PrivateKeys
Mastercard enables non-custodial crypto spending in new partnership - Mastercard partners with Mercuryo to launch a euro-denominated crypto de... - https://cointelegraph.com/news/mastercard-non-custodial-crypto-spending-card #non-custodialwallet #self-custody #privatekeys #mastercard #debitcards #tonkeeper #mercuryo #payments #banking #crypto #ton
https://on.soundcloud.com/f9grJ1DPyyKWPDUK8
You Got a Paycheck to Wait On?
#PrivateKeys are a part of my #code
@JenWithGravy #CensorBoot was already irrevocably fucked when #Microsoft lost the #PrivateKeys for that.
And Microsoft admitted to that #insecurity with the #XboxOne's design in their own words!
https://youtu.be/U7VwtOrwceo&t=663
#TLDW: Don't trust any #blackbox to do what it claims to do!
Missing words in a seed phrase: How many are recoverable? - Remembering and deliberately missing a few words from a seed phrase back... - https://cointelegraph.com/news/private-key-missing-words-recoverable #bitcoinimprovementproposal39 #hardwarewallet #selfcustody #privatekeys #computation #seedphrase #custody #chatgpt #wallet #bip39 #hacks
Securing #PrivateKeys in Production
Manufacturers employ various #techniques to protect #privatekeys during production:
1. Hardware Security Modules (HSMs) for secure key generation and storage
2. Trusted Platform Modules (TPMs) for on-device key protection
3. Secure Boot and Encrypted Boot mechanisms
4. Advanced Key Management Services (KMS)
5. Secure provisioning and transfer protocols
These measures aim to safeguard private keys from #unauthorizedaccess.
@benjamin_e wrote:
<<< All these data which interests the intelligence agencies, know that HTTPS is not enough, in fact the TLS protocol has had a problem from the beginning, the general public encryption key servers are under the control of these agencies, it is literally a MITM. >>>
That would render the internet useless. I don't believe it's that bad (btw it's the private keys that must be kept secret and accessible only to autorised personnel for legitimate purposes. Apart from that, secure channels must exist for supplying OS- and browser makers with root certificates).
<<< These keys must also be generated and stored on private servers, otherwise it is open bar. >>>
Critical private keys should be kept in HSM's (Hardware Security Modules). But that's not enough, because *using* them is just as critical. Diginotar f*ed up because a stupid admin created a bridge between their "dirty" and secure network segments (https://en.m.wikipedia.org/wiki/DigiNotar).
<<< Note : agencies has access to all data passing through fiber optic infrastructures. >>>
They do, but encrypted data is of no use to them (usually there's plenty of -unencrypted- metadata, IP-addresses in particar).
<<< Note 2 : Try to create a WordPress that talk about the end of the dollars. Your admin page will be auto hacked though https. >>>
Perhaps such a page will be hacked, but I very much doubt that https is to blame.
Crypto Portfolio Tracker Coinstats Confirms Security Breach; Temporarily Shuts Down App - According to the crypto portfolio tracking app, Coinstats, suspected North Korea-l... - https://news.bitcoin.com/crypto-portfolio-tracker-coinstats-confirms-security-breach-temporarily-shuts-down-app/ #northkoreahackers #cryptocurrency #securitybreach #cryptowallet #privatekeys #security
Crypto wallets, explained - Crypto wallets, which act like wheels for the digital asset ecosystem, a... - https://cointelegraph.com/explained/crypto-wallets-explained #cryptocurrencies #privatekeys #security #wallet
#PuTTY #SSH client flaw allows recovery of #cryptographic #privatekeys
The vulnerability (CVE-2024-31497) was discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum and is caused by how PuTTY generates #ECDSA nonces (temporary unique cryptographic numbers) for the NIST P-521 curve used for SSH authentication. The main repercussion of recovering the private key is that it allows unauthorized access to SSH servers or sign commits as the developer.
https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/