Newest Questions

I'm putting some effort to attain SLSA level 3 compliance for a closed source, direct to consumer software, and I'm wondering how folk communicate progress to the public. Is there some sort of ...

With the ongoing phishing campaign storm-2372, targeting the device code flow for authentication, we would like to disable this flow for our users. However, the device code flow is essential for many ...

I do not know much about how MS Windows interprets client certificates but I was faced with a statement I have a hard time integrating. The context: organization EXAMPLE has an Active Directory and an ...

I've been considering switching from SRP to OPAQUE, because I like the idea that verifiers (which can be subject to dictionary attacks) are never communicated over the protocol, even during ...

we have found SQL injection on a PostgreSQL database. Stacked and UNION payloads. We have created a table to store data as needed and the UNION to extract either from the table or to pull out data ...

Several sources claim one should power off and on mobile devices weekly. While the effect on overall security might be minor it should (among other things) clear temporary files where malicious code ...

In my research on image encryption, I use the metrics below to evaluate the level of distortion between the original image ( I ) and its encrypted version ( I' ): MSE (Mean Squared Error) MAE (Mean ...

So I'm implementing RSA encryption. I'm processing input in chunks of known constant size (depends on modulus) but the last chunk might be smaller so I save its size in plaintext at the end of output ...

In my current pubring.kbx I found an old secret key with no expiry date set and its subkey, for that I have forgotten the passphrase. In the same file I have another better maintained key. I tried to ...

My app so far was using only access tokens. And whenever the token expired, the user had to log-in again. That's the reason I want to start using refresh tokens. They can apparently be stored server ...

setup I have inherited this infrastructure setup app A handles the frontend. The server is very small and it mainly just calls app B. app B is an API server. It's both a resource server and the ...

During the installation of VeraCrypt, the user chooses a password and is afterwards asked to move the mouse some time randomly over a field to increase the cryptographic strength of the generated ...

If I have a webserver which allows outgoing traffic on all ports. What are the risks? I understand that incoming traffic should be limited to HTTPS, HTTP and other required ports for communication. I ...

I am working on multiple github workflows and these workflows need to reach other private repos within my organizations (these workflows might need to read and clone these repos or activate other ...

Given that a passkey creation attempt fails, what are the steps one can take to identify the cause of the failure? It there a local log of browser passkey interaction? Is there a failure code ...