Collaborate Disseminate
schwit1 writes: Chinese scientists have mounted what they say is the world’s first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a “real and substantial threat” to the long-standing password-protec… Continue reading Chinese Scientists Report Using Quantum Computer To Hack Military-grade Encryption
How does Windows manage passwords used for whole disk encryption? Is the password linked to the Windows account in a way where Microsoft has access to the password and thus a legal obligation to provide the password to any law enforcement … Continue reading Is the Windows Password that’s Used for Window Encryption available to Microsoft?
Hello InformationSecurity community!
I have the following situation, and seeking for advice for our security architecture.
I am working for a client, who creates a resume builder app, where users can enter their details (e.g. email, phone … Continue reading Encryption of localStorage/indexedDb with server-side PBKDF2 derived secret secure?
I was reading the Gentoo guide on Full Disk Encryption and couldn’t help but be triggered by the first line:
True Full Disk Encryption is not something that helps in most threat models, and it requires using separate storage to store all … Continue reading Why is FDE not something that helps in most threat models?
As far as I’m aware, persistence cookies are only encrypted in transit (HTTPS), but aren’t inherently encrypted while being stored locally on the user’s device.
Assuming a certain persistence cookie can be used to fully authenticate login,… Continue reading Why aren’t persistence cookies locally stored in an encrypted state?
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. Continue reading Awaken Likho is awake: new techniques of an APT group
I’m creating a small web game using three.js, and I’d like to add voice chat functionality to it. Currently, the audio information is converted into base64 client-side and then sent to the server from where it’s sent out to all other clien… Continue reading Should chat audio be encrypted before sending it?
I’m developing a notetaking app that will store users’ note and file data encrypted in a db and on backblaze (respectively). The app will not be end-to-end encrypted but data will be encrypted in transit (with TLS) and at rest (AES256, for… Continue reading How can I use PBKDF2 to derive an encryption key from a password and then access that key later without the password (i.e. with a cookie)?
Microsoft reboots controversial Windows Recall with proof-of-presence encryption, anti-tampering checks, and secure enclave data management.
The post Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation … Continue reading Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation
Let’s say I have a laptop with two different SSDs in it, each of them encrypted by Bitlocker, and each of them having their own unique Windows 11 installation.
If the primary SSD is encrypted with Bitlocker, and I boot up the secondary SSD… Continue reading Is a Bitlocker encrypted SSD at risk when booting from another SSD in the same machine?