Collaborate Disseminate
One option typically used by organizations to forward a plaintext TCP connection over the network is SSH local and remote port forwarding. SSH binds a port locally and forwards all traffic to the remote machine over SSH.
Thi… Continue reading TLS socket wrapper server/forwarding agent?
In another interesting post, one of the developers/security researchers behind Phuctor suggests that using different exponents with RSA keys will “[increase] the costs of attacking your setup astronomically.”
While the author does state … Continue reading Choose your own exponents in RSA?
On Ubuntu and possibly Debian systems, you can install packages which contain images which are signed by Ubuntu’s EFI key. For example, linux-signed-image-generic-lts-trusty is one of these packages.
Say I have a fully-encry… Continue reading What does a signed Linux kernel image get me?
I’m researching how my smart card’s chipset generates random numbers. According to a source in forums the YubiKey NEO is based on the A700x chipset from NXP. The page for the chipset indicates that the chipset provides a:
Low-power Tru… Continue reading What comprises the AIS-31 standard for TRNGs?
I have a YubiKey NEO which has a lot of amazing capabilities such as OTP, U2F, and PGP smart card for PGP/GPG and even SSH keys. One of the applications I’ve discovered recently for the device is a PIV applet which you can use to securely … Continue reading Smart Card for RSA private key for SSL?
Given the various lengths of RSA key pairs (1024, 2048, 4096) what are the odds of two users having generated the exact same private key?
Continue reading What are the odds of an RSA private key collision?
While writing an answer to this question on Server Fault, a thought that has been bouncing around my head for quite some time resurfaced again as a question:
Is there ever a good reason to not use TLS/SSL?
To further elucid… Continue reading Is there ever a good reason _not_ to use TLS/SSL?
I just discovered the YubiKey NEO which seems like a pretty awesome device for maintaining security for a variety of different things including computer login, SSH private keys, GPG private keys, and even password safes appli… Continue reading How do OTP USB sticks work?
The concept put forward by Docker and LXC seems to be, from a security perspective, a move in the right direction. Afraid of a MySQL zero-day? Run it in a Docker container and it won’t be able to cause damage to the host operating system. … Continue reading Securing Docker and LXC
One of the dangers of using WPA2-PSK is the possibility that an attacker may setup another wireless network with the same SSID and even use the same access point MAC address via MAC spoofing. The attacker then may use a deauth attack to ca… Continue reading Does WPA2 Enterprise mitigate evil twin attacks?