https_keys.html

<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="keywords" content="https, key management, RSA, AES, certificates, cybersecurity">
    <meta name="description" content="how we found out that https keys leak information">
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0">
    <link rel="shortcut icon" type="image/png" href="favicon.png">
    
	<link rel="stylesheet" type="text/css" href="./css/bootstrap.min.css">
	<link rel="stylesheet" type="text/css" href="style.css">
	<link rel="stylesheet" href="./css/animate.min.css"><link rel="stylesheet" href="./css/font-awesome.min.css"><link rel="stylesheet" href="./css/et-line.min.css">
    
	<script src="./js/jquery-2.1.0.min.js"></script>
	<script src="./js/bootstrap.min.js"></script>
	<script src="./js/blocs.min.js"></script>
	<script src="./js/jqBootstrapValidation.js"></script>
	<script src="./js/formHandler.js"></script>
    <title>HTTPS Security</title>

    
<!-- Google Analytics -->
 <script type="text/javascript" src="https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js"></script>
<script type="text/javascript">
	FreshWidget.init("", {"queryString": "&widgetType=popup&formTitle=Enigma+Help+%26+Support&submitTitle=Push+It&submitThanks=Thanks+for+getting+in+touch!&captcha=yes", "utf8": "✓", "widgetType": "popup", "buttonType": "text", "buttonText": "Help & Support", "buttonColor": "#00a7d7", "buttonBg": "#ffffff", "alignment": "1", "offset": "0px", "submitThanks": "Thanks for getting in touch!", "formHeight": "500px", "captcha": "yes", "url": "https://enigmabridge.freshdesk.com"} );
</script></script><!--Start of Tawk.to Script-->
<script type="text/javascript">
var Tawk_API=Tawk_API||{}, Tawk_LoadStart=new Date();
(function(){
var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0];
s1.async=true;
s1.src='https://embed.tawk.to/57a2055d00df04742fb54f1c/default';
s1.charset='UTF-8';
s1.setAttribute('crossorigin','*');
s0.parentNode.insertBefore(s1,s0);
})();
</script>
<!--End of Tawk.to Script--><script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-84597687-1', 'auto');
  ga('send', 'pageview');
</script><!-- Google Tracking -->
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MKFRQJG');</script>
<!-- End Google Tag Manager -->
<!-- Google Analytics END -->
    
</head>
<body>
<!-- Main container -->
<div class="page-container">
    
<!-- bloc-0 -->
<div class="bloc bgc-white l-bloc" id="bloc-0">
	<div class="container bloc-sm">
		<nav class="navbar row">
			<div class="navbar-header">
				<a class="navbar-brand" href="index.html"><img src="img/logo2-rgb_cropped.gif" height="50" /></a>
				<button id="nav-toggle" type="button" class="ui-navbar-toggle navbar-toggle" data-toggle="collapse" data-target=".navbar-1">
					<span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span>
				</button>
			</div>
			<div class="navbar-collapse navbar-1 collapse">
				<ul class="site-navigation nav navbar-nav ">
					<li>
						<a href="index.html" class="ltc-rich-electric-blue">Home</a>
					</li>
					<li>
						<a href="https://theprivate.space" class="ltc-rich-electric-blue">Private Spaces</a>
					</li>
					<li>
						<div class="dropdown">
							<a href="#" class="dropdown-toggle ltc-rich-electric-blue" data-toggle="dropdown" aria-expanded="false">Services<span class="caret"></span></a>
							<ul class="dropdown-menu" role="menu">
								<li>
									<a href="https://theprivate.space" class="ltc-rich-electric-blue">Private Space</a>
								</li>
								<li>
									<a href="pki.html" class="ltc-rich-electric-blue">Key Management (PKI)</a>
								</li>
								<li>
									<a href="keytwist.html" class="ltc-rich-electric-blue">KeyTwist</a>
								</li>
								<li>
									<a href="password_protect.html" class="ltc-rich-electric-blue">Secure Passwords</a>
								</li>
								<li>
									<a href="key_vault.html" class="ltc-rich-electric-blue">Key Vault</a>
								</li>
								<li>
									<a href="hsm.html" class="ltc-rich-electric-blue">Hardware Security - HSM</a>
								</li>
								<li>
									<a href="payments.html" class="ltc-rich-electric-blue">Payments and Tokenization</a>
								</li>
								<li>
									<a href="https_keys.html" class="ltc-rich-electric-blue">HTTPS Security</a>
								</li>
								<li>
									<a href="enigma_link.html" class="ltc-rich-electric-blue">Enigma Link</a>
								</li>
							</ul>
						</div>
					</li>
					<li>
						<a href="contact-us.html" class="ltc-rich-electric-blue">Contact us</a>
					</li>
					<li>
						<a href="https://api.enigmabridge.com" class="ltc-rich-electric-blue" id="pl-undefined" target="_blank">API Online</a>
					</li>
					<li>
						<a href="https://dan.enigmabridge.com" class="ltc-rich-electric-blue" id="pl-undefined" target="_blank">Blog</a>
					</li>
				</ul>
			</div>
		</nav>
	</div>
</div>
<!-- bloc-0 END -->

