Collaborate Disseminate
I’m a one man shop. All I care about is having my workstations and server stolen. I plan on running a couple dozen VMs on my server, mostly Linux.
Question is, obviously having unique passwords for each SSH key for each VM is most secure, … Continue reading Unique SSH Keys With Identical Password?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its certificate and then act as client to the e… Continue reading Would there be any utility for multiple clients sharing the same TLS session key?
With no sign of regulations slowing down, enterprises struggle to keep pace with the rapid changes. According to a recent NTT Data survey of business executives, 3 in 4 organizations can’t keep up with data regulations, holding them back from successfu… Continue reading How organizations can keep up with shifting data privacy regulations
When HSMs are not accessible, we often need alternative methods for securely storing and managing encryption keys
What open-source options exist for effectively managing encryption keys in a language-agnostic manner when HSMs are unavailab… Continue reading What are the effective open-source methods for storing and managing encryption keys in a language-agnostic manner when an HSM is unavailable?
I would like to better understand the mechanism of rotation of EMV keys used for payment cards.
Assuming that it intends to provide a rotation of the keys used for the production cards:
just recycle the keys under Master Key and get a new… Continue reading Rotate or replace EMV keys?
In this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital a… Continue reading Beyond blockchain: Strategies for seamless digital asset integration
Is it a good idea for a user who is the owner of encrypted data to share a secret passphrase with other users (workers) so that they can decrypt the encrypted data? Is there a better way? I’ll add that the data is encrypted on the client s… Continue reading Sharing secret passphrase with others
I obtained the code below from ChatGPT. It works but I’m trying to understand the purpose of KMS. Does it basically store passwords in KMS and allowing me to retrieve them each time I send over the CiphertextBlob? And could I store more th… Continue reading Using AWS Key Management Service to store passwords [closed]
In my current project we will have to encrypt a lot of S3 objects (a few billions) with KMS.
Our security department requires that we use KMS keys backed by CloudHSM. But since CloudHSM incurs some non negligeable extra charges in terms of… Continue reading High volume encryption: AWS KMS vs CloudHSM
Context
I’m working to make an embedded devices safe against physical access. (publicly accessible device and can be easily stolen)
I already made the following action :
secure boot is enabled on cpu, bootloaded is signed
Image is also si… Continue reading How to safely use dm-crypt as overlayfs uper partition?