RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL on Cavium OCTEON

Looking for networking encryption and decryption? The powerful combination of wolfSSL and OCTEON hardware make for an exceptionally speedy and secure network connection. Cavium`s OCTEON processors have outstanding hardware acceleration support available for algorithms used in networking. For example in benchmarks ran using wolfSSL, AES operations increased from 8.6 MB/s to 261 MB/s with the OCTEON processor`s hardware acceleration support. That`s over 252 MB/s more!!

Along with hardware acceleration support for common symmetric algorithms, there is also support for asymmetric algorithms such as RSA and DH. A whole RSA encrypt and decrypt could be done in less than 7.5 milliseconds with hardware acceleration versus an average of 168 milliseconds without.

All of these massive increases in performance were seen with the use of just one core. The CN5860-SCP processor has the possibility of using all 16 cores, each core being able to handle its own SSL session. That`s the possibility of 16 independent and extremely fast SSL connections running in parallel.

For information about wolfSSL on Cavium OCTEON processors contact us at facts@wolfssl.com

wolfSSL and CyaSSL are not vulnerable to the recent FREAK attack

The FREAK Attack exploits legacy SSL cipher suites from the 1990s that use RSA export keys.  By definition a server in export mode has to use a low bit strength RSA key (512 bits or less), which can now be cracked in around 12 hours.  Even if a client supports export cipher suites but doesn’t broadcast support for them a man in the middle attacker can force the server to use the low grade key.  Fortunately for wolfSSL and CyaSSL users we do no support export cipher suites and key derivation.  No versions of wolfSSL or CyaSSL are vulnerable to the FREAK attack.  For more information check out: https://freakattack.com and  https://www.smacktls.com/#freak .

Or feel free to visit our website at wolfssl.com or email us at facts@wolfssl.com .

wolfSSL 3.4.0 is Now Available

Release 3.4.0 wolfSSL has bug fixes and new features including:

• wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future
• Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
• Example use of the wolfSSL API can be found in examples/client/client.c
• Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
• Improvements in the build configuration under AIX
• Microchip PIC32 MZ updates
• TI-RTOS updates
• PowerPC updates
• Xcode project update
• Bidirectional shutdown examples in client/server with -w (wait for full shutdown) option
• Cycle counts on benchmarks for x86_64, more coming soon
• ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA keys
• Various compile warnings
• Scan-build warning fixes
• Changed a memcpy to memmove in the sniffer (if using sniffer please update)
• No high level security fixes that requires an update though we always recommend updating to the latest

CyaSSL name is changing to wolfSSL!

We currently in the process of changing the name of our embedded SSL/TLS library from CyaSSL to wolfSSL. This name change benefits our users and us a with a more consistent and standardized naming convention across our company and products.

A CyaSSL compatibility layer will remain available for those wanting to continue using the CyaSSL API. However, users are encouraged to update to the wolfSSL API upon release.

Aside from the new name, the structure and licensing of the CyaSSL library will remain the same. The FIPS branch of wolfCrypt, which was submitted to NIST for FIPS 140-2 cryptographic module validation, is unaffected by the name change.

Please follow our blog to for the latest information on the CyaSSL to wolfSSL name change. For any questions, please contact us at facts@wolfssl.com.

Seeking Senior C/C++ Developer

Hi! We are currently seeking an additional senior C/C++ developer for our team. Ideally, our best candidates will have 5+ years of experience coding C/C++. Experience at the systems level, working with networking protocols, working with cryptography, and an affinity for open source are useful but not necessary. This is a position where you will primarily work at home, with occasional travel to team meetings, trade events, and customers. With the right skill set, we are open to you working anywhere, but we prefer those who reside in Montana, Seattle, and Portland, because we already have clusters of people working in those locations.

If you are interested, please email your resume to larry@wolfssl.com.