<!-- bloc-41 -->
<div class="bloc bgc-white bloc-bg-texture texture-geometry-shapes tc-onyx l-bloc" id="bloc-41">
	<div class="container bloc-sm">
		<div class="row">
			<div class="col-sm-12">
				<div class="divider-h">
					<span class="divider"></span>
				</div>
				<h1 class="text-center  tc-rich-electric-blue-2 mg-lg">
					Secure Websites Leak Information
				</h1>
				<p class="text-center ">
					HTTPS/TLS protocol used by all secure websites points at vulnerabilities. It leaks sensitive information about cyber security management and can help hackers or government agencies extract sensitive data.
				</p>
			</div>
		</div>
	</div>
</div>
<!-- bloc-41 END -->

<!-- bloc-42 -->
<div class="bloc tc-rich-electric-blue-2 bgc-white bloc-bg-texture texture-geometry-shapes l-bloc" id="bloc-42">
	<div class="container bloc-sm">
		<div class="row">
			<div class="col-xs-12 col-md-8 col-md-offset-2">
				<h3 class="statement-bloc-text  tc-rich-electric-blue">
					"It's striking that despite 30 odd years of cryptographic research <br>and security conferences, no-one noticed this problem <br>– which has been in plain sight all along."
				</h3>
				<p class="text-center ">
					Ross Anderson, professor of security engineering at the University of Cambridge <br><br>
				</p>
			</div>
		</div>
	</div>
</div>
<!-- bloc-42 END -->

<!-- bloc-43 -->
<div class="bloc tc-onyx bgc-white l-bloc" id="bloc-43">
	<div class="container bloc-lg">
		<div class="row">
			<div class="col-sm-12">
				<p>
					Until now, it has been widely believed that use of HTTPS:// on web sites does not provide any sensitive information that would endanger the security of the web service. No one expected that it could leak internal information about security management.
				</p>
				<div class="row">
					<div class="col-sm-6">
						<img src="img/quotation_Bilar2.png" class="img-responsive" />
						<blockquote>
							<p>
								I am puzzled why people are not all over this - enormous implications. I discussed it in my organization yesterday. <br>
							</p>
						</blockquote>
						<p class="text-right ">
							<i>Daniel Bilar - Information Security Specialist at VISA</i>
						</p>
					</div>
					<div class="col-sm-6">
						<img src="img/quotation_KennWhite2.png" class="img-responsive" />
						<blockquote>
							<p>
								This work on fingerprinting the software that generated RSA keys (from public keys!) is a must read. <br>
							</p>
						</blockquote>
						<p class="text-right ">
							<i>Co-founder of CBX Group, co-founder of TrueCrypt audit project.</i>
						</p>
					</div>
				</div>
				<p>
					Our co-founder, Petr Svenda, released a&nbsp;<a class="ltc-rich-electric-blue" href="https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/svenda" target="_blank">paper on his team's discovery that https public keys leak information on how they were generated</a>&nbsp; at USENIX Security Symposium and it received the best paper award. Their suprising results imply that freely available public encryption keys can put companies at risk. This public information provides details on their cybersecurity management, which to date has been considered a safe secret.
				</p>
			</div>
		</div>
	</div>
</div>
<!-- bloc-43 END -->

