Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

Protecting the world's information must evolve as new threats, risks and opportunities emerge. To stay in front of the quick-paced security landscape, PKWARE's in-house experts regularly offer blogs covering best practices, fresh resources and the trends behind the headlines. The blogs are meant to spark conversation, so please add your comments, share competing thoughts or pass along topics you'd like us take on.

Future Encryption Standard Weathers Test Attacks

The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions, now in its fourth generation (SHA-3), published by the National Institute of Standards and Technology (NIST) in coordination with the Federal Information Processing Standard (FIPS) framework. The data security community recently got an inside look at SHA-3 progress as engineers discussed the latest round of penetration testing.

SHA-3, formerly known as Keccak, was selected last October as the NIST design of choice after a five-year competition which drew 64 independent submissions. According to InformationWeek, the next-generation standard was designed to address vulnerabilities that still, as of yet, have not been exploited in the SHA-2 iteration. Nevertheless, cryptographers understand the importance of staying several steps ahead of an increasingly refined and resourceful cybercriminal community.

As GCN columnist William Jackson explained, hash algorithms work by creating random bit strings which are unique to the specific digital document they protect. If the original file has been altered or corrupted by a third-party, administrators will be alerted by the fact that the digest no longer produces an exact match.

Hackers traditionally attempt to bypass these data security solutions by way of a collision attacks. According to Jackson, the perpetrators attempt to find two messages which produce the same hash value in an attempt to reverse engineer a key.

At the RSA Conference held late last month, the encryption experts tasked with SHA-3's continued development revealed that a new breed of collision attacks have proven successful at cracking up to five rounds of encryption. While this demonstrates a new level of malevolent efficiency, according to Jackson, it is still a far cry from the 24 rounds of encryption called for in the SHA-3 implementation.

Related Posts

Go To Top