Using wolfSSL to Secure Thermostats

As a lightweight, embedded SSL library, wolfSSL has been used to secure many smart home devices such as lighting, garage doors, washers and dryers, thermostats, as well as a variety of other appliances. Security may not be the first thought when developing a smart home device, but there remains the risk of an attacker gaining access to a wirelessly connected thermostat that has complete control of a home’s heating and cooling system. This could be detrimental to the utility bill, plumbing, and even pets left in the house susceptible to extreme temperatures. Imagine going on vacation during frigid weather and the home’s heating is disabled. This could cause frozen and potentially bursting pipes, which in turn could lead to flooding, costing thousands of dollars in repairs. wolfSSL is designed specifically to prevent these issues. Devices secured with wolfSSL give homeowners a necessary comfort knowing their home is resistant to wireless intruders and other security threats.

For more information on how wolfSSL can be used to secure a smart thermostat or other connected home devices, feel free to visit our website at wolfssl.com or email us at facts@wolfssl.com.

What is a Block Cipher?

A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. For example, a common block cipher, AES, encrypts 128 bit blocks with a key of predetermined length: 128, 192, or 256 bits. Block ciphers are pseudorandom permutation (PRP) families that operate on the fixed size block of bits. PRPs are functions that cannot be differentiated from completely random permutations and thus, are considered reliable, until proven unreliable.

Block cipher modes of operation have been developed to eliminate the chance of encrypting identical blocks of text the same way, the ciphertext formed from the previous encrypted block is applied to the next block. A block of bits called an initialization vector (IV) is also used by modes of operation to ensure ciphertexts remain distinct even when the same plaintext message is encrypted a number of times.

Some of the various modes of operation for block ciphers include CBC (cipher block chaining), CFB (cipher feedback), CTR (counter), and GCM (Galois/Counter Mode), among others. Above is an example of CBC mode.

Where an IV is crossed with the initial plaintext block and the encryption algorithm is completed with a given key and the ciphertext is then outputted. This resultant cipher text is then used in place of the IV in subsequent plaintext blocks.

For information on the block ciphers that are implemented in wolfSSL or to learn more about the wolfSSL lightweight, embedded SSL library, go to wolfssl.com or contact us at facts@wolfssl.com.

References

[1] Pseudorandom permutation. (2014, November 23). In Wikipedia, The Free Encyclopedia.
Retrieved 22:06, December 18, 2014, from 
http://en.wikipedia.org/w/index.php?title=Pseudorandom_permutation&oldid=635108728.

[2] Margaret Rouse. (2014). Block Cipher [Online]. Available URL:
http://searchsecurity.techtarget.com/definition/block-cipher.

[3] Block cipher mode of operation. (2014, December 12). In Wikipedia, The Free
Encyclopedia. Retrieved 22:17, December 18, 2014, from
http://en.wikipedia.org/w/index.php?title=Block_cipher_mode_of_operation&oldid=637837298

[4] Wikimedia. (2014). Available URL:
http://upload.wikimedia.org/wikipedia/commons/d/d3/Cbc_encryption.png.

wolfCrypt FIPS 140-2 Algorithm Certificates

wolfSSL is proud to announce that several wolfCrypt algorithms have received FIPS 140-2 algorithm certificates. The National Institute of Standards and Technology (NIST) website has been updated to reflect wolfSSL`s validation.

wolfSSL`s wolfCrypt has received the following certificate numbers and can be viewed at the respective links.

AES validation certification #3157
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=3157

Triple DES validation certification #1800
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=1800

RSA validation certification #1602
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=1602

SHS validation certification #2614
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=2614

DRBG validation certification #650
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=650

HMAC validation certification #1990
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=1990

These validations reflect wolfSSL`s commitment to provide the highest quality security standards.
The open source community and federal entities alike can now enjoy wolfSSL`s small footprint designed for embedded systems while taking advantage of the latest in security protocols.

References:
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf

Posts navigation

1 2 3 150 151 152 153 154 155 156 189 190 191

Weekly updates

Archives