Top new questions this week: |
||||||||
Does (online) poker require cryptographically secure randomness?Here’s a quote from a reddit discussion: … for poker [a cryptographically secure RNG] is completely unnecessary. If you have an appropriate unpredictable seed, and you are throwing away a lot of …
|
||||||||
Security of carrying passwords on personWhile in college I decided to have a randomly generated 16 character password. I used parts of that password in various sites. However, one of the sites was compromised so I had to change my password. …
|
||||||||
Password generation - too primitive?A while ago (12 years old), I recognized my passwords weren't safe at all. Because I used the very same password everywhere, some grumpy admin could easily take over all my accounts (he got mail and …
|
||||||||
Does my UI need to be secure if my API is?I'm working on a project that is creating two new, separate web modules (possibly even on different servers) to support a new web application, with one serving up a static JS-based UI and the other …
|
||||||||
How can this input-sanitizer function be defeated?There's a Classic ASP application at my job that is (I believe) highly vulnerable to SQL injection. I want to prove to management that this code isn't secure, but all I'm able to do is insert "SQLINJ" …
|
||||||||
Where does a Hyper-V guest get its entropy when generating a certificate authority private key?According to findings by the EFF's SSL observatory, there are "tens of thousands of keys that offer effectively no security due to weak random number generation algorithm." My understanding of that …
|
||||||||
Is the connection to Tor hidden services encrypted?It's possible for Tor exit nodes to sniff traffic on normal websites, unless you connect via SSL/HTTPS. But what about hidden services, they don't seem to support the HTTPS protocol. Can the exit …
|
||||||||
Greatest hits from previous weeks: |
||||||||
Can webcams be turned on without the indicator light?I want to know how secure I am. I've made a series of pentests in my network and one of the things I've tried was to record webcam and microphone. Recording an end-user's microphone seems to be a …
|
||||||||
RSA vs. DSA for SSH authentication keysWhen generating SSH authentication keys on a Unix/Linux system with ssh-keygen, you're given the choice of creating a RSA or DSA key pair (using -t type). What is the difference between RSA and DSA …
|
||||||||
Can you answer these? |
||||||||
Is 'Forge' Javascript crypto library secure?I need a client-side crypto library. I've seen https://github.com/digitalbazaar/forge linked many times on stackexchange. Forge seems to be the most complete and well-documented crypto library for JS. …
|
||||||||
Is Temporary XSS a Problem?I use a site on a regular basis so I wanted to make sure it was secure. One of the things I checked was that when I changed my first name to <img src="http://blah.blah/blah/blah.notanextension" …
|
||||||||
What is the definition of "multi-failure" disaster recovery?There are several compliance and certification criteria that mention "multi-failure" disaster recovery. What exactly is the definition of this? A google search did not turn up a clear answer for me.
|
|
Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3 |