Collaborate Disseminate
Whenever the topic comes up, almost every source recommends to never store authentication tokens in a place where they can be accessed by client-side Javascript. The recommendation is almost always to store them in an http-only cookie to p… Continue reading Is storing authentication tokens in local storage with a strong CSP safe?
WebAuthn is a relatively new API for authentication, and it uses public key cryptography instead of something like passwords.
I am wondering if it is possible to use the cryptographic part for a different purpose, specifically creating di… Continue reading Is it possible to use WebAuthn for digitally signing documents in the browser?
Microsoft has just patched a vulnerability in Schannel that could allow remote code execution (MS14-066). What I can’t find are any reliable details on how this can be exploited. I’ve seen some people claim that it can only b… Continue reading Can the Windows Schannel vulnerability be exploited by visiting a website?
Blizzard very recently announced that their network was compromised, but they assure users in their statement that the password information that the attackers had access to was saved in a secure way:
We also know that cryptographically… Continue reading How secure is the SRP that Blizzard uses to protect passwords?