<!-- Bloc Group -->
<div class='bloc-group'>

<!-- bloc-44 -->
<div class="bloc bloc-tile-2 bgc-white l-bloc" id="bloc-44">
	<div class="container bloc-md">
		<div class="row">
			<div class="col-sm-12">
				<img src="img/eb2.png" class="img-responsive pull-right" />
			</div>
		</div>
	</div>
</div>
<!-- bloc-44 END -->

<!-- bloc-45 -->
<div class="bloc bloc-tile-2 tc-onyx bgc-white l-bloc" id="bloc-45">
	<div class="container bloc-md">
		<div class="row">
			<div class="col-sm-12">
				<form id="form_https" novalidate success-msg="Your message has been sent." fail-msg="Sorry it seems that our mail server is not responding, Sorry for the inconvenience!">
					<div class="form-group">
						<label>
							Enigma Bridge has expanded on the discovery and built a tool that can with great accuracy tell which security mechanisms companies use for their https key generation.<br><br>Send us an email we&rsquo;ll prove it by telling you how your own key generation looks like and how secure it is.
						</label>
					</div>
					<div class="form-group">
						<label>
							Name
						</label>
						<input id="https_name" class="form-control" required />
					</div>
					<div class="form-group">
						<label>
							Email
						</label>
						<input id="https_email" class="form-control" type="email" required />
					</div>
					<div class="form-group">
						<label>
							Message (optional but we&rsquo;d love to hear from you)
						</label><textarea id="https_message" class="form-control" rows="4" cols="50"></textarea>
					</div> 
					<button class="bloc-button btn btn-block btn-rich-electric-blue" type="submit">
						Send me a report on my own key generation and subscribe to newsletter
					</button>
				</form>
			</div>
		</div>
	</div>
</div>
<!-- bloc-45 END -->
</div>
<!-- Bloc Group END -->

<!-- bloc-46 -->
<div class="bloc bgc-rich-electric-blue tc-white d-bloc" id="bloc-46">
	<div class="container bloc-md">
		<div class="row">
			<div class="col-sm-12">
				<h3 class="mg-md  tc-onyx">
					Our own key generation mechanism
				</h3>
				<p>
					See above how our scanning techniques can with 100% probabilty tell how our own key generation mechanism is constructed as well as some of the classification.&nbsp;<br>
				</p>
				<h3 class="mg-md  tc-onyx">
					Example 1 - Major US bank
				</h3>
				<p>
					Whilst we neither want to reveal the name nor the exact key mechanism used by this major US bank, we can by scanning their system tell with 96% probability how their key management is setup. We&rsquo;ve notified them.
				</p>
				<h3 class="mg-md  tc-onyx">
					Example 2 - Major UK bank
				</h3>
				<p>
					Whilst we neither want to reveal the name nor the exact key mechanism used by this major UK bank, we can by scanning their system tell with 98% and 100% probability (respectively) how their key management is setup. We&rsquo;ve notified them.
				</p>
				<h3 class="mg-md  tc-onyx">
					Example 3 - CDN provider
				</h3>
				<p>
					Whilst we neither want to reveal the name nor the exact key mechanism used by this major CDN provider, we can by scanning their system tell with 97% probability how their key management is setup. We&rsquo;ve notified them.
				</p>
			</div>
		</div>
	</div>
</div>
<!-- bloc-46 END -->

