Most Popular
1500 questions
47
votes
12 answers
Why should I care if a site uses encryption or not if I'm not exchanging any sensitive data?
Lots of sites these days, that don't deal with sensitive data, enable encryption. I think it's mostly to make (paranoid?) users feel safer. In cases where there is a user's account being logged in, their personal data accessed, I see how it can be…
user1306322
- 916
- 7
- 15
47
votes
2 answers
Is mosh now recommended by the security experts? (2014)
Mosh has been around for a while now. Although it's claimed to be "a replacement for SSH" by its authors, mosh does actually depend on ssh to do the initial authentication, after which an instance of the mosh binary is started on the server, the…
cnst
- 1,884
- 3
- 19
- 30
47
votes
4 answers
Security of passphrase-protected private key
If an attacker obtains a private key that was created with no passphrase, he obviously gains access to everything protected with that key. How secure are private keys set up with a passphrase? If an attacker steals a passphrase-protected key, how…
jrdioko
- 13,071
- 7
- 30
- 38
47
votes
5 answers
Should usernames be kept secret?
Help me settle an discussion among colleagues and guide future design:
Even in a high impact scenario: e.g. protecting payment application or government gateway but in an Internet accessible application
Is it worthwhile implementing any of the…
Rakkhi
- 5,803
- 1
- 23
- 47
47
votes
7 answers
How does Tor protect against an attacker just running thousands of nodes?
Does Tor have any protection against an adversary simply running a very large number of nodes?
Someone with the necessary resources could just run thousands of relay nodes (including exit nodes). If they were an organization like the NSA, they could…
jdm
- 941
- 9
- 11
47
votes
3 answers
I found obfuscated code in a comment on my blog. What should I do?
Today I was checking comments on my blog and I found a strange comment, here is the exact text