Collaborate Disseminate
This is a really theoretical question, but if I use an SSH key with a passphrase to login on a server, could this be considered as a two-factor authentication (2FA)?
Indeed, I need the SSH (private) key, which could be considered as the f… Continue reading Is an SSH key with a passphrase a 2FA?
I have heard that there will always be vulnerabilities in codes, software. However, I don’t understand why it is not possible to have an exploit-free software. If companies keep updating their software, eventually there will be no vulnerab… Continue reading Is exploit-free software possible?
I’m setting up a service which allows a single 3rd party to access a file over HTTPS. The only security mechanism the 3rd party supports is Basic Authentication.
To reduce complexity, I was going to host the file on S3. Howe… Continue reading HTTP Basic Authentication vs. obscure filename
It may seem like a very general question but I couldn’t find any detailed debates over it. This is a purely theoretical question as of 2019.
Suppose we are to create our own product and safety design would be our priority. A… Continue reading is no system really safe? [on hold]
I’m wondering about a specific model I encountered in reading this paper
which describes a model for the amount of meta-information that can be encoded in cache.
The relevant section is repeated here:
In our model, C_inf… Continue reading Cache side channel capacity model
We live in an age where a lot of services are hosted in various cloud-based infrastructures. And a lot of these infrastructures are based around a “pay as you go model”. I.e. The more servers you spin up, the more database IO… Continue reading Are there any documented cases of attackers using ‘Free Trials’ as an attack vector?
I’ve got a novice question –
It is often said that you should not store plaintext passwords in a client-side cookie. (I’m imagining a web browser cookie, but I supposed this applies in general.) But in simple web apps we often store a plai… Continue reading Why not store password in cookie?
Lets say Paul, is cleared for (TOP SECRET, {A,C}) where top secret is his clearance and A & C privledges. He wants to access a Document classified (Secret,{B,C})..
Top secret trumps Secret but in order for paul to “domin… Continue reading Does the subject HAVE to dominate the object in order to access the object?
What are the different types of oracles in information security and cryptography? And what is each type used for?
We have to deliver a zero-knowledge SQLite based accounting/reviewing app running on Mac 10.6 and above.
We are asked to upload snapshots of database to cloud (AWS S3 or GCP) at regular intervals; so any accountant with righ… Continue reading Security implications of storing encrypted snapshots on cloud