User AndrolGenhald - Information Security Stack Exchange

192 votes

4-dial combination padlock: Is it more secure to zero it out or to blindly spin the dials after locking?

answered Apr 13, 2018 at 14:19

184 votes

Accepted

Chrome generated passwords not high entropy?

answered Aug 1, 2018 at 21:20

124 votes

Accepted

How can I be pwned if I'm not registered on the compromised site?

answered Mar 4, 2019 at 13:32

84 votes

Accepted

How can SSH server know private key is incorrect if passphrase havent been provided yet?

answered Jan 9, 2019 at 16:16

82 votes

Accepted

How many rounds of hashing is enough for a password manager?

answered Jun 28, 2018 at 14:38

59 votes

Accepted

Why should we sometimes use --+ instead of -- in SQL injection to comment the rest of the query?

answered Oct 22, 2018 at 16:05

47 votes

Accepted

Why is my computer making requests to my Roku about spotify?

answered Feb 5, 2019 at 3:03

47 votes

Accepted

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

answered Apr 7, 2019 at 16:23

47 votes

Accepted

Why would image resources loaded from different origins triggering HTTP authentication dialogs be harmful?

answered Sep 5, 2019 at 3:58

46 votes

How to secure passwords over HTTP?

answered Nov 9, 2018 at 14:09

43 votes

Recover deleted file despite full disk encryption

answered Nov 10, 2017 at 18:05

22 votes

What would be the key size for a picture used as a key?

answered Nov 5, 2018 at 21:13

17 votes

Why iterate 5200 times when computing Safety Numbers in Signal?

answered Oct 15, 2018 at 17:02

17 votes

Accepted

Why not store password in cookie?

answered Feb 4, 2019 at 23:01

17 votes

How to verify the checksum of a downloaded file (pgp, sha, etc.)?

answered Jul 10, 2018 at 20:02

17 votes

Accepted

Maximum tries for 2FA code?

answered May 16, 2018 at 15:11

17 votes

Accepted

Does HSTS protect against a rogue CA issuing a illegitimate valid certificate?

answered Sep 20, 2019 at 17:25

14 votes

How bad would a partial hash leak be, realistically?

answered May 31, 2019 at 17:53

14 votes

How likely is a collision using MD5 compared to SHA256 (for checking file integrity)?

answered Feb 11, 2019 at 15:21

13 votes

Accepted

Appending a secret (pepper) to Argon2 password hashes

answered Mar 26, 2019 at 21:25

12 votes

Why can't I share a one use code with anyone else?

answered May 13, 2019 at 16:32

11 votes

IP address opening email

answered Jul 31, 2019 at 15:48

11 votes

Accepted

Why using the premaster secret directly would be vulnerable to replay attack?

answered Sep 23, 2019 at 2:47

11 votes

How bad is using date to generate a "random" password?

answered Nov 29, 2018 at 18:05

10 votes

Why is linux filesystem considered DAC and not MAC

answered Dec 5, 2018 at 14:12

10 votes

Accepted

Securing hashes of short enumerated values

answered Jul 9, 2018 at 15:34

9 votes

Accepted

What happens to a pass vault when the GPG key expires?

answered Oct 1, 2018 at 17:00

9 votes

Accepted

Why bother with certain types of 2fa if they can be easily bypassed?

answered Sep 6, 2018 at 17:20

8 votes

Accepted

Why can a man-in-the-middle attack not happen with RSA?

answered Jul 12, 2018 at 20:47

8 votes

Accepted

Does Strict-Transport Security Header (HSTS) need to be applied to non 200 response pages (e.g. 403, 302)

answered Jul 13, 2018 at 14:45

Stack Exchange Network

195 Answers

4-dial combination padlock: Is it more secure to zero it out or to blindly spin the dials after locking?

Chrome generated passwords not high entropy?

How can I be pwned if I'm not registered on the compromised site?

How can SSH server know private key is incorrect if passphrase havent been provided yet?

How many rounds of hashing is enough for a password manager?

Why should we sometimes use --+ instead of -- in SQL injection to comment the rest of the query?

Why is my computer making requests to my Roku about spotify?

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

Why would image resources loaded from different origins triggering HTTP authentication dialogs be harmful?

How to secure passwords over HTTP?

Recover deleted file despite full disk encryption

What would be the key size for a picture used as a key?

Why iterate 5200 times when computing Safety Numbers in Signal?

Why not store password in cookie?

How to verify the checksum of a downloaded file (pgp, sha, etc.)?

Maximum tries for 2FA code?

Does HSTS protect against a rogue CA issuing a illegitimate valid certificate?

How bad would a partial hash leak be, realistically?

How likely is a collision using MD5 compared to SHA256 (for checking file integrity)?

Appending a secret (pepper) to Argon2 password hashes

Why can't I share a one use code with anyone else?

IP address opening email

Why using the premaster secret directly would be vulnerable to replay attack?

How bad is using date to generate a "random" password?

Why is linux filesystem considered DAC and not MAC

Securing hashes of short enumerated values

What happens to a pass vault when the GPG key expires?

Why bother with certain types of 2fa if they can be easily bypassed?

Why can a man-in-the-middle attack not happen with RSA?

Does Strict-Transport Security Header (HSTS) need to be applied to non 200 response pages (e.g. 403, 302)