recentpopularlog in

kme : encryption   77

StackExchange/blackbox: Safely store secrets in Git/Mercurial/Subversion |
Safely store secrets in Git/Mercurial/Subversion. Contribute to StackExchange/blackbox development by creating an account on GitHub.

secrets  devel  git  security  crypto  encryption  puppet  collaboration 
february 2019 by kme
The Next Big Encryption Fight
Donald Trump, meanwhile, called for a boycott of Apple products when the company refused to help the FBI. His pick to head the Justice Department, Senator Jeff Sessions of Alabama, believes it is “critical that national security and criminal investigators be able to overcome encryption.”
crypto  encryption  presidenttrump 
february 2017 by kme
ImperialViolet - AEADs: getting better at symmetric cryptography
Thou shall never reuse the same (key, nonce) pair, for all time. (With high probability.)

So, if you generate a random key and use it to encrypt a single message, it's ok to set the nonce to zero. If you generate a random key and encrypt a series of messages you must ensure that the nonce never repeats. A counter is one way to do this, but if you need to store that counter on disk then stop: the chances of you screwing up and reusing an nonce value are way too high in designs like that.
crypto  security  encryption  nonce 
may 2015 by kme
Decrypting the Dropbox filecache.dbx file – new free tool! | Magnet Forensics
One way, and not open source, so this isn't going to help disable LAN sync on a headless dropboxd instance. Or help fix DropboxPortableAHK to work with Dropbox >1.4.
dropbox  encryption  hacking  utility  software  windows  windowsonly  nonfree 
march 2013 by kme
The Invisible Things Lab's blog: Why do I miss Microsoft BitLocker?
The Static Root of Trust approach (also known as Static Root of Trust Measurement or SRTM) is pretty straightforward — the system starts booting from some immutable piece of firmware code that we assume is always trusted (hence the static root) and that initiates the measurement process, in which each component measures the next one in a chain. So, e.g. this immutable piece of firmware will first calculate the hash of the BIOS and extend a TPM's PCR register with the value of this hash. Then the BIOS does the same with the PCI EEPROMs and the MBR, before handling execution to them. Then the bootloader measures the OS loader before executing it. And so on.
vista  tpm  bitlocker  explained  wholediskencryption  encryption  crypto  waitmicrosoftgotitright  evilmaid 
january 2013 by kme
Fighting Hackers: Everything You've Been Told About Passwords Is Wrong | Wired Opinion |
Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. It's also about the "fuzzy" things ... involving people. That's where the security game is often won or lost. Just ask Mat Honan.

We – the users – are supposed to be responsible, and are told what to do to stay secure. For example: "Don’t use the same password on different sites." "Use strong passwords." "Give good answers to security questions." But here’s the troublesome equation:

more services used = more passwords needed = more user pain

... which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.
passwords  security  encryption  interesting  article  forthecomments 
october 2012 by kme
[SOLVED] Synergy (over SSH) - Ubuntu Forums
killall synergyc
ssh -f -N -L localhost:24800:serverIP:24800 serverIP
synergyc --daemon localhost
synergy  ssh  screensharing  networking  sysadmin  security  encryption  solution 
september 2012 by kme
GnuPG Commands - Examples
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Solution: in the example we're looking at, though, has a "good signature." The problem with this signature is that it was produced with a key that is not "trusted."

Another common problem: the signature is just distributed as a .asc file without the usual "wrapper" that helps you download the original signing key. You can fix that with this bit of magic (sourced from
gpg -v --keyserver --recv-keys 0xKEYHEXID

Where KEYHEXID is what 'gpg --verify' will spit out for you if you try to verify a signed file without having the public key in your keyring.
solution  pgp  gpg  cryptography  encryption  security  reference  quickref 
june 2012 by kme

Copy this bookmark:

to read