Articles about nist

listening

It's World (Terrible) Password (Advice) Day!

It's World Password Day! And you know what that means: all the effort you've put into trying to persuade people to rethink how they do passwords turns to mush because some company sees a PR opportunity and floods social media with terrible advice. This year's award for Terrible Password Advice goes to the wireless industry's …
Promotional still from Quantum Leap, the TV series

Boffins pull off quantum leap in true random number generation

A team of physicists claim to have developed a guaranteed random number generator using photons and the laws of quantum mechanics. Random numbers are used to secure communications, and a good random number generator is essential for strong encryption. But ensuring that the numbers are truly random is difficult. Number …
Katyanna Quach, 11 Apr 2018
dodson

Hey American business, here's how to use blockch ... sorry – we've been shut down

Shmoocon The political maneuvering that has shut much of the US government this month has delayed the National Institute of Standards and Technology's planned release of guidance about the risks and rewards of blockchain technology. “We have ... a publication that’s coming out on Monday on the fundamentals of blockchain to help people …
Iain Thomson, 21 Jan 2018
Privacy

New NIST draft embeds privacy into US govt security for the first time

A draft of new IT security measures by the US National Institute of Standards and Technology (NIST) has for the first time pulled privacy into its core text as well as expanded its scope to include the internet of things and smart home technology. The proposed "Security and Privacy Controls for Information Systems and …
Kieren McCarthy, 18 Aug 2017
Hammer, spanner and screw

Software can be more secure, says NIST, and we think we know how

The National Institute of Standards and Technology (NIST) has completed its long-running research into cutting software vulnerabilities and dropped the big envelope into the White House letterbox. NISTIR 8151, Dramatically Reducing Software Vulnerabilities, first landed as a draft in July, and the final version dropped last …

Standards body warned SMS 2FA is insecure and nobody listened

The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security. Last July NIST declared that sending one-time passwords to mobile phones was insecure. The organisation wrote in its advisory that the likelihood …
Darren Pauli, 6 Dec 2016

Uncle Sam emits DNS email security guide – now speak your brains

The US National Cybersecurity Center of Excellence (NCCoE) has published a guide on how to improve email security – and it wants your feedback on it. The center is part of NIST – America's National Institute of Standards and Technology – which itself part of the US Department of Commerce. The NCCoE has put out its "draft …
NIST's SET Pump electron-counter

Pump-priming the new ampere: NIST works to count electrons in silicon

The ampere, a perpetual embarrassment to the world of scientific standardisation, is due to get a measurable physical standard in 2018, and America's National Institute for Standards and Technology (NIST) hopes to help provide its definition. Most SI base units have a clear physical definition – the metre is defined by the …
NIST's compact gyroscope

NIST spins atomic gyroscope to allow navigation without GPS

The United States' National Institute of Standards and Technology (NIST) thinks it can use a cloud of atoms as a gyroscope. The point is navigation: the agency reckons the little gyro is part of work on ultra-precise navigation for applications like space and submarines. It measures rotation by analysing patterns of “ …

NIST wants answers on infosec - your answers

Sometimes, “don't read the comments” just isn't an option – like when you're United States' National Institute of Standards and Technology (NIST), and you're soliciting input for the US government's Commission on Enhancing National Cybersecurity (CENC). The CENC, which was announced back in April, has asked NIST to provide …
terminators_648

Auto crypto algo validation? Protocol prototype here

Cisco and the United States' National Institute of Standards and Technology (NIST) have quietly taken the covers off an important development for cryptographers: the first implementation of the Automated Cryptographic Validation Protocol (ACVP). First discussed at May's ICM conference, its aim is to help developers get across …

NIST readies 'post-quantum' crypto competition

Your mission, should you choose to accept it, is to help the National Institute of Standards and Technology (NIST) defend cryptography against the onslaught of quantum computers. It hasn't happened yet, but it's pretty widely agreed that quantum computers pose a significant risk to cryptography. All that's needed is either a …
Internet email sign. Pic: @mattw1lson, Twitter

US government updates secure email guide for first time in a decade

The US government's technology agency has updated its secure email guide for the first time in a decade and put it out for a month of public comment. The National Institute of Standards and Technology (NIST) guide [PDF] is 81 pages long and provides a surprisingly useful rundown on what to do to get your email secure. Its top …
NIST's silicon nitride beam

NIST set to shake up temperature with quantum thermometer

A moment with Google will reveal all kinds of cranks offering “free” energy from quantum “zero-point” phenomena, but it's a real thing with real effects. At the tiniest scales, quanta vibrate, even at their lowest energy. If all motion ceased, an observer would be able to breach uncertainty theory. Now, National Institute for …

Random ideas sought to improve cryptography

America's National Institute for Science and Technology (NIST) is looking for public input into its long-running project to improve cryptography. The recommendation NIST's put up for discussion covers the design principles and requirements for random bit generators, and tests to validate entropy sources. It's the entropy …
Crypto fingers

BLAKE2 hash authors post code as RFC

The authors of a NIST-commended (but left on the shelf) hashing suite have put their work forward for IETF (Internet Engineering Task Force) consideration. The BLAKE system had the bittersweet honour of being highly rated by the National Institute of Standards and Technology (NIST) in several categories of the SHA-3 …

Considering application whitelist tryst? NIST will help you clear the mist

Hardening: The US National Institute of Standards and Technology has published a guide to whitelisting that can help organisations deploy one of the most important defensive security technologies. Application whitelisting is chief among the Australian Signals Directorate's much-lauded Top 4 Strategies to Mitigate Targeted Cyber …
Darren Pauli, 9 Nov 2015

How do you anonymize personal databases and protect people's privacy – over to you, NIST

Analysis How do you protect people's privacy when you have big databases of personal records you want to share? That's the question that the US National Institute of Standards and Technology (NIST) has dug into in an extensive review [PDF] of the different methods that government departments and other organizations use when publishing …

Create a news alert about nist, or find more stories about nist.

Biting the hand that feeds IT © 1998–2018