by Klaus Schmeh | Sep 20, 2019 | Event
Cryptovision is represented at the it-sa 2019 in Nuremberg (October 8-10) with a booth and a lecture. With over 700 exhibitors and 15,000 attendants, it-sa is regarded as the most important European IT security event. Cryptovision shares a booth (#10.0-112) with its partners Bundesdruckerei and genua, presenting the VS-NfD-approved encryption solution GreenShield as well as several other innovative products. On the last day of the fair, cryptovision expert Klaus Schmeh will give a lecture on user-oriented encryption (1:45 p.m., Hall München 2). We look forward to meeting you at it-sa 2019.
it-sa website: www.it-sa.de
by Klaus Schmeh | Sep 2, 2019 | General
cryptovision is a strong team. This applies not only to the company’s business fields, electronic identities and cryptography, but also to sporting challenges. For this reason, a cryptovision team took part in the company run (B2Run 2019) in Gelsenkirchen – for the third time in a row. With managing director Markus Hoffmeister as team leader, the run went on a 5.3 kilometer long course with a finish in the Gelsenkirchen soccer stadium. With typical cryptovision virtues, such as fighting spirit and stamina, all 12 cryptovision runners mastered the demanding course confidently, which was subsequently rewarded with medals. In the end, everyone agreed: It was great fun, and next year cryptovision will be at the start again.
B2Run Gelsenkirchen website
by Klaus Schmeh | Jan 18, 2019 | General
Have you checked to see if your password is one of the 21 million currently offered for sale on an illegal website under the name “Collection#1”? If not, you can do so on the website Have I been pwned?. If so, you may have to check again soon, as rumour has it that there will be more in the near future. As it seems, an unknown hacker has made rich loot here.
But how is such a gigantic password theft even possible? Quite simply: It is in the nature of a password that both sides must know it. So if an online provider has one million customers who log in with a password, that provider has to store one million passwords. In the current case, an employee with the appropriate rights or a hacker has gained access to stored passwords. Although there are ways to protect stored passwords, the current hack, as well as many others, show that these methods do not always work.
There are alternatives to passwords – especially the so-called two-factor authentication. For example, a transaction number (TAN) provided via a text message the customer needs to type in in addition to the password (M-TAN method) is a second factor. In this case, an attacker cannot use a stolen password because he doesn’t know the transaction number.
While the M-TAN method is widely used in online banking, you certainly would not want to access your emails in this way. This is why another form of two-factor authentication is often the better solution: two-factor authentication with a smartcard. This technique uses what is known as asymmetric cryptography, which makes it possible to check a type of password (here we are talking about a private key) without even knowing it. This “password” is usually stored on a smartcard. To log in, the user needs the smartcard in question and a secret number (PIN) to unlock it – two factors. A hacker or a corrupt IT employee has no chance from the outset. He can’t steal a password collection from the online provider because such a collection simply doesn’t exist. The provider can identify the user via the counterpart to the private key, the so-called public key.
Numerous companies and authorities have long since switched to two-factor authentication in the form described and thus abolished passwords. Online shops, email services and social media providers, on the other hand, usually shy away from the costs that arise when they equip their customers with smart cards. However, a loss of 21 million passwords (as in the current case) causes much greater damage. It is time for these providers to change their minds.
by Klaus Schmeh | Jan 8, 2019 | General
cryptovision CEO Markus Hoffmeister is not surprised about the recent data thefts German politicians and other celebrities fell victim to. His demand: Strong authentication and encryption must finally prevail among private users as well.
“Have the security systems of the Bundestag failed?” many a person asks with regards to the current reports on the leaked data of various politicians. In my opinion, the answer is no, because according to the current state of knowledge, the perpetrator(s) have not leveraged any security measures of the Bundestag (especially as celebrities who have nothing to do with the Bundestag are affected, too). Like other people, however, politicians are sometimes privately on the Internet and use social media, e-mail servers or cloud services. This is obviously where hackers have come in. Via stolen passwords, poorly secured access and other gaps, they have been able to access private data. This method is not new, but it still works, because Internet users tend to be carefree. Or as Frank Rieger from the Chaos Computer Club puts it: “As you can see, some of those affected have been relatively generous with their data.”
So what is to be done? In my opinion, the providers of e-mail, social media and cloud services are in demand. They need to ensure greater protection for end users. This is not rocket science but has long been an everyday occurrence in the professional sector. Many companies and authorities are currently switching from passwords to smart cards or other smart credentials – if they haven’t already done so. Encryption is also spreading more and more in this environment. It is high time that these standards from professional information technology also become a matter of course in private life. If necessary, the legislator must intervene and force the providers to take appropriate measures.
With its solutions (sc/interface for strong authentication as well as s/mail and GreenShield for mail and file encryption) cryptovision has proven for almost two decades that these security measures can be implemented in a user-friendly and practicable way. The current data theft therefore could have been avoided.
by Klaus Schmeh | Dec 19, 2018 | General
Shortly before the end of the year, cryptovision once again sets a medial exclamation mark. In the latest issue of the magazine The Vault, published by industry association Silicon Trust, cryptovision’s CEO Markus Hoffmeister (together with co-author Klaus Schmeh) presents his assessment of the currently most discussed topic in the identity industry: the blockchain. In his article BLOCKCHAIN Blues – the END of eID cards? Hoffmeister shows that the blockchain can be very useful for eID technology and that there are interesting synergy effects. The question asked in the title of the article is therefore easy to answer: The blockchain is not the end of eID cards. There is therefore no reason for a blockchain blues.
Read article (page 20): https://silicontrust.files.wordpress.com/2018/11/the_vault_23_web.pdf