IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [storage]

Details on how data is being kept in memory/on disks, most frequently being applied to databases, media banks and backup-recovery solutions.

239 questions
5
votes
1 answer

If I fill a hypothetical 1gb HDD with 1024 single 1mb files, will all sectors be overwritten?

When a file is deleted, its only marked as an unused sector of a hard drive. Im wondering if it's possible to fill a 1gb HDD with 1024 individual 1mb files to completely use every sector?
Scott
  • 51
  • 1
5
votes
3 answers

How is truncation according to PCI DSS secure?

In section 3.3 of the PCI standard, it says that when displaying PANs, limiting visibility to the first 6 and last 4 digits of the PAN is considered secure. Doing some quick math, on a 16 digit PAN, taking into account the checksum requirement, this…
Jemmy
  • 153
  • 5
5
votes
3 answers

How can my bank issue a new credit card with the same pin number?

I live in France, and I have a debit card issued by my bank. When it expires, I receive a new one with the same pin number. I recently asked my banker to issue another card (a different one, for another bank account), and he told me it can have the…
TonioElGringo
  • 151
  • 4
5
votes
2 answers

How to securely store application data on mobile device

How can security be enhanced to the maximum in a messaging app storing messaging history on the device (like whatsapp)? I am specifically referring to methods to minimize the risk of the data being stolen in case the device is physically compromised…
user3074662
  • 541
  • 2
  • 6
  • 11
5
votes
4 answers

Are there any disadvantages to encrypting the password hash?

Is encrypting the password hash in database more secure than storing only the hash? Suppose we store encrypted SHA-256 result with AES instead of hash directly. Is this a good protection from a situation in the future when someone will break one of…
Piotr Müller
  • 411
  • 5
  • 6
5
votes
2 answers

Encrypt user data when they log in with Facebook, Gmail, etc

I made a login system. The user can login by: using a normal email / password (bcrypted). using a service like facebook, gmail, etc. So far so good. Now I want to store sensitive information (ftp credentials) in the database in a secure manner.…
Francisco Presencia
  • 675
  • 1
  • 6
  • 20
5
votes
2 answers

How secure is the private storage of a mobile app

Are there any know security flaws/hacks to gain access to the private storage(file system or SQLite database) of Android and iOS applications? What measures do Google and Apple take to "prevent" these kinds of attacks, or is it up to the developer…
supercell
  • 153
  • 1
  • 4
5
votes
2 answers

Properly use files that have keys

Both KeePass and Veracrypt allow you to secure your password database and containers with a password and keyfiles. My question concerns storage and usage on a local user level(home) computer. I keep my PC regularly updated, and I have a good…
user168799
5
votes
4 answers

Security of Cloud Storage

What are the main security risks of popular cloud storage services such as Dropbox? I am torn between the convenience of cloud storage and the potential security risk of it. How can I evaluate whether a particular service meets my security…
h00j
  • 756
  • 1
  • 7
  • 18
5
votes
2 answers

How secure is a BIOS/UEFI hard drive password?

I'm buying some new machines and am concerned about security of the data should the machine be physically stolen. It's easy to take out the drive, image it, and read what you want. I could use file level encryption, but that's insufficient: people…
SRobert James
  • 51
  • 1
  • 1
  • 2
5
votes
1 answer

Secure sharing between Windows computers

I'm working on a project to setup a secure system to share files between 5 Windows computers. The computers are part of a domain so could have multiple different users logging in (based on an AD group). The files would contain bank/account…
nijave
  • 153
  • 4
5
votes
2 answers

Can we determine how securely files are stored on a cloud storage service?

After asking two questions about the security of online cloud storage, it seems to me that we can only at best speculate as to the security practices of the hosting company, and believe what they tell us. Or can we do something more? For example,…
Zsw
  • 757
  • 1
  • 5
  • 10
4
votes
2 answers

how to store and retrieve nonce in practice

As nonce is supposed to be random and used only one time, when receiving a nonce, I need to check it with all past nonce records. That means I need a database to store every nonce I had before. Of course I can reduce the database size by limiting…
Sissi
  • 49
  • 1
  • 2
4
votes
4 answers

What options exist for authenticated full-disk encryption?

Title says it all really. I'm toying with the idea of storing some disk images in "the cloud", but am concerned about the possibility of an attacker manipulating cipertext to do evil things once it's decrypted, and so I'd like a system that…
randomdude
  • 827
  • 1
  • 7
  • 12
4
votes
1 answer

What evidence is there that SpiderOak is significantly different from Lavabit?

In 2013 Lavabit shut down because a US agency was demanding access to its private SSL keys and basically the deets on whatever users the US was interested in. Lavabit shut down rather than give the US that access. Yet, this means that Lavabit had…
Fernando
  • 705
  • 5
  • 17
1 2 3
15 16