Collaborate Disseminate
Regarding turning on MacOS’ FileVault after it was not turned on for installation, it says here…
If FileVault is turned on later — a process that is immediate since
the data was already encrypted — an anti-replay mechanism prevents the
… Continue reading Is MacOS encryption as secure if FileVault is switched on after installation?
One of the touted features of passkeys is that they depend on a biometric in order to use them. However, on an iPhone, if the finger-print scanner isn’t successful, it offers you the option of using your passcode. Couldn’t one then brute f… Continue reading Why does iOS allow using passkey without biometric? [closed]
The demos I’ve seen for Passkey assume that any public user can register with a website. What about the situation where you want to set up a passkey for an admin user of a website? i.e. How does an admin create a new Passkey on their devic… Continue reading Set-up Apple Passkey for private users
If a webpage is delivered over HTTPS, the browser makes this clear with a padlock symbol. It’s something that people look for. My browser also makes it clear that a page is not secure.
Why aren’t emails treated similarly? In Gmail, you hav… Continue reading Why doesn’t Gmail make it clearer that emails have been signed and delivered over https?
I have an ASP.Net Web API and a ReactJS front end. Each has their own website in IIS. The ReactJS site has no server side rendering. Both sites share the same authentication cookie because the front end runs as an application inside the We… Continue reading CSRF protection and Single Page App running in a frame set
If I ask AWS Key Management Service for a 64-byte key, is it OK to split it in half and use each half as a separate key? e.g. the first half for encryption and the second for HMAC?
I figure that it would be ok because assuming that AWS’s … Continue reading Is it OK to use two halves of a key independently?
If I encrypt, say, a .pdf file then does knowing that it’s a .pdf make it easier to decrypt?
i.e. could the file’s well-known structure act as a predictable part of the encrypted bytes?
Continue reading Does knowing the file type of an encrypted file make it easier to decrypt?
I have the following working test…
public void Test1()
{
var symmetricEncryption = new SymmetricEncryption();
var asymmetricEncrption = new AsymmetricEncryption();
var pipeline = new Pipeline(symmetricEncrypti… Continue reading Does encrypted session key need to be authenticated?
If a user is logged into a website and they submit sensitive info over HTTPS, which is encrypted and stored in a database, does it matter if the info is not also signed?
Given that signing requires a private key, if a hacker has access to… Continue reading Does encrypted content in a database need to be signed?
I’m creating key blobs and putting them in Windows key containers.
Like this…
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that acces… Continue reading Should the name of a key container be secret?