Highest Voted Questions - IT Security Stack Exchange

117

votes

3 answers

Which elliptic curve should I use?

I am currently renewing an SSL certificate, and I was considering switching to elliptic curves. Per Bernstein and Lange, I know that some curves should not be used but I'm having difficulties selecting the correct ones in OpenSSL: $ openssl ecparam…

openssl ecc

asked Jan 07 '15 at 17:18

executifs

4,792
4
24
25

117

votes

9 answers

Should I change the default SSH port on linux servers?

Is there any advantage in changing the SSH port, I've seen people do that, but I can't seem to find the reason why. If you have a strong password and/or a certificate, is it useful for anything? Edit: I should also mention that I am using iptables…

authentication attacks linux attack-prevention ssh

asked Mar 09 '13 at 12:09

sharp12345

2,009
3
14
23

117

votes

15 answers

When choosing a numeric PIN, does it help or hurt to make each digit unique?

Imagine a typical 4-digit PIN scheme containing the digits [0-9]. If I choose my PIN at random, I will get one out of 10 * 10 * 10 * 10 = 10,000 codes. Based on my own experience, more than half of the time a random sequence of four digits will…

passwords entropy

asked Apr 04 '17 at 00:57

smitelli

2,045
3
16
19

117

votes

4 answers

How can RFID/NFC tags not be cloned when they are passive technology?

Everywhere a question like this is asked, I see people responding that (in a scenario where a card is used) the card does some processing with the data it receives/generates some data when it receives a signal. How is this possible without…

encryption rfid nfc

asked Aug 01 '16 at 22:13

stenlan

1,221
2
9
6

116

votes

7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…

linux exploit macos terminal

asked Apr 22 '14 at 02:29

Ivan Kovacevic

2,119
5
20
21

116

votes

18 answers

Does an established HTTPS connection mean a line is really secure?

From the view of somebody offering a web application, when somebody connects with TLS (https) to our service and submits the correct authentication data, is it safe to transmit all sensitive data over this line, or can it be that there is still…

web-application tls

asked Nov 11 '10 at 21:41

Peter Smit

2,749
3
23
25

116

votes

3 answers

Does bcrypt have a maximum password length?

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output:…

passwords bcrypt python

asked Jul 31 '13 at 13:19

d0ctor

1,263
2
9
7

116

votes

10 answers

Alternatives to anti-virus for keeping oneself safe

I have read a lot of articles that talk about how using an AV is less safe than not having one for more intermediate PC users who are careful with what they click and download. For example, here are a couple of articles:…

malware virus antivirus

asked Mar 26 '18 at 01:49

delacroix

1,033
2
7
8

116

votes

6 answers

Why should one not use the same asymmetric key for encryption as they do for signing?

In an answer to a question about RSA and PGP, PulpSpy noted this: It is possible to generate an RSA key pair using GPG (for both encryption and signing -- you should not use the same key for both). What is the reasoning behind this? Perhaps my…

cryptography encryption digital-signature

asked Jan 21 '11 at 20:06

Iszi

27,027
18
99
163

116

votes

5 answers

How to check if an SSH private key has passphrase or not?

Let's say I have access to the private portion of an RSA key-pair. How can I check if this key has associated passphrase or not?

public-key-infrastructure ssh passphrase

asked Jul 11 '16 at 11:18

kung

1,359
2
8
9

116

votes

4 answers

How would a resourceful government block Tor?

I came across this article saying that after the November 2015 Paris attacks, some French police officers proposed to ban Tor. Tor is used to circumvent censorship! What security techniques would governments use to block Tor?

tor internet government censorship

asked Dec 07 '15 at 18:08

user93895

1,123
2
8
7

115

votes

6 answers

I can't access websites that use HTTPS, instead getting the message "your connection is not private"!

I found myself suddenly unable to access websites that use HTTPS, so I contacted my service provider, and they asked me to install a certificate in the Trusted Root Certificate Authorities store. But something isn't right: installing a certificate…

tls certificates

asked Feb 02 '15 at 17:11

Tarek

1,063
2
7
9

115

votes

24 answers

How could I make the results of a yes/no vote inaccessible unless it's unanimous in the affirmative, without a trusted third party?

A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave, it would be best if the family knew about that so…

third-party electronic-voting

asked Aug 03 '20 at 04:00

TheHans255

1,268
2
6
13

115

votes

13 answers

Is it good or bad practice to allow a user to change their username?

I have looked all over online as well as this site to try to find out more information regarding the security of this, but haven't found anything. In my particular case, the product is a website, but I think this question applies for any software…

authentication web-application account-security credentials user-names

asked Dec 19 '17 at 21:02

Jeff Y

1,051
2
8
9

115

votes

9 answers

Why is it dangerous to open a suspicious email?

I would like to know why is it considered to be dangerous to open an email from an unknown source? I am using Gmail and I thought it's only unsafe to download an attachment and run it. The first thing that came into my mind was what if the email…

email xss

asked Sep 05 '16 at 08:10

Tomas

1,331
3
10
10

Most Popular