Collaborate Disseminate
I’ve been working for some time on a pet project of mine: a note-taking application similar to Evernote with the difference that all content is client-side encrypted. I would like to get some feedback on some architectural de… Continue reading Key Management and Authentication in Note Taking App with Client-Side Encryption
My encryption subkey (but not my signing or other subkeys) expired. How do I generate and add a new encryption subkey using gpg?
Most users would simply type ssh-keygen and accept what they’re given by default.
But what are the best practices for generating ssh keys with ssh-keygen?
For example:
Use -o for the OpenSSH key format rather than the older PEM format (Op… Continue reading What are ssh-keygen best practices?
Reviewing the SSH keys of hosts that I connect to (as gathered by PuTTY in registry key HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys), I find that they all start with 0x10001 (65537) or 0x23 (35), most often followed by 2048-bi… Continue reading What software commonly generates RSA keys with public exponent 0x23 (35)?
Similar to the question here, I’d like to apply the same question to a person.
For example, I have implanted a chip in my hand1 that holds an encrypted private key that serves as my personal unique identifier. As it is tied to my person ph… Continue reading Best practices: Use of a single private key as a person, or multiple to identify self across domains?
I found two places that describe OpenStack SSH keys, but nothing seems to say whether or not they’re generated on VMs.
Generating these on the VMs could lead to problems, since VM images are often so standardized that it ma… Continue reading How do I reduce the vulnerability of the OpenStack SSH key generation process? [closed]
The keygen tag is used to make browsers generate private keys and POST the resulting CSR to the server, which can then issue a certificate. It’s now been deprecated, for rather stupid reasons but that’s besides the point.
So, what are the… Continue reading Alternatives to HTML’s deprecated <keygen> for client certs?
UUID uses 128-bit numbers. Currently it is not feasible to randomly produce two UUIDs that are the same. Does that mean 128 bits of entropy is suitable for all cryptographic operations? I would assume that cryptographic al… Continue reading Do you need more than 128-bit entropy?
I’ve seen that a number of key stretching algorithms and they involved increasing the number of operations needed to compute the key(i.e. the number of rounds within a hash function). But, I wonder if these approaches are mor… Continue reading Key stretching approaches
I’m creating HTTP REST service which will be available over tls only.
For authentication purposes I plan to generate JWT token for every user using HMAC HS256. I need a secret key for HMAC.
What are the requirements for secret key?
Do I… Continue reading What are requirements for HMAC secret key?