Collaborate Disseminate
In case multiple stream ciphers exist, Im refering to this specific instance in which you generate and key that is just as long as the msg, M, as a function of a nonce and a smaller key K.
My textbook classifies this as computational secu… Continue reading Why are stream ciphers computiationally secure? [migrated]
Im currently designing a solution where a security-sensitive device (located on IP X.X.X.X) will execute the command: socat -u tcp-l:9999,fork system:”touch /tmp/updatefile” &
A script will check for existence of the /tm… Continue reading Is piping untrusted/arbitary data to touch secure?
Im currently writing a authentication app based on RSA, for Android that should be impossible to copy, even if you have physical access to a phone without lockscreen/PIN.
However, the HSM inside the phone, that ensures the p… Continue reading Does PKCS 1.5 padding make it possible for an attacker to extract the private key or not? Is PKCS 1.5 safe to use in authentication context?
Im currently writing a authentication app based on RSA, for Android that should be impossible to copy, even if you have physical access to a phone without lockscreen/PIN.
However, the HSM inside the phone, that ensures the p… Continue reading Does PKCS 1.5 padding make it possible for an attacker to extract the private key or not? Is PKCS 1.5 safe to use in authentication context?
One thing that I found out when starting using PGP:
When I uploaded my keys to the SKS keyserver, the keyserver did not take any action to verify that I am who I claim to be.
Since a PGP key contains a email adress, at least… Continue reading Why don’t PGP keyservers enforce double-opt-in?
Is there any risk, if a database of U2F device key handles are leaked?
Enrolling a key works by:
Send Enroll request with “AppID” to U2F device.
U2F device answers with “Key Handle, Public Key”.
Authentication works by:
… Continue reading Is there any security risk, if the database with key handles for U2F devices are leaked?