<!-- bloc-47 -->
<div class="bloc bgc-white tc-onyx l-bloc" id="bloc-47">
	<div class="container bloc-sm">
		<div class="row">
			<div class="col-sm-12">
				<div class="text-center">
					<div id="carousel-2" class="carousel no-shadows slide animLoopInfinite animated undefined" data-ride="carousel">
						<ol class="carousel-indicators">
							<li data-target="#carousel-2" data-slide-to="0" class="active">
							</li>
							<li data-target="#carousel-2" data-slide-to="1">
							</li>
							<li data-target="#carousel-2" data-slide-to="2">
							</li>
							<li data-target="#carousel-2" data-slide-to="3">
							</li>
						</ol>
						<div class="carousel-inner">
							<div class="item active">
								<img src="img/USbank2.png" />
								<div class="carousel-caption">
								</div>
							</div>
							<div class="item">
								<img src="img/UKbank2.png" />
								<div class="carousel-caption">
								</div>
							</div>
							<div class="item">
								<img src="img/CDN2.png" />
								<div class="carousel-caption">
								</div>
							</div>
							<div class="item">
								<img src="img/groups2.png" />
								<div class="carousel-caption">
								</div>
							</div>
						</div><a class="left carousel-control" href="#carousel-2" role="button" data-slide="prev"><span class="fa fa-chevron-left"></span><span class="sr-only">Previous</span></a><a class="right carousel-control" href="#carousel-2" role="button" data-slide="next"><span class="fa fa-chevron-right"></span><span class="sr-only">Next</span></a>
					</div>
				</div>
				<h3 class="mg-md text-center tc-onyx">
					<br>In cyber security we trust…some of us at least
				</h3>
				<p>
					With all the breaches, cyber attacks and government snooping, companies are rapidly stepping up their cyber security defences. Key management is one of the major aspects of cyber security and keys generated and stored in secure hardware are proven to be more secure than those generated by software and stored in computer memory. Enigma bridge has brought to market Hardware-Seurity-as-a-service (Cloud HSM), allowing companies to protect their assets and users in a simple and cost effective way. <br><br>
				</p>
				<div class="text-center">
					<a href="contact-us.html" class="btn btn-clean btn-lg btn-rich-electric-blue">Help me protect my company</a>
				</div>
			</div>
		</div>
	</div>
</div>
<!-- bloc-47 END -->

<!-- ScrollToTop Button -->
<a class="bloc-button btn btn-d scrollToTop" onclick="scrollToTarget('1')"><span class="fa fa-chevron-up"></span></a>
<!-- ScrollToTop Button END-->


<!-- Footer - bloc-79 -->
<div class="bloc bgc-onyx d-bloc" id="bloc-79">
	<div class="container bloc-md">
		<div class="row">
			<div class="col-sm-3">
				<h3 class="mg-md bloc-mob-center-text  tc-rich-electric-blue">
					About
				</h3><a class="a-btn a-block bloc-mob-center-text  ltc-white" href="./index.html#team">The team</a><a href="contact-us.html" class="a-btn a-block bloc-mob-center-text ltc-white ">Contact us</a>
			</div>
			<div class="col-sm-3">
				<h3 class="mg-md bloc-mob-center-text  tc-rich-electric-blue">
					Get the API
				</h3><a href="https://api.enigmabridge.com" class="a-btn a-block bloc-mob-center-text  ltc-white" target="_blank">Documentation</a><a href="https://enigmabridge.freshdesk.com" class="a-btn a-block bloc-mob-center-text ltc-white " target="_blank">Forum</a>
			</div>
			<div class="col-sm-3">
				<h3 class="mg-md bloc-mob-center-text  tc-rich-electric-blue">
					Follow Us
				</h3><a href="https://twitter.com/enigmabridge" class="a-btn a-block bloc-mob-center-text ltc-white " target="_blank">Twitter</a><a href="https://www.linkedin.com/company/enigma-bridge-ltd" class="a-btn a-block bloc-mob-center-text ltc-white " target="_blank">LinkedIn</a>
			</div>
			<div class="col-sm-3">
				<h3 class="mg-md bloc-mob-center-text  tc-rich-electric-blue">
					Small Print
				</h3><a href="terms-of-use.html" class="a-btn a-block bloc-mob-center-text  ltc-white">Terms of use</a><a href="privacy-notice.html" class="a-btn a-block bloc-mob-center-text  ltc-white">Privacy</a>
			</div>
		</div>
	</div>
</div>
<!-- Footer - bloc-79 END -->

</div>
<!-- Main container END -->
    

</body>
</html>