Collaborate Disseminate
Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?
To hide a restricted location, e.g.
location /secret/ {
allow 10.0.0.0/24;
deny all;
}
one could set
error_page 403 =404 /404.html;
error_page 404 /404.html;
to make impossible to distinguish a non-existing location (404) from a restri… Continue reading How to hide restricted nginx subdomains?
I was wondering what Windows/Linux/Live tools allow to retrieve user password hashes of modern 2021 Win10/11 installations. I am not sure if password storage differs in these cases (e.g. different location or hash in use) from previous Win… Continue reading What tools currently allow to retrieve Windows 10/11 password hashes, given admin rights or physical access to unencrypted disks?
I was wondering if it’s possible to implement more secure KDF like bcrypt, scrypt, pbkdf2 and argon2id in PAM authentication.
Ideally I would like to have their hashes instead of SHA-512 ones directly in /etc/shadow, but we all know what U… Continue reading Is it possible to use Argon2id hashes with PAM?
Since I cannot receive email directly from my home server, I need an external device to receive messages for me and deliver them to my MTA via another port or via VPN. Instead of renting a VPS just for this, I was thinking about purchasing… Continue reading Full disk encryption and remote unlocking a mail server in the hand of a possible attacker, what could go wrong?