Highest Voted Questions - IT Security Stack Exchange

39

votes

2 answers

Is it possible to decrypt a satellite TV signal without using a smart card?

And if it is possible, why has it been decided to keep using a smart card for this task? I will be grateful if you can provide some practical examples on how to bypass the use of a smart card (if possible).

encryption smartcard satellite

asked Sep 04 '13 at 20:14

Israfel_21

399
1
3
3

39

votes

12 answers

Can a file contain its md5sum inside it?

Just wondering if it is possible to create a file which has its md5sum inside it along with other contents too.

cryptography hash

asked May 16 '11 at 05:45

balki

817
3
9
12

39

votes

1 answer

Why can't I use the same key for encryption and MAC?

I wrote a simple file encryption program as an example of how to do encryption correctly, but after reading a questions about encryption + MAC, I think I made a mistake by using the same key for both. I'm about to fix my program to generate a longer…

encryption hmac

asked Jun 22 '13 at 17:27

Brendan Long

2,878
1
19
27

39

votes

4 answers

If email is insecure, why do we use it for password resets?

I found myself telling a coworker today "Email is insecure, that's why we developed our secure report application." But then it struck me, Why is email considered insecure? If it is so insecure, why do we trust it for password resets? I never…

passwords email

asked Jan 22 '13 at 20:27

John

2,242
2
28
45

39

votes

5 answers

What's the difference between VPN over TCP vs UDP?

My VPN provider gives me the option between using UDP and TCP for connections. According to this site UDP is faster over short distances. I'm on the same continent as my server, is that considered short distance? Is there a test I can run to compare…

vpn

asked Jan 10 '13 at 04:50

David Drohang

453
1
4
5

39

votes

3 answers

Block chaining modes to avoid

Everyone knows that ECB operation mode with a block cipher should be avoided because of clear and obvious weaknesses. But little attention is given to comparison of the other modes in the context of security, and people instead appear to simply…

encryption

asked Jan 09 '13 at 17:31

tylerl

82,225
25
148
226

39

votes

8 answers

Can the manufacturer remotely turn off my device?

In connection with recent events, I, as an ordinary citizen of Russia, wonder - can smartphone manufacturers (Google, Apple, Huawei, etc.) or any another (such as Microsoft, Cisco etc) remotely turn off my phone (or any another device)? I see…

account-security

asked Mar 04 '22 at 10:08

RoyalGoose

995
5
9

39

votes

14 answers

How to safely save passwords for a future administrator?

I am the volunteer IT administrator for a local non-profit organization. The organization has a few systems - specifically security cameras, network hardware, and telephones - that have local administrator accounts to manage them. Right now, I am…

passwords risk

asked Oct 21 '20 at 23:45

Moshe Katz

1,331
1
11
17

39

votes

4 answers

why a client authentication is not commonly performed in the TLS protocol?

Is there any reason for this other than key/certificate management on the client-side?

tls authentication

asked Nov 11 '12 at 12:40

naresh

625
1
7
7

39

votes

11 answers

Is it safe to use a weak password as long as I have two-factor authentication?

I'm careful to use strong passwords (according to How Big is Your Haystack, my passwords would take a massive cracking array 1.5 million centuries to crack), I don't reuse passwords across sites, and I use two-factor authentication where it's…

passwords authentication multi-factor trust

asked Nov 09 '12 at 21:38

Herb Caudill

443
4
9

39

votes

7 answers

At what point is deleted data irrecoverable?

From reading around on the internet I get the impression that barring physical damage, deleted data can be always be recovered using sophisticated digital forensics. For this reason the advice is that you should encrypt your data. So at what point…

forensics deletion data-recovery

asked Jun 13 '20 at 22:27

Yoshi

407
4
3

39

votes

5 answers

Eduroam requires installation of a CA Certificate - can they decrypt TLS traffic?

Eduroam is an organization that provides free WiFi to educational institutions and around some cities. I don't fully understand how the authentication works, but in order to connect you have to install a CA Certificate called…

encryption tls authentication certificates wifi

asked Apr 11 '20 at 11:50

Ciprum

513
4
6

39

votes

7 answers

Is it a security vulnerability to tell a user what input characters are valid/invalid?

For input validation on a website, are there any security concerns with disclosing to the user exactly what characters are valid or invalid for a given field? CWE-200: Information Exposure says one should try not to disclose information "that could…

web-application vulnerability obscurity data-validation error-handling

asked Jan 14 '20 at 20:41

csrowell

487
1
4
7

39

votes

1 answer

Can a browser extension (Chrome, Firefox, etc.) read the web console log?

I realized that my bank handles sensitive information in the web console log, so my concern is if any browser extension could read the log?

web-browser chrome firefox browser-extensions

asked Dec 31 '19 at 19:59

Nyan D' Sparkle

509
4
6

39

votes

6 answers

Schemes/ Mechanisms that could provide one time decryption?

I am quite familiar with most of the common undergrad/grad security foundations; but I couldn't find anything related to this scenario: A scheme/system where a piece of data can only be 'decrypted' AND read only once (potentially in a computer…

encryption cryptography drm

asked Dec 02 '19 at 13:41

DaveIdito

511
4
3

Most Popular