Michael Altfield – Page 2 – WindowsTechs.com

Docker: How to download & verify a publisher’s root key (out-of-band, distinct-domain cryptographic verification, WoT)

Posted on August 27, 2021 by Michael Altfield

For a given publisher of docker images on Docker Hub (let’s say debian), how do I download their root release/image signing key and verify its authenticity from multiple sources out-of-band from each-other?
Though it doesn’t appear to be c… Continue reading Docker: How to download & verify a publisher’s root key (out-of-band, distinct-domain cryptographic verification, WoT)→

Does dnf enforce cryptographic authentication and integrity validation by default for all packages? (fedora linux)

Posted on August 5, 2021 by Michael Altfield

Does the built-in dnf package manager in Fedora-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verifi… Continue reading Does dnf enforce cryptographic authentication and integrity validation by default for all packages? (fedora linux)→

Does pacman enforce cryptographic authentication and integrity validation by default for all packages? (arch linux)

Posted on August 5, 2021 by Michael Altfield

Does the built-in pacman package manager in Arch-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verif… Continue reading Does pacman enforce cryptographic authentication and integrity validation by default for all packages? (arch linux)→

Android ROMs whose releases are cryptographically signed (gpg) [closed]

Posted on June 29, 2021 by Michael Altfield

What is the list of popular Android ROMs whose releases are cryptographically signed?
Today I learned that LineageOS (arguably the most popular open-source Android ROM) does not cryptographically sign its releases with PGP. As such, they d… Continue reading Android ROMs whose releases are cryptographically signed (gpg) [closed]→

Does Wire encrypt data-at-rest in their apps?

Posted on April 30, 2021 by Michael Altfield

Does Wire employ encryption of data at rest?
I generally consider Signal and Wire to be the best tools today for sending information privately between two parties. Both meet the marks on crypto, open-source, 3rd party audits, PFS via the d… Continue reading Does Wire encrypt data-at-rest in their apps?→

References for [password length] > [complexity] (Academic Papers, Government Guidelines, Standards Publications) [closed]

Posted on April 26, 2021 by Michael Altfield

I’m looking for a set of documents from reputable sources that explicitly state that password (passphrase) length is exponentially more important than password complexity.
Consider the following password policies:
[a] Passwords must contai… Continue reading References for [password length] > [complexity] (Academic Papers, Government Guidelines, Standards Publications) [closed]→

What are equivalent Asian organization of NIST, especially in the Security Computer Division? [closed]

Posted on April 26, 2021 by Michael Altfield

What are some Asian-equivalent organizations comparable to USA’s NIST?
I want to check the best practices and guidelines on computer security. Does anyone know if there are similar organizations in Asian countries that publish recommendati… Continue reading What are equivalent Asian organization of NIST, especially in the Security Computer Division? [closed]→

Open-Source Hardware Security Modules (HSM)

Posted on March 24, 2021 by Michael Altfield

Are there any Open-Source Hardware Security Modules (meeting OSHWA requirements)?
I’ve worked with Utimaco HSMs, but I’m not a big fan of closed-source hardware — especially when it comes to security but also out of principle.
Moreover, I… Continue reading Open-Source Hardware Security Modules (HSM)→

Webserver DDOS protection without giving away private keys (https, tls, ssl)

Posted on March 24, 2021 by Michael Altfield

What are the possible ways to protect an organization’s web servers from a DDoS attack without giving away your web server’s https private keys?
Many of the common solutions for DDoS protection of a web server (eg CloudFlare) require you t… Continue reading Webserver DDOS protection without giving away private keys (https, tls, ssl)→

Does snapd enforce cryptographic authentication and integrity validation by default for all packages? (debian, ubuntu)

Posted on March 22, 2021 by Michael Altfield

Does the snapd package manager in Debian-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified beca… Continue reading Does snapd enforce cryptographic authentication and integrity validation by default for all packages? (debian, ubuntu)→