Questions tagged [trust]

A description of a state of benevolence that exists between two or more parties. A measurement of the confidence in a benign outcome of a transaction involving two or more parties.

A principal in a security system trusts another principal if it allows its security to depend on assertions made by that other principal. For example, when a web browser assumes that a web site is legitimate because the site shows a certificate signed by a certificate authority, the browser trusts the CA. Trust is often established and propagated through cryptography. The concept is derived from the plain English meaning of the word, which is studied by social sciences.

Related concepts

pki: public key infrastructure, a class of systems for establishing trust between a priori unrelated parties, based on central authorities.
Web of trust: a class of systems for establishing trust between a priori unrelated parties, based on assertions between peers.
trusted-computing: a series of protocols and designs related to the security of PC-style computers, promoted by the Trusted Computing Group, including the TPM.

216 questions

172

votes

26 answers

Convince people not to share their password with trusted others

IT workers are usually trusted by their family members who readily share passwords (Facebook, email, twitter, you-name-it!) so they can get easy help to set what-ever-parameter they don't find or explanation of a challenging situation. I always try…

passwords defense trust user-education persec

asked Sep 26 '16 at 08:35

Auzias

1,518
2
8
14

142

votes

14 answers

Is there any technical security reason not to buy the cheapest SSL certificate you can find?

While shopping for a basic SSL cert for my blog, I found that many of the more well-known Certificate Authorities have an entry-level certificate (with less stringent validation of the purchaser's identity) for approximately $120 and up. But then I…

encryption tls certificates certificate-authority trust

asked Aug 14 '12 at 19:19

Luke Sheppard

2,217
3
15
21

134

votes

8 answers

Why would someone trust DuckDuckGo or other providers with a similar privacy policy?

DuckDuckGo is a search engine that claims it will not share your results with others. Many of my skeptical coworkers think it may be a scam. Is there any proof that any web search engine will protect your privacy as it advertises?

privacy trust duckduckgo

asked Mar 13 '12 at 21:28

makerofthings7

50,090
54
250
536

votes

12 answers

How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

This question has been revised & clarified significantly since the original version. If we look at each trusted certificate in my Trusted Root store, how much should I trust them? What factors should be taken into consideration when I evaluate the…

tls certificates public-key-infrastructure certificate-authority trust

asked Feb 23 '11 at 19:54

makerofthings7

50,090
54
250
536

votes

8 answers

Is it safe to trust a Docker container?

When it comes to Docker, it is very convenient to use a third party container that already exist to do what we want. The problem is that those containers can be very complicated and have a large parent tree of other containers; they can even pull…

operating-systems trust docker confinement

asked May 08 '15 at 12:17

0x1gene

votes

11 answers

Is it safe to use a weak password as long as I have two-factor authentication?

I'm careful to use strong passwords (according to How Big is Your Haystack, my passwords would take a massive cracking array 1.5 million centuries to crack), I don't reuse passwords across sites, and I use two-factor authentication where it's…

passwords authentication multi-factor trust

asked Nov 09 '12 at 21:38

Herb Caudill

votes

1 answer

What is the exact meaning of this gpg output regarding trust?

When I import signatures or receive a key with gpg, it outputs some cryptic lines like: gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 16 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 16 …

pgp trust

asked Aug 25 '13 at 18:00

Thomas Koch

votes

4 answers

How does an end user differentiate between OV and DV certificates?

This is a very good link that explains the different types of SSL certificates and level of trust provided by them. An Extended Validation (EV) certificate it is easily identified by the green color in the address bar and the name of the…

certificates trust user-education

asked Apr 30 '13 at 04:37

Shurmajee

7,285
5
27
59

votes

2 answers

Is there a standard for printing a public key as a barcode?

Is there a standard for storing a public key printed on paper? Say, I want to hand out business cards with my public key pre-printed on them at a key signing party to help build the web of trust. My understanding is that the standard for storing a…

authentication protocols trust

asked Jun 18 '12 at 22:44

David Cary

2,720
4
19
20

votes

16 answers

How can I prove to users that my obfuscated code is not malicious without unobfuscating?

I created my own anti-adblock system, that does something similar to services like BlockAdblock except mine goes about Adblocker detection in a different manner (and so far cannot be bypassed like ones such as BlockAdblock). If you go to my…

javascript trust obfuscation

asked Aug 15 '21 at 10:05

pigeonburger

votes

4 answers

Should I trust a website which breaks when I use a complex password?

A website "broke" after I changed my password to something like "NÌÿÖÏï£Ø¥üQ¢¨¼Ü9¨ÝIÇÅbÍm". I was unable to log in, and customer service deleted my account and had me create a new one. Does this imply security flaws in the site's code? Should I…

passwords trust

asked Nov 11 '16 at 14:38

Christian

votes

7 answers

What are some good website security scanning solutions?

What are some good web-based website security scanning solutions? I'm not too concerned if they are web-based solutions, or software that can be run locally. Generally, I'm looking for something we can run to provide to clients some sort of…

appsec web-application penetration-test automated-testing trust

asked Nov 12 '10 at 01:13

Doozer Blake

votes

4 answers

Security seals and the "perception of safety"?

I clearly understand that the security seals (verisign or norton secure etc.) shown on banking and other websites are generated using a script and available only after an ssl certificate is purchased and installed. The certificate vendors say "the…

phishing trust security-theater security-seal

asked Apr 05 '13 at 05:41

Shurmajee

7,285
5
27
59

votes

3 answers

What are the risks of a Certificate Authority hack for 'the average user'?

Recently the DigiNotar CA was hacked, and rogue certificates were issued. Since they also issue certificates on behalf of the Dutch government, the government made a statement about it as well, basically claiming: 'don't visit the website if you get…

tls certificates certificate-authority trust

asked Sep 04 '11 at 13:07

beetstra

votes

8 answers

How can I re-use my password and still protect the password if it is exposed from one source?

I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source. The problem is that servers should do…

hash salt client-side trust client

asked Aug 07 '19 at 11:41

Sinder

2 3

…

14 15 Next