Lone Learner – WindowsTechs.com

App-to-app or service-to-service authentication using federated login

Posted on August 9, 2020 by Lone Learner

I have an application Foo that exposes a web-based portal as well as a REST API service via HTTPS.
When a human user connects to the app Foo to use its web-based portal, the human user is first redirected to an OAuth2-based login page. Onc… Continue reading App-to-app or service-to-service authentication using federated login→

Is cell phone number based verification secure?

Posted on July 14, 2020 by Lone Learner

Websites often send a code to a cell phone number for verification. Is this secure? If it is not secure, are there any better alternatives?

Continue reading Is cell phone number based verification secure?→

Is there a documented security standard that forbids or discourages rolling your own crypto?

Posted on July 11, 2020 by Lone Learner

Is there any security standard published by NIST or another reputed body in information security that explicitly forbids or discourages rolling your own crypto? If yes, would you please post the standard name/title, a link to it, and quote… Continue reading Is there a documented security standard that forbids or discourages rolling your own crypto?→

Should a new key be derived for every row of data or should the same key be used?

Posted on September 1, 2019 by Lone Learner

I am going to store user provided data in database. Confidentiality needs to be guaranteed. Integrity need not be guaranteed (that’s a separate problem to be solved separately).

There is a single strong master password that … Continue reading Should a new key be derived for every row of data or should the same key be used?→

How long should zip encryption password be for it take 10 years to crack?

Posted on August 9, 2019 by Lone Learner

I am using zip 3.0.0 on macOS High Sierra and Ubuntu. Here is my zip version on macOS:
$ zip –version | head
Copyright (c) 1990-2008 Info-ZIP – Type ‘zip "-L"’ for software license.
This is Zip 3.0 (July 5th 2008), by Info-ZIP.
… Continue reading How long should zip encryption password be for it take 10 years to crack?→

Is there a way to differentiate the certificates that came as part of the certificate chain from the ones already in the trust store?

Posted on May 4, 2017 by Lone Learner

OpenSSL shows the following certificate chain for example.com:443.

$ openssl s_client -connect example.com:443 < /dev/null | head -10
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server… Continue reading Is there a way to differentiate the certificates that came as part of the certificate chain from the ones already in the trust store?→

Why does OpenSSL show different CAs for mail.google.com:443 than what Chrome/Firefox shows?

Posted on May 4, 2017 by Lone Learner

Why does openssl show different certificate chain for mail.google.com:443 than what Chrome/Firefox shows?

$ openssl s_client -connect mail.google.com:443 < /dev/null | head -10
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Gl… Continue reading Why does OpenSSL show different CAs for mail.google.com:443 than what Chrome/Firefox shows?→