Collaborate Disseminate
How to manage encryption keys used to encrypt data that will be stored in a vulnerable cloud?
I need to implement such a feature in an application.
How to encrypt it properly and manage the encryption keys?
No matter how the encrypted dat… Continue reading How to manage keys for data stored in the cloud? [closed]
Let’s say Alice created a new account on a service and this service saved her fingerprint as a way of logging in later. Then Alice creates a new account on a new service, but unfortunately this second service is not properly secured and th… Continue reading How will biometrics be a safe way to authenticate users across the internet?
SHA-256 generates a 32-byte hash, Is it a safe practice to use the first 16 as an iv (nonce) and the second 16 as a key ?
What other things I should consider when using PBKDF2 in a scenario like this ?
Continue reading Can I use part of PBKDF2 output as an IV (nonce)?
How is it guaranteed that a SSL certificate issuer doesn’t issue cerificates without verifing that the user holds the specified domain name or even that the issuer himself doesn’t issue a certificate to do a MiTM attack ?
I can open any blocked service in the country I live in via Virtual Private Network (VPN) or proxy servers,so why do governments block services?
edit: I think governments do so to make it harder to access the service.. is that the only rea… Continue reading Why do governments block services while they still can be used via VPN for example?
Why service providers didn’t implement something like SSL to make SMS more secure and reliable in multiple scenarios ?
I did ask a question about why SMS is used as a way of verification while it is not encrypted in transit.
Continue reading How much is it hard to implement a mechanism to encrypt SMSs in transit
I did some research about how secure and private SMS messages are.
Providers and governments can see these SMS messages in plaintext,
but what is weird is that these messages are not encrypted in transit.
According to my knowledge, that ma… Continue reading Why is SMS used as a way of verifying a user’s mobile, when it is not even encrypted in transit?