Collaborate Disseminate
Singularity explicitly say that it is designed to let untrusted users run untrusted code safely: https://docs.sylabs.io/guides/2.6/admin-guide/security.html:
Untrusted users running untrusted containers!
This simple phrase describes the s… Continue reading Is podman adapted (like singularity) to let untrusted users run untrusted code?
I have encrypted the file some_file to be decipherable by some_recipient with:
gpg –encrypt –recipient some_recipient some_file
Which results in a file some_file.gpg.
My question is: is the content of some_file.gpg distringuishable from… Continue reading Is it possible to distinguish the binary content of a gpg-encrypted file from a random blob of data?
I am using singularity sandboxes in my workflow for several reasons unrelated to security. However, after using it a bit, I am now wondering: is using a singularity sandbox an effective way to increase security by enforcing isolation / com… Continue reading Is using a singularity sandbox an effective way to increase security through isolation / compartmentalization?
I have a server (M: Main) that I trust very much (I have it home, locked, with an alarm, etc), to which I can SSH from the internet.
I also have a number of "remote servers" and "IoT devices" (O: Others) that I trust a … Continue reading How to set up a restricted account for reverse SSH port forwarding in a safe way?
From what I understand, the idea of FIDO2 is to use symmetric cryptography, with secret key on the token, and public key on the server. When requesting to connect, the server uses the public key to generate a challenge that can only be sol… Continue reading Can one use a gpg smartcard to implement FIDO2?
I am trying to wrap my head around gpg. My current understanding is that one generates a master key, and then a number of sub-keys that are cross-signed against the master key. This establishes that the sub-keys are well legitimately ‘unde… Continue reading GPG keys and subkeys export: What is exported, and how?
I understand the interest of using a PGP solution that is based on a OpenPGP smartcard, such as the Nitrokey Pro or similar. But then, how can I decide that I trust an OpenPGP smartcard?
I understand that usually one should use Tails on a trusted machine to generate PGP keys. However, I find it difficult to trust a machine with an Intel CPU, many wireless interfaces, a hard disk that may have some hidden caches, etc, etc.
… Continue reading Is tails needed to securely generate a PGP key on raspberry Pi?
I became aware of Trusona recently (see their demo on this page https://www.trusona.com/ ). They want to ‘end passwords’.
I believe in the idea that ‘reasonable security’ = {something you are + something you know + something… Continue reading Can a scanning id system like trusona really be secure?
If I understand well, it is now well documented that all Intel chips should be considered as back doored because of the Intel Management Engine. I guess one should now consider that all chips over a given complexity are possi… Continue reading A safe digital typewriter