Authentication - establishing the authenticity of a person or other entity. Not to be confused with authorization - defining access rights to resources.
0
votes
0answers
14 views
Trustworthy Android recovery image that allows rooting?
I have an unlocked but not rooted Android device (Nexus 7 2013 WiFi "flo", legitimately unlocked using fastboot oem unlock from an x86 computer). Neither adb root nor adb shell followed by su let me ...
0
votes
1answer
19 views
Is MS-CHAPv2 incompatible with securely stored passwords?
I have a directory service that can speak a number of protocols and is used for user authentication. Currently user credentials are stored using Bcrypt to protect them in case of a compromised ...
0
votes
0answers
15 views
Is what flexi_auth does with its use of its $this->auth object good practice?
I am looking at the authentication library Flexi_auth for CodeIgniter. To use the library you have to create a object one time in the controller before the lib is used
Like this:
`$this->auth ...
1
vote
1answer
78 views
How does YubiKey protects it's secret key?
From what I understand, a YubiKey stores a secret key which can be used to generate passwords to enter a server.
How does a YubiKey protect it's secret key?
If it is plugged into an infected ...
2
votes
1answer
46 views
Disable local/KVM access on a Linux VPS (allow only SSH)
Friends of mine have previously had issues with VPS security.
The security was no fault of the operating system/services themselves, but mainly due to the "Control Panel" that gets forced upon you ...
1
vote
1answer
43 views
Google's Mobile Authentication for REST APIs
So I'm trying to create and secure a mobile REST API on an existing server that runs our web app. We're not going to open the API to the public and we will be writing the client app using ...
-1
votes
2answers
33 views
user identity certificate
I want to create a new scheme for user identification, like X.509 certificates, but not X.509. Is it possible to use this new certificate over the existing Internet? and if yes, what are basic ...
1
vote
4answers
124 views
How is “security word” safe from man in the middle attack?
In this bank site I read the following lines
Item #2 - You will also need to create a "Security Word". This allows you to verify that you have reached our Internet Banking site, and not some other ...
-3
votes
0answers
21 views
Anonymous Login list [on hold]
I want to login to some sites anonymously , changing my ip address will do the need
I have already tried Hidemyass and VTunnel but on opening the sites , the login box disappers on the site .
Any ...
0
votes
1answer
37 views
Can I use a CDN for static content without sacrificing SSL keys?
I would like to use a CDN for the static content of a website.
But obviously I do not wish to share my SSL key with any external service.
What are my options?
An ideal solution would be to link to ...
0
votes
0answers
16 views
Implementing OAuth flow in JavaScript
I am making a custom auth flow for the application. It is inspired by OAuth 2.0. Dev sends user to an auth page on my domain, passing callback_url and api_id. I redirect user to callback_url, passing ...
4
votes
2answers
79 views
Role Based Authorization vs. Claim Based Authorization
What is the difference between "role based authorization" and "claim based authorization"? Under which circumstances would it be appropriate to implement each of these authorization models?
0
votes
2answers
56 views
SSL/TLS Question [on hold]
I am currently working on my SSL/TLS assignment and I got a question to ask. What is the use of a login password since it is not needed for establishing secret communication between your computer and ...
2
votes
1answer
94 views
OWASP Recommendation on Client-Side Password Hashing
The OWASP Application Security FAQ recommends the use of JavaScript to produce a salted hash of the password client-side with JavaScript prior to sending it to the server.
Is this something truly ...
1
vote
1answer
68 views
In what ways does increasing SSH host key length increase security
I have read on a few guides on "how to secure SSH servers" that it is a good thing to increase ServerKeyBits from the default of 768 to 2048.
Most of these guides seem to be for the entry ...
