Collaborate Disseminate
Multi Factor Authentication is obviously a lifesaver for passwords, so things that can easily leak (peeking, guessing, stealing, …). A second/third/… factor of another kind considerably reduces the risk.
This is less obvious for hardwa… Continue reading Do you know of a reasonable study on MFA value as a function of the nature of the first factor?
In his talk "Keynote address: securing the individual" at authenticate2020 (around 23:44), Whit Diffie asks
"ever wonder why an app can come on and grab your whole screen? There’s a whole set of standards to resist that. Th… Continue reading Standard for "secure workstations" resisting screen grabs
I’m totally lost with is standard RSASSA-PKCS1-v1_5.
I have commands that signs document and checks signature below.
openssl dgst -sha256 -sign private-key.pem -out aaa.txt.sha256 aaa.txt
openssl dgst -sha256 -verify public-key.pem -signa… Continue reading Sign according RSASSA-PKCS1-v1_5 standard
I’m implementing an ElGamal encryption system for academic purposes but I am not sure of the latest recommendations, standards and state of the art literature about this. Note that my system is already implemented and fully working, I only… Continue reading ElGamal and discrete logarithm cryptography, modern standards and state of the art literature
I’m probably as guilty as anyone of reinventing the wheel for a subpart of a project. Heck, sometimes I just feel like working on a wheel design. But if that’s …read more Continue reading Make it Compatible
To my knowledge, there’s no common standard for sysadmins to publish trusted domains for specific use cases.
If it exists, I would presume that this might limit phishing attacks. Think of my question here as an extension of SPF/DMARC/DKIM,… Continue reading Is there a standard for fencing email domains to specific use cases?
Working on the architecture of automotive OTA security, and can find any security compliance requirement for it but R155.
Does anyone knowing if there are specific requirement for secure update? like requirement for key rotation and HSM.
… Continue reading Are there any security compliance policy or standard for OTA? [closed]
I have heard several conversations done with Klaus Schwab, the founder of the World Economic Forum.
He often talks on the dire need in a "Cyber security standardization" (between states).
What is it? What are the features/paramet… Continue reading What are these "cyber security standards" Klaus Schwab is talking about? [closed]
From the spec at https://www.w3.org/TR/permissions-policy-1/ it seems there is no way to whitelist features with a default blacklist, and each feature must be individually disabled in every single request – adding a few Kb to every complet… Continue reading Is HTTP header Permissions-Policy worth using if no features are used?
The PCI Security Standards Council (PCI SSC) announced the availability of the PCI Card Production and Provisioning Security Requirements version 3.0. The updated standard helps payment card vendors secure the components and sensitive data involved in … Continue reading PCI SSC updates card security standards to secure the card production process