IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
117
votes
3 answers

Does bcrypt have a maximum password length?

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output:…
d0ctor
  • 1,273
  • 2
  • 9
  • 7
117
votes
15 answers

When choosing a numeric PIN, does it help or hurt to make each digit unique?

Imagine a typical 4-digit PIN scheme containing the digits [0-9]. If I choose my PIN at random, I will get one out of 10 * 10 * 10 * 10 = 10,000 codes. Based on my own experience, more than half of the time a random sequence of four digits will…
smitelli
  • 2,035
  • 3
  • 15
  • 19
117
votes
4 answers

How would a resourceful government block Tor?

I came across this article saying that after the November 2015 Paris attacks, some French police officers proposed to ban Tor. Tor is used to circumvent censorship! What security techniques would governments use to block Tor?
user93895
  • 1,133
  • 2
  • 8
  • 7
116
votes
6 answers

I can't access websites that use HTTPS, instead getting the message "your connection is not private"!

I found myself suddenly unable to access websites that use HTTPS, so I contacted my service provider, and they asked me to install a certificate in the Trusted Root Certificate Authorities store. But something isn't right: installing a certificate…
Tarek
  • 1,063
  • 2
  • 7
  • 9
116
votes
7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…
Ivan Kovacevic
  • 2,099
  • 5
  • 19
  • 21
116
votes
18 answers

Does an established HTTPS connection mean a line is really secure?

From the view of somebody offering a web application, when somebody connects with TLS (https) to our service and submits the correct authentication data, is it safe to transmit all sensitive data over this line, or can it be that there is still…
Peter Smit
  • 2,699
  • 3
  • 22
  • 25
116
votes
10 answers

Alternatives to anti-virus for keeping oneself safe

I have read a lot of articles that talk about how using an AV is less safe than not having one for more intermediate PC users who are careful with what they click and download. For example, here are a couple of articles:…
delacroix
  • 1,033
  • 2
  • 7
  • 8
116
votes
4 answers

How can RFID/NFC tags not be cloned when they are passive technology?

Everywhere a question like this is asked, I see people responding that (in a scenario where a card is used) the card does some processing with the data it receives/generates some data when it receives a signal. How is this possible without…
stenlan
  • 1,211
  • 2
  • 9
  • 6
115
votes
3 answers

Which elliptic curve should I use?

I am currently renewing an SSL certificate, and I was considering switching to elliptic curves. Per Bernstein and Lange, I know that some curves should not be used but I'm having difficulties selecting the correct ones in OpenSSL: $ openssl ecparam…
executifs
  • 4,772
  • 4
  • 23
  • 25
115
votes
6 answers

What would one need to do in order to hijack a satellite?

I realise this borders on sci-fi, but there's been some interesting demonstrations regarding security of various satellites. What would be required to hack a satellite (in general terms, any hack really)? Are they all basically connected in the…
Incognito
  • 5,204
  • 5
  • 27
  • 31
115
votes
24 answers

How could I make the results of a yes/no vote inaccessible unless it's unanimous in the affirmative, without a trusted third party?

A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave, it would be best if the family knew about that so…
TheHans255
  • 1,268
  • 2
  • 5
  • 13
115
votes
6 answers

Why should one not use the same asymmetric key for encryption as they do for signing?

In an answer to a question about RSA and PGP, PulpSpy noted this: It is possible to generate an RSA key pair using GPG (for both encryption and signing -- you should not use the same key for both). What is the reasoning behind this? Perhaps my…
Iszi
  • 26,997
  • 18
  • 98
  • 163
115
votes
13 answers

Is it good or bad practice to allow a user to change their username?

I have looked all over online as well as this site to try to find out more information regarding the security of this, but haven't found anything. In my particular case, the product is a website, but I think this question applies for any software…
Jeff Y
  • 1,051
  • 2
  • 7
  • 9
115
votes
9 answers

Why is it dangerous to open a suspicious email?

I would like to know why is it considered to be dangerous to open an email from an unknown source? I am using Gmail and I thought it's only unsafe to download an attachment and run it. The first thing that came into my mind was what if the email…
Tomas
  • 1,331
  • 3
  • 10
  • 10
115
votes
9 answers

Why is Steam so insistent on security?

Is there any particular reason why the Steam application attempts to be so secure? It seems to force you to take more security measures (two-factor authentication, emails confirming all trades, etc) than most banks do. Is this due to the fact that…
Jojodmo
  • 1,012
  • 2
  • 7
  • 10
1 2 3
99 100