Collaborate Disseminate
Many companies have internal applications, and it would not be wise to recommend these are opened to the public internet merely for the purpose of them making it onto the HSTS preload list. Even if these services were audited and user cred… Continue reading Is it possible to internally use HSTS preloading for internal domains?
a while ago I checked results associated with my name on duckduckgo. The name I am referring to is the first name and surname, which is associated with a google account. Scrolling through the results, I noticed that a youtube link was bein… Continue reading Privacy across search engines
The common advice of benchmarking a password hashing algorithm and choosing the slowest acceptable cost factor doesn’t work for algorithms with more than one parameter: adding a lot of iterations at the expense of memory hardness makes the… Continue reading Since GPUs have gigabytes of memory, does Argon2id need to use gigabytes of memory as well in order to effectively thwart GPU cracking?
I am trying to verify whether I am vulnerable to the OpenSSL TLS renegotiation vulnerability CVE-2021-3449 (fixed in OpenSSL 1.1.1k).
When I connect to the website using openssl s_client -tls1_2 -connect example.com:443, it says "Secu… Continue reading How to verify TLS renegotiation DoS vulnerability? (CVE-2021-3449)
The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You’ve read all the code in the client, or someone you tr… Continue reading How can I verify Keybase’s end-to-end encryption between me and a friend?
I’m having a hard time finding relevant documentation from Microsoft (or any third party, for that matter) about any registry key that may change the cost factor of cached credentials.
One can control how many logons are sto… Continue reading Can the cost factor be changed of Windows’ credential cache?
To authenticate with RDP, VirtualBox allows to set a password using this command:
VBoxManage setproperty vrdeauthlibrary “VBoxAuthSimple”
VBoxManage modifyvm “VM name” –vrdeauthtype external
VBoxManage setextradata “VM name… Continue reading What hashing algorithm does VirtualBox use for passwords in its config files?
SSH passwords should not have been enabled for login over the Internet. Although the Infrastructure Team had attempted to configure the sshd daemon to disable password-based logins, having UsePAM yes set meant that passwor… Continue reading How were attackers able to login to the Apache Foundation’s infrastructure over ssh with passwords? (2010)
I have not been able to find any credible source which tried to prove or disprove the randomness of mouse movements.
A Google Scholar search for “mouse movement entropy” gives surprisingly few results: about one page of computer science … Continue reading What research suggests that user’s mouse movements are (not) sufficiently unpredictable for secret key generation?
On Last.fm, I need to complete a CAPTCHA in order to change my password. I want to change my password because haveibeenpwned lists my account as appearing in the last.fm breach. However, the CAPTCHA appears to be impossible t… Continue reading Should users need to complete a CAPTCHA upon changing their password in their account settings?