Recently I gave a 4-hour workshop on Timing Attacks at the ZeroNight conference in Moscow. The conference focused on practical software security thus I prepared following “real”
Category: Crypto
OpenSSH hardening for cloud machine – part 1
SSH is often required to access Linux machines that run on the Cloud infrastructure. SSH is perfect to keep confidentiality and integrity of data exchanged between two
NSA, crypto, and bananas
After Snowden’s revelations many people are concerned by an omniscient and omnipotent NSA reading their email. NSA reportedly got access to content that was assumed to
Secure password hashing: requirements and design choices
This is the promised follow-up to my first post on secure password hashing. We now focus on the security requirements and design choices, which will
Secure password hashing: why we need it
Nobody likes passwords. Especially when you receive your password in clear text after hitting “forgot my password”—evidence that the server stores the password either in