Collaborate Disseminate
Does Firefox’s built-in installer for addons/extensions validate its payload’s authentication and integrity for all files it downloads before actually installing them?
I avoid in-app updates because, more often than not, developers do not … Continue reading Does Firefox’s addon/extension installer provide cryptographic authentication and integrity validation?
Does the flatpak package manager in Fedora-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified be… Continue reading Does flatpak enforce cryptographic authentication and integrity validation by default for all packages? (fedora)
Does the yum package manager in CentOS/RHEL-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified b… Continue reading Does yum enforce cryptographic authentication and integrity validation by default for all packages? (CentOS, RHEL)
Does rust’s cargo package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with step… Continue reading Does rust’s Cargo provide cryptographic authentication and integrity validation?
For a given publisher of docker images on Docker Hub (let’s say debian), how do I download their root release/image signing key and verify its authenticity from multiple sources out-of-band from each-other?
Though it doesn’t appear to be c… Continue reading Docker: How to download & verify a publisher’s root key (out-of-band, distinct-domain cryptographic verification, WoT)
Does the built-in dnf package manager in Fedora-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verifi… Continue reading Does dnf enforce cryptographic authentication and integrity validation by default for all packages? (fedora linux)
Does the built-in pacman package manager in Arch-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verif… Continue reading Does pacman enforce cryptographic authentication and integrity validation by default for all packages? (arch linux)
What is the list of popular Android ROMs whose releases are cryptographically signed?
Today I learned that LineageOS (arguably the most popular open-source Android ROM) does not cryptographically sign its releases with PGP. As such, they d… Continue reading Android ROMs whose releases are cryptographically signed (gpg) [closed]
Does Wire employ encryption of data at rest?
I generally consider Signal and Wire to be the best tools today for sending information privately between two parties. Both meet the marks on crypto, open-source, 3rd party audits, PFS via the d… Continue reading Does Wire encrypt data-at-rest in their apps?
I’m looking for a set of documents from reputable sources that explicitly state that password (passphrase) length is exponentially more important than password complexity.
Consider the following password policies:
[a] Passwords must contai… Continue reading References for [password length] > [complexity] (Academic Papers, Government Guidelines, Standards Publications) [closed]