Collaborate Disseminate
Do FIPS 140-2 or related documens specify how to protect users’ passwords with encryption? Are there any well known schemas for storing passwords in lossless manner and lossy manner?
Continue reading FIPS compliant passwords protection/encryption?
I have found Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS article that says TLS 1.0 should be disabled:
30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption… Continue reading Are PCI DSS standard requirements regarding TLS applicable only to customer facing webs or to whole even internal networks?
I was looking for some information about Java EE Schemas and found page https://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html. From there I clicked at http://xmlns.jcp.org/xml/ns/javaee/ URL which gives me… Continue reading xmlns.jcp.org domain SSL cert weirdly invalid?
We are using Symantec CA rooted certs to sign JARs. Since Google and Mozilla have indicated that they are not trusting Symantec CA, should I be concerned that Oracle will remove trust from Symantec CA roots as well in any JVM… Continue reading Symantec rooted certificates trust and Oracle Java trust store, is Oracle planing to remove trust as well?
Does setting up DNSSEC in client (systemd-resolved) with allow-downgrade option have any value? Does it improve security at all?
Continue reading Value of DNSSEC with allow-downgrade option