Monthly Archives: July 2013

How do proprietary secrets affect the security of an implementation?

Algorithms and protocols are the product of research, and are published to invite the scrutiny of peer review. Just as a high school algebra student may find himself unable to identify his own mistake in his algebra, developers may be … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Adding RFID isn’t the same thing as the two-factor principle, but it can improve a dongle.

Two factor authentication is encapsulated in the descriptor “something you have and something you know.” Leading auto makers now improve the security feature of the car-key, by including an RFID chip in the handle. (An RFID signal is a passive … Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

An updated discussion of “XKCD” passwords. Security professionals almost universally want to teach better password selection. The evaluation that an “XKCD” type (two words, a number or two, and a third word,) password is strong/secure, relies on a dictionary with … Continue reading

Link | Posted on by | Tagged , | Leave a comment

How secure is an encryption algorithm?

Triple DES was an early success story in American encryption. It is now (somewhat infamously,) broken. It is has been reported that skilled cryptanalysts broke 3DES, on a purpose built machine, in 6 hrs. What should that mean to the … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

What tricks do code breakers use?

When performing Cryptanalysis, code breakers have a wish list of things they would like to collect. Two copies of the same message, encrypted with different passwords. A copy of a message known to the code breaker, encrypted with your password … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Can local OS security be improved, over Network security, by policing the NIC?

Local hard disk drives, and Network Access Storage systems are conceptually identical to the end user, particularly with respect to the browser application. However, the security considerations that affect a USB drive (whether 500GB or 8GB) connected to a router, … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Two kinds of encrypted containers – accumulating without a password.

I wrote before that a mounted Truecrypt container is analogous to an un-encrypted file or drive. This is mirrored by other encryption schemes, and one safeguard against the implied problem is to keep an encrypted zip type file, that enciphers … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment