Collaborate Disseminate
I am trying to mount a fat16 Veracrypt volume on a multi-user MacOS system.
The mounted volume always seems to allow full permissions for all users on the system.
I have tried everything I can think of to restrict to only the current user … Continue reading Restrict fat16 Veracrypt volume to single user on MacOS [migrated]
If a user sets up a stock Android device to use a VPN and uses the "Always-on" setting, can they be sure[1] that no traffic will leak outside of the VPN?
[1] Assuming no malware is installed by the user and the OS is not trying t… Continue reading Can the Android "Always-on" VPN setting be relied upon to route all traffic through VPN?
I am trying to understand the benefits of a PKCS #11 keyfile stored on a smartcard such as a YubiKey with regards to Veracrypt volumes. Am I correct that the file will be taken off of the hardware device to be used? If so, this would see… Continue reading Do PKCS #11 keyfiles on a yubikey actually improve security for Veracrypt?
I have read about The OpenPGP trust model but I don’t see any mention of the specific signature types. Are all signature types (sig0 – sig3) treated the same by tools such as gpg or the PGP Pathfinder?
Continue reading Web of trust and signature types? (sig1, sig2, etc)
Considering the absolutely critical role that entropy plays in the generation of keys, I am wondering if there is an easy way to use diceware (true random numbers) to generate an OpenPGP key with gnupg?
Given that secp256k1 is used to underpin the entire Bitcoin network (worth $174B as of today) — it appears to offer demonstrably better security than other EC curves as no one has yet taken the bounty. It also stands to rea… Continue reading secp256k1 GPG key?
We know that the “short” 32 bit OpenPGP key IDs can be easily brute-forced and the recommendation is to use the “long” 64 bit IDs or full 160 bit SHA1 fingerprint. However I am concerned that the “long” key IDs may also be b… Continue reading Are there any known collisions of a "long" (64 bit) OpenPGP key ID?
Given that the IBM POWER9 CPU doesn’t appear contain an AMT subsystem (like those seen in Intel and AMD CPUs), is there any way the absense of such a backdoor could be audited? For example, might a lab be able to physically … Continue reading How might one verify that the POWER9 CPU does not contain an AMT-style subsystem?
Given the privacy and security risks associated with Intel’s Management Engine and AMD’s Platform Security Processor, are IBM PowerPC processors such as the POWER9 susceptible to similar hardware-level attacks?
Continue reading Are IBM PowerPC CPUs free of the AMT issue seen with AMD and Intel?
This commit in my GiHub repo is signed by a key I don’t recognize: https://github.com/jonathancross/jc-docs/pull/2/commits/124672699991af75dd2454831670758f08bc74ab
What is going on here?