Top new questions this week:
|
|
Before posting this question about ed25519, I learned that there are two formats for storing a private ed25519 key, PKCS#8 OpenSSH Format Why did OpenSSH create its own format rather than use PKCS#8?…
|
|
Microsoft has published information about a recent security problem classified as “BitLocker Security Feature Bypass” identified as CVE-2022-41099 which points out that Windows Recovery …
|
|
Some years ago, I’ve found a web browser which I can’t remember the name. It had pretty impressive security standards. For example: Symmetric encryption key (password) is mandatory for saving …
|
|
I’m having a problem where when I export a key from 1password, and use it with ssh -i, I get Load key “/home/user/.ssh/private_ed25519”: invalid format Doing a google search on this, it …
|
|
I have been wondering if someone is accessing my system and after doing using some basic assessment tools like netstat and event viewer, found some unusual open ports(12345) and special Logon! below …
|
|
I have a GKE standard deployment in GCP. I have TLS terminating at an IAAS managed load balancer, provided by their Ingress controller. The certificates are GoogleManagedCertificates. I’m fine with …
|
|
I’m learning Azure Storage and I am doing my best to make sure access from Internet is as safe as possible. When I generate a connection string there is a SAS token embedded in the URL. That token has …
|
Greatest hits from previous weeks:
|
|
How does SSL work? I just realised we don’t actually have a definitive answer here, and it’s something worth covering. I’d like to see details in terms of: A high level description of the protocol. …
|
|
Is it possible to provide a subjectAltName-Extension to the openssl req module directly on the command line? I know it’s possible via a openssl.cnf file, but that’s not really elegant for batch-…
|
|
There is a new big case of stolen login/password data in the news. At the same time, I am reading that there are services that let you check if your own login data is affected, e.g. Have I Been Pwned. …
|
|
I’ve often heard it said that if you’re logging in to a website – a bank, GMail, whatever – via HTTPS, that the information you transmit is safe from snooping by 3rd parties. I’ve always been a little …
|
|
As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some …
|
|
What exactly is the difference between following two headers: Authorization : Bearer cn389ncoiwuencr vs Authorization : cn389ncoiwuencr All the sources which I have gone through, sets …
|
|
Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having …
|
Can you answer these questions?
|
|
Language used is Javascript. For context, I am making a password manager where users can store different accounts of service and their passwords. The idea was to store multiple encrypted passwords in …
|
|
Basically every password manager (like LastPass, 1Password, …) has its Android & iOS app and browser extensions for Chrome, Safari, Firefox etc., to automatically fill in usernames and passwords….
|
|
I usually stick to finding the right CPE candidate for product-version I am interested in by using the Search Vulnerability Database with Search Type selected as Advanced and then narrowing down from …
|
