Explore >> Select a destination
|
You are here 
|
www.daemonology.net | ||
| | | | |
rdist.root.org
|
|
| | | | | NaCl is a new crypto library, courtesy of Dan Bernstein of qmail fame and Tanja Lange. After my series of posts on why crypto libraries have seriously hurt web security by offering an API that is too low-level, I was pleased to find NaCl's main interface is high-level. In addition to the kind of fanatical... | |
| | | | |
blog.cryptographyengineering.com
|
|
| | | | | If you've hung around this blog for a while, you probablyknow how much I like to complain. (Really, quite a lot.) You might even be familiar with one of my favorite complaints:dumb cryptostandards. More specifically:dumb standards promulgated by smart people. The people in question almost always have justifications for whatever earth-shakingly stupid decision they're about... | |
| | | | |
notsosecure.com
|
|
| | | | | In this blog post we will discuss a case study where we were successful in exploiting a faulty password reset functionality. The end result was that we were able to set a newpassword onany arbitrary user account. We could do this because of a weak cryptographic implementation, in this case the functionality was utilising Electronic Code Book (ECB) mode encryption. | |
| | | | |
www.fastvue.co
|
|
| | | In the wake of the Superfish, Komodia and PrivDog vulnerabilities, it's important to understand how EV certificates help secure your web sites and visitors. | ||
