Skip to main content
Information Security

All Questions

Ask Question
Tagged with
185 questions
Newest Active Bountied Unanswered
0 votes
0 answers
82 views

NTRU - How is the master key and session key generated?

I am learning the PKC topics and would like to understand about the master and session key generation process regarding NTRU. Let's make it a scenario, if a user wants to register during the ...
Chris Lo's user avatar
Chris Lo
  • 9
0 votes
0 answers
152 views

How to prevent public key tampering

I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor ...
Croksie's user avatar
Croksie
  • 1
3 votes
1 answer
373 views

A web browser localy encrypted by default

Some years ago, I've found a web browser which I can't remember the name. It had pretty impressive security standards. For example: Symmetric encryption key (password) is mandatory for saving ...
cryptostudy's user avatar
cryptostudy
  • 31
0 votes
2 answers
497 views

Ransomware public key: can I find the respective private key?

I got a ransomware called StopDjvu. On my PC, I have found the public key that is used by the malware (maybe RSA hardcoded). Is it possible to extract the private key from the public key?
ransomhate's user avatar
ransomhate
  • 1
0 votes
0 answers
301 views

Securing the Server Hello in TLS 1.3

I've been trying to better understand TLS, and am stuck on one point with TLS 1.3. I understand that the Client makes an assumption regarding which Cipher Suite the Server will select, and includes a ...
DoubtingThomas3005's user avatar
DoubtingThomas3005
  • 113
0 votes
1 answer
154 views

How do you trust two different cloud provider servers?

I've found a question with an answer here on Security StackExchange or on Unix StackExchange, but I can't find it anymore apparently :( If you find this answer already, help would be appreciated, I ...
Sir Muffington's user avatar
Sir Muffington
  • 1,633
0 votes
2 answers
164 views

Secure data (+ private key) storage in an insecure public cloud environment

We are trying to encrypt files in a manner that they can be completely secure in an insecure environment (like a public cloud). We're talking about military grade secure. The data should be so secure ...
Munchkin's user avatar
Munchkin
  • 264
1 vote
2 answers
1k views

Possible attacks using public key in a certificate

this is purely an exploratory question. If this is not the right place to ask for it, please point me to the right one. TLS version: TLS 1.2 CIPHER SUITE : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (any ...
Abhilash Gopalakrishna's user avatar
Abhilash Gopalakrishna
  • 113
0 votes
3 answers
611 views

Is the Initial Public Key Transfer Process in Public Key Encryption Vulnerable to MITM on Public Networks?

(shown in step 1): Is the initial process in public key encryption where the public key is transferred across the network done in plaintext? It seems like it must be, which essentially means that no ...
twominds's user avatar
twominds
  • 101
5 votes
1 answer
935 views

Impact of having more X509v3 Key Usage fields than required?

I was wondering if having an "oversubscription" of "Key usage fields" inside a X509v3 certificate can negatively impact the performance and/or the security of a server. For example ...
metriXc's user avatar
metriXc
  • 65
0 votes
3 answers
482 views

Nextgen firewalls - encrypted traffic inspection

I read recently about next generation firewalls that use deep-packet-inspection, intrusion-prevention and something the manufacturers call encrypted-traffic-inspection, encrypted-traffic-analytics. ...
Roman Gherta's user avatar
Roman Gherta
  • 111
3 votes
2 answers
2k views

is this a good practice for storing private keys?

I'm working on a centralized exchange for cryptocurrencies. the approach that I'm taking for some reasons is to create an account(private key) per user inside platform. so these accounts should be ...
omid's user avatar
omid
  • 33
4 votes
2 answers
277 views

Is Java's probablePrime used in production?

Prime numbers are core in security. I saw this question about Java's probablePrime and was wondering if that API/approach is indeed used for real production-ready security code or other approaches are ...
Jim's user avatar
Jim
  • 183
0 votes
0 answers
167 views

Reused key issue in Asymmetric Encryption

We all hear often about the reused key issue in block cipher. For example, for a picture being encrypted by the electronic codebook mode, we will still see the shape of the picture. https://images.app....
Alex Tse's user avatar
Alex Tse
  • 3
1 vote
1 answer
682 views

Is it allowed to store billing address for merchants SAQ A merchants? (PCI DSS)

I know there are many limitations for data storing and processing by PCI DSS. Some of them are explained here. https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf But I can't find any ...
Vlad's user avatar
Vlad
  • 33

15 30 50 per page
1
2 3 4 5
13