Collaborate Disseminate
I know this question is theoretical however I would like some thoughts from a security perceptive.
Take this thought:
1) I generate a high entropy, cryptographically secure string of bits (256-bits of entropy)
2) I use this entropy as a … Continue reading Theoretical question with regard to weak password based KDF & high entropy input
Randomness is a pursuit in a similar vein to metrology or time and frequency, in that inordinate quantities of effort can be expended in pursuit of its purest form. The Holy Grail is a source of completely unpredictable randomness, and the search for entropy so pure has taken experimenters into …read more
Apps such as Fail2ban and DenyHosts enable unix administrators to limit username/password combo attempts to typically 3 attempts. But why 3? Some admins enable more, like 6 or 8 giving honest users a little more slack when making different… Continue reading Limiting number of combo attempts with Fail2ban and 128 bits of entropy
I work in security and I’ve seen modulus (modulo) used in many encoding and crypto algorithms. However, today, a friend of mine mentioned that using modulo like this:
unsigned long int result = some_CSPRNG_output % 556600;
“Limits the se… Continue reading What affect does modulus have on CSPRNG outputs?
I’m new to the /dev/random and /dev/urandom pipes in general and have an application calling from /dev/urandom which I’m attempting to inject entropy into. I’d prefer not to change the source for this application, but an additional proces… Continue reading Does rngd -r /path/to/file inject into /dev/urandom in addition to /dev/random?
for some reasons, i was looking into libgcrypt source code and found this :
https://github.com/gpg/libgcrypt/blob/b64b029318e7d0b66123015146614118f466a7a9/random/rndlinux.c#L189
if i understand this correctly, while asking to use /dev/ra… Continue reading libgcrypt and rdrand usage
I finished reading the Code Book by Simon Singh, I’m interested in playing with some of the ideas in the book to help increase my own understanding. I don’t intend to implement the following in any consequential settings; I’m only interes… Continue reading Will extra rules to my diceware list generation scheme decrease security?
We’re suckers for the Fallout aesthetic, so anything with a post-apocalyptic vibe is sure to get our attention. With a mid-century look, Nixie tubes, a brushed metal faceplate, and just a touch of radioactivity, this quantum random number generator pushes a lot of design buttons, and it pushes them hard. …read more
This question already has an answer here:
Is randomly generating passwords from an assortment of dictionary words cryptographically secure? [duplicate]
4 answers
… Continue reading How safe is a password generated from words? [duplicate]
Is running cryptographic operations (encryption / decryption / signing / verifying / key-exchange / key-generation) in a Docker container affecting the quality of the crypto or entropy?
If it does impact it, how do you mitig… Continue reading Does Docker affect the quality of cryptographic operations?