RobbB – WindowsTechs.com

What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]

Posted on January 24, 2023 by RobbB

This one is a handful to describe. I’ve got on offline first stricture, server is only used for client database sync. This is a zero-trust structure. I don’t care how secure my BaaS provider is, how secure my server is or who my threat act… Continue reading What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]→

What is the best way to calculate true password entropy for human created passwords?

Posted on October 8, 2022 by RobbB

Okay, I know it might seem this has already been beaten to death but, hear me out. I am including a fairly good password strength algorithm for my app for users on sign-up. This one, which I’ve copied (with minor adjustments). I also want … Continue reading What is the best way to calculate true password entropy for human created passwords?→

How can a users plaintext password be acquired while using biometricID with the following security model?

Posted on October 4, 2022 by RobbB

This is a slightly tough one to explain with my current experience, lacking mainstream terminology. But here goes.
I have an encryption/security model whereby I do not store users plaintext passwords. It’s pretty simple actually:
1 – on si… Continue reading How can a users plaintext password be acquired while using biometricID with the following security model?→

Necessity & possibility of client-server VPN for an extra layer of security for mobil applications?

Posted on April 22, 2022 by RobbB

I imagine that to some professionals on here this question may be redundant. This is being asked from the viewpoint of a relative beginner dev.
I would like to add an extra layer of security between client & server. I’m wondering if it… Continue reading Necessity & possibility of client-server VPN for an extra layer of security for mobil applications?→

Telex security compared to TLS?

Posted on March 26, 2022 by RobbB

There are many organizations that still use telex for very important secure communications. I’m not sure if there is some sort of transport security in addition to telex security/encryption but that’s what this question is all about.
I’m c… Continue reading Telex security compared to TLS?→

Basic explanation for why I’m getting different IP addresses when querying for users IP W/without VPN?

Posted on December 30, 2021 by RobbB

I’m trying to work out some basic knowledge of rate-limiting for my server security so I know how it works. Seems pretty simple as there are different algorithms as well as IP limiting methods. This is not what my question is about, I will… Continue reading Basic explanation for why I’m getting different IP addresses when querying for users IP W/without VPN?→

Are ACL IDs considered sensitive data?

Posted on August 20, 2021 by RobbB

I imagine this is a redundant question by the inherent nature of ACL’s, however I can’t find any inkling of an answer so I’m happy to be the one to ask.
Specifically related to the Parse platform but also generally:

Are ACL ID’s considere… Continue reading Are ACL IDs considered sensitive data?→

How vulnerable is security if a public key is swapped by active attacker if a key check is done?

Posted on August 20, 2021 by RobbB

Trying to understand this from a high level conceptually. It is obvious from all information on Asymmetric encryption that a public key can be of course, public and there isn’t a danger of interception. So I’m faced with a point in my soft… Continue reading How vulnerable is security if a public key is swapped by active attacker if a key check is done?→

Would this way of going about protecting users’ data in use be secure, or overkill?

Posted on July 15, 2021 by RobbB

I’ve got information security as high as possible with my Flutter app so far with encryption and proper storage for data at rest as well as data in transit. With this question I’m only aiming for protecting data at rest.
If I did something… Continue reading Would this way of going about protecting users’ data in use be secure, or overkill?→

How to protect API keys from malicious usage in Flutter with Parse

Posted on July 14, 2021 by RobbB

It is an obvious security vulnerability to have my API keys out in the open as such when initially developing my app. Parse is setup this way because it’s easy for development and learning I assume.
I’m going on the assumption that accepti… Continue reading How to protect API keys from malicious usage in Flutter with Parse→