Applied Crypto Hardening (ACH) Project

René Pfeiffer/ January 2, 2014/ Communication, Security

DeepSec 2013 featured a talk about the Applied Crypto Hardening (ACH) project. In the wake of the discussion about attacks on cryptography itself and implementations of cryptographic standards almost every aspect of encrypted communication needs to be reviewed. Since system administrators, developers, and other IT staff usually has not the same expertise as crypto experts, the ACH project was formed. Its goal is to compile a reference for the best practice configuration of systems that use cryptographic components. The ACH guide covers SSL/TLS, virtual private network (VPN), algorithms, key sizes, (pseudo) random generators, and more. The advice is targeted at everyone seeking to improve the cryptographic capabilities of software and appliances. Hardening crypto is part of the basic security measures everyone should take care of. It needs to become a habit, just like everything else that improves your defence.

We have uploaded the video recording. Watch the talk online, download the ACH guide, and get to work:

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.