User Bruno Rohée - Information Security Stack Exchange

74 votes

Accepted

Is there ever a good reason _not_ to use TLS/SSL?

answered Aug 7, 2014 at 13:16

36 votes

Accepted

Why doesn't a TLS certificate with a domain name mask that doesn't match the site name trigger a warning in the browser?

answered Sep 19, 2022 at 15:38

29 votes

Accepted

How is OpenSSL related to OpenSSH?

answered Apr 28, 2011 at 23:16

27 votes

Accepted

Should I worry about compromised firmware when reinstalling an OS?

answered Jun 2, 2022 at 12:11

22 votes

What is the benefit of having FIPS hardware-level encryption on a drive when you can use Veracrypt instead?

answered Nov 24, 2020 at 10:29

18 votes

Accepted

OpenBSD vs. NetBSD security

answered Mar 29, 2011 at 22:43

15 votes

How secure is aSSL (javascript)? Does it effectively mimic SSL?

answered Nov 23, 2012 at 14:21

14 votes

Accepted

Why is the code CVE-2010-5298 used for a vulnerability discovered in 2014?

answered Jul 17, 2014 at 18:41

13 votes

Accepted

What is the "openssh-blacklist" package? Is it related to the Debian OpenSSL bug?

answered Apr 28, 2011 at 21:56

13 votes

Is Schneier's "Applied Cryptography" current?

answered Apr 18, 2011 at 12:47

13 votes

Why is there a "des-ede3-cbc" in my rsa private key?

answered Jun 29, 2015 at 1:27

12 votes

Accepted

How can the NSA remotely turn on your iPhone?

answered Jul 2, 2014 at 18:09

11 votes

Advantages and disadvantages of Stream versus Block Ciphers

answered Apr 2, 2011 at 13:45

9 votes

If you could have only one book on web security, what would it be?

answered Dec 8, 2011 at 15:56

8 votes

Why is "something you know" the weakest factor of authentication?

answered Oct 9, 2014 at 4:09

8 votes

Question of importance of FIPS in security implementations

answered May 28, 2011 at 17:45

8 votes

Spam fighting idea

answered Jun 21, 2011 at 15:43

8 votes

Getting rid of a large quantity of paper

answered Sep 13, 2011 at 14:23

6 votes

What are the chances to generate the same ssh key?

answered Apr 7, 2011 at 21:00

6 votes

Can 'cracked' product keys harm the user in any way?

answered Mar 27, 2015 at 10:37

5 votes

Accepted

The use of DES-CBC3 for TLS

answered Jun 13, 2016 at 11:10

5 votes

What are the realistic, and most secure crypto for Symmetric, Asymmetric, Hash, Message Authentication Code ciphers?

answered Apr 7, 2011 at 15:47

5 votes

Can you provide loss values on security breaches?

answered May 9, 2011 at 9:56

5 votes

Looking for example of well-known app using unsalted hashes

answered Apr 22, 2011 at 21:22

4 votes

Is it legal to log passwords from failed logins?

answered Oct 25, 2011 at 12:06

4 votes

What might be the legal and policy consequences of traffic sniffing?

answered May 28, 2011 at 20:32

4 votes

Sniffing 2400bps v22bis modem traffic

answered Jul 2, 2014 at 19:00

4 votes

Java support for TLS_DHE_RSA_WITH_AES_128_CCM

answered Apr 28, 2022 at 13:11

4 votes

Can DDNS provider perform a MITM attack?

answered Jun 20, 2022 at 13:19

4 votes

What software commonly generates RSA keys with public exponent 0x23 (35)?

answered Jun 24, 2022 at 14:55

Stack Exchange Network

85 Answers

Is there ever a good reason _not_ to use TLS/SSL?

Why doesn't a TLS certificate with a domain name mask that doesn't match the site name trigger a warning in the browser?

How is OpenSSL related to OpenSSH?

Should I worry about compromised firmware when reinstalling an OS?

What is the benefit of having FIPS hardware-level encryption on a drive when you can use Veracrypt instead?

OpenBSD vs. NetBSD security

How secure is aSSL (javascript)? Does it effectively mimic SSL?

Why is the code CVE-2010-5298 used for a vulnerability discovered in 2014?

What is the "openssh-blacklist" package? Is it related to the Debian OpenSSL bug?

Is Schneier's "Applied Cryptography" current?

Why is there a "des-ede3-cbc" in my rsa private key?

How can the NSA remotely turn on your iPhone?

Advantages and disadvantages of Stream versus Block Ciphers

If you could have only one book on web security, what would it be?

Why is "something you know" the weakest factor of authentication?

Question of importance of FIPS in security implementations

Spam fighting idea

Getting rid of a large quantity of paper

What are the chances to generate the same ssh key?

Can 'cracked' product keys harm the user in any way?

The use of DES-CBC3 for TLS

What are the realistic, and most secure crypto for Symmetric, Asymmetric, Hash, Message Authentication Code ciphers?

Can you provide loss values on security breaches?

Looking for example of well-known app using unsalted hashes

Is it legal to log passwords from failed logins?

What might be the legal and policy consequences of traffic sniffing?

Sniffing 2400bps v22bis modem traffic

Java support for TLS_DHE_RSA_WITH_AES_128_CCM

Can DDNS provider perform a MITM attack?

What software commonly generates RSA keys with public exponent 0x23 (35)?