Collaborate Disseminate
Many password-based encryption utilities (e.g.: KeePass, TrueCrypt) do something along the lines of…
Encrypt data with super-strong random-generated key, “data key”.
Encrypt data key with another key, “user key”, based on user-provided… Continue reading Encrypting With Passwords – Encryption of Key vs. Data
Some organizations will configure their Windows systems to require Smart Cards for all account logins, as part of a two-factor authentication implementation. However, this can easily be bypassed without two-factor authenticat… Continue reading Remote Registry allows bypass of 2FA enforcement with 1FA
These days, there’s pretty much three forms of authentication in general use on the web:
Single-factor authentication, e.g.: PIN or password.
Two-factor authentication, e.g.: Single-factor plus a software- or hardware-gener… Continue reading Two-Step vs. Two-Factor Authentication – Is there a difference?
Many SOHO routers these days support a feature called “wireless client isolation”, or similar. What this is supposed to do, in principle, is to limit the connectivity between wireless clients connected to the AP. Wireless c… Continue reading Wireless client isolation – how does it work, and can it be bypassed?
This question is sort-of spun off of a previous one.
Why do law-abiding citizens need strong security?
There are a lot of great security-focused answers there. However, I think the true question that is brought up is more … Continue reading Why does one need a high level of privacy/anonymity for legal activities?
The HowToGeek article How To (Un)Lock Your PC By Being Nearby (With a Bluetooth Phone) got me thinking.
Is there any software (or combination of software) that allows three-factor authentication for a Windows box? I’m thinking of somethin… Continue reading Three-Factor Authentication for Windows
In some environments, it is required that users change a certain number of characters every time they create a new password. This is of course to prevent passwords from being easily-guessable, especially with knowledge of old passwords su… Continue reading How can a system enforce a minimum number of changed characters in passwords, without storing or processing old passwords in cleartext?
Is there a database of vulnerabilities somewhere, that can be queried in such a way as to return results for all non-patched vulnerabilities for a specific piece of software?
For example, I would like to see a list of the cu… Continue reading Where can I find a list of un-patched CVEs for a specific piece of software?
Reading a couple questions and answers here recently got me to thinking.
Wireless keyboards run the inherent risk of exposing their data due to the relatively broad transmission range, and the ease with which highly sensitive receivers (r… Continue reading Keyboards immune to signal monitoring?
In an answer to a question about RSA and PGP, PulpSpy noted this:
It is possible to generate an RSA key pair using GPG (for both encryption and signing — you should not use the same key for both).
What is the reasoning behind this?… Continue reading Why should one not use the same asymmetric key for encryption as they do for signing?