Collaborate Disseminate
An interface (website/application) that requires authentication should have a proper HTTP caching mechanism. When it doesn’t, it allows an attacker to browse back after logout or read the cache in another way.
In order to do so, the serve… Continue reading What is the proper terminology and base CVSS score for the following cache related behaviour?
Via Hackernews I landed on “An Ancient Security Hole is (Not) Closed”, which mentions “embargoes” on several occasions, e.g.:
…I have no interest in digging out more details or ruining embargoes that I’m not party to.
I was reading the “What is a rootkit ?” post and I’m confused about the difference between a rootkit and a backdoor. As I understood it, both :
Are a piece of code written by the attacker and injected in a system
Allow the access into t… Continue reading What is the difference between a backdoor and a rootkit?
In the Web and in certain online dictionaries, I see both terms: cryptanalysis and cryptoanalysis, the former being much more prevalent. Is the second form wrong? If both forms are correct, what is the semantic difference?
E… Continue reading cryptanalysis vs cryptoanalysis [on hold]
What is a Key space and how does it relate to the strength of a cryptosystem? Comment on the strength of the DES algorithm with a 56 bit key. What relevance does the key space have for passwords?
This is what I found so far … Continue reading In cyptography what is "Key Space"?
In preparing for the CISSP exam, the course material seems to emphasize a distinct role between a Certificate Authority and a Registration Authority. As per the study guide description:
Registration authorities (RAs) ass… Continue reading How exactly are registration authorities related to certificate authorities?
The RSA and Diffie-Hellman protocols are part of asymmetric cryptography. But is there a word to distinguish between cryptosystem like RSA (i.e. there are two keys, one for encryption and another for decryption) and Diffie-He… Continue reading Terms for differentiating between key-exchange and public-key cryptosystem
The RSA and Diffie-Hellman protocols are part of asymmetric cryptography. But is there a word to distinguish between cryptosystem like RSA (i.e. there are two keys, one for encryption and another for decryption) and Diffie-He… Continue reading Terms for differentiating between key-exchange and public-key cryptosystem
I’ve heard conflicting statements from various CISSP instructors, so I’d like some "real world" perspectives:
What is the appropriate terminology for the digest output of the following algorithms:
MD5
SHA-1, SHA-256, SHA-x
I’m studying TEE, and confused by the terminology. What is the difference between root of trust (RoT) and trusted computing base (TCB)?
Continue reading Difference between "root of trust" and "trusted computing base"?