Collaborate Disseminate
I came up with this scheme of doing challenge response. It works like this:
The server generates a random challenge and saves it
The server encrypts the challenge with the public key of the client and sends it to them
The client decrypts … Continue reading How to evaluate security of non-standard challenge response implementation?
I’m working on a Bluetooth Low Energy lock system and have implemented a challenge-response authentication flow for secure communication between the lock (an ESP32 device) and the user’s phone. I’m very new to these technologies, and was w… Continue reading BLE Challenge-Response Authentication Using Pre-Shared Key and SHA-256
I’m working on a Bluetooth Low Energy lock system and have implemented a challenge-response authentication flow for secure communication between the lock (an ESP32 device) and the user’s phone. I’m very new to these technologies, and was w… Continue reading BLE Challenge-Response Authentication Using Pre-Shared Key and SHA-256
I notice in Chrome’s Task Manager that some Cloudflare challenges are CPU intensive. Why?
E.g., in the following screenshot, Cloudflare challenges took over 1 hour of CPU (representing ~25% of the browser’s CPU time):
Task
Memory footp… Continue reading Why are some Cloudflare challenges CPU intensive?
I would like to ask how I should go about securely transmitting the password between two applications. I have two projects that work with each other. The first one is a project called AuthApi, which authenticates the user and creates token… Continue reading ow do I move password securely between api and web?
I have been searching for a way to use challenge-response over PKCS11, is that possible? I have found that it is possible for Windows Minidriver, but all the PKCS11 challenge-response protocols are custom and vendor defined.
How can someon… Continue reading How to implement challenge-response authentication using PKCS11
I was learning about SCRAM and liked its ability to protect against various attacks (as mentioned in this MongoDB blog post), specifically:
Eavesdropping – The attacker can read all traffic exchanged between the client and server. To prot… Continue reading Is SCRAM secure if both the communication channel and the database got compromised?
As an Automotive Security Professional, my state of the art approach to implement a Secure Access would be to have an ECU generate a challenge (nonce + ID), forward it to the tester who can pass the challenge to the backend system which si… Continue reading Is the Seed-And-Key Challenge-Response used in Automotive Security really secure?
Imagine the following situation: You created a KeepassXC database and secured it with a strong passphrase, as well as the HMAC-SHA1 based Challenge-Response mechanism provided by a YubiKey. The secret for the YubiKey is backed up on paper … Continue reading How to decrypt a KeePass database using YubiKey Challenge-Response, but without token?
To use the free trial of Nessus, you need an email address to receive an activation key.
There are two modes to activate a Nessus server:
Online mode registration
If the computer running Nessus server has internet, you can activate the s… Continue reading How does Nessus offline registration work?