Collaborate Disseminate
If you look at the above Kerberos protocol’s diagram, you can find that the protocol works on the basis that the (symmetric) client key initially exists on both the client node and the key distribution center.
Then, the question is, how c… Continue reading How can a client safely post/get a (symmetric) client key to/from a key distribution center?
I have a bit of doubt in a scenario that, AWS started allowing Ed2551 SSH keys somewhat recently. I also see a bit of a debate about the security of one other. Could anyone advise on which we should use going forward or which is best?
Am I right in stating that SCrypt as an algorithm is useful where many passwords are stored in a database, but not against one specific encryption key derived from one password of one user?
For example, let there be a password, a salt, and… Continue reading SCrypt’s goal and the role its salt plays
The Extented Master Secret Extension which is explained in RFC7627 shows the PRF used for derivation of the master secret from the premaster secret.
master_secret = PRF(pre_master_secret, "extended master secret",
… Continue reading Key Block PRF for Extended Master Secret
I read in the book that you cannot use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers:
We
need some type of random number generator to derive the key stream. First, we note
that we cannot use a TRNG since, by… Continue reading Why can’t you use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers?
The standard for TR-31 (and Thales) Key blocks (ref) have a field for "Key Version Number", which is only defined in the spec as
Two-digit ASCII character version number,
optionally used to indicate that contents of the
key bloc… Continue reading Uses for TR-31 Key Version Number?
which rules I should choose for ssh algo selection, provided it will be used near 100% for git operations? I’m going to use it with git on linux laptops, often used on public wifi.
currently I have:
speed
modern (no need to serve old SSH … Continue reading which principles for ssh key algo selection I should use for git-mainly operations?
Let’s say I make an id of type ed25519-sk and have it reside on my yubikey. OpenSSH makes two files, id_ed25519_sk, a stub private key, and id_ed25519_sk.pub the corresponding public key.
If I lose these, can I regenerate them with just th… Continue reading Is it possible to regenerate the stub private key from just the physical key in OpenSSH?
This question may be a little off-topic, but is Math.random the same as crypto.getRandomValues? (JavaScript)
Here’s an example:
Math.random(); // 0.11918419514323941
self.crypto.getRandomValues(new Uint32Array(10))[0]; // 2798055700
(Usin… Continue reading Is "Math.random" the same as "crypto.getRandomValues" (JavaScript security)
Why does an encryption key derived from your lock screen password give you "stronger protection" than a key chosen by the machine (or at any rate not derived from your lock screen password)?
The context in which the above generic… Continue reading Why does an encryption key derived from your lock screen password give you stronger protection (in Android 11)?