Collaborate Disseminate
Take an example embedded system:
Microprocessor
Flash memory
SDRAM
There is no UI and no network connection.
Can the CPU timing jitter that is used by haveged provide adequate true entropy to seed /dev/urandom?
Continue reading On an embedded system with no external input, can haveged provide entropy?
I know the general math behind using character-based and dictionary-based passwords/passphrases and how to determine the entropy of the result. But I am unclear how adding uppercase letters, numbers and other characters or wo… Continue reading How to determine how entropy changes when using uppercase, numbers and special characters in a dictionary based passphrase?
I know the general math behind using character-based and dictionary-based passwords/passphrases and how to determine the entropy of the result. But I am unclear how adding uppercase letters, numbers and other characters or wo… Continue reading How to determine how entropy changes when using uppercase, numbers and special characters in a dictionary based passphrase?
Could anyone point to a quote in a published work – or suggest a recognised expert who might provide a quote – which answers the following question
How much entropy in a password would guarantee that it is secure against… Continue reading Expert quote on entropy for uncrackable password
Session management in web applications is extremely important in regards to securing user credentials and integrity within the application. Sometimes, session tokens can be predicted, provided the overall randomness is weak. If this is possible, a remote attacker may be able to compromise the session of an authenticated user. In this episode of Tradecraft Security […]
The post Identifying Weak Session Tokens Using Entropy – Tradecraft Security Weekly #15 appeared first on Security Weekly.
Continue reading Identifying Weak Session Tokens Using Entropy – Tradecraft Security Weekly #15
I rencently seen this :
I can’t figure out, how he computes 28 bits of entropy for a password like
“Tr0ub4dor&3” seems really few…
Continue reading How does the password Tr0ub4dor&3 have ~28 bits of entropy?
I use LastPass comprehensively, and for each new site/password I almost always have it generate a random password of the same number of characters, allowing letters, numbers, and symbols (except when prevented by password for… Continue reading Should I vary the length of my completely-random passwords for the best security?
I have been making a random number generator using an Arudino’s analog pins, bitwise shifts, and XOR. I have been using the Unix command ‘ent’ to measure my entropy. I have tested different sizes of data from the Arduino, and… Continue reading Should Longer Random Data Have More or Less Entropy?
This question already has an answer here:
Calculating password entropy?
3 answers
Entropy is a standard measure of the co… Continue reading Does entropy apply to passwords generation when some passwords are more likely? [duplicate]
This is a random technical segment on implementing random number generators in Linux. Don shows us the ins and outs of the entropy pool, the different between /dev/random and /dev/urandom, and some awesome hardware that can increase entropy. Full Show Notes Subscribe to YouTube Channel
The post Hardening Software RNGs with Don Pezet, ITProTV – Paul’s Security Weekly #522 appeared first on Security Weekly.
Continue reading Hardening Software RNGs with Don Pezet, ITProTV – Paul’s Security Weekly #522