Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Here's roughly the idea: Alice encrypts a file with key K and gives both to Bob, saying he should only use it to decrypt the file if something happens to Alice. To make sure he doesn't use his key too early, Alice wants to write an algorithm that when Bob tries to decrypt her file, she receives an email, and only if she does not take some action within a certain time (like 48h) will Bob be able to proceed with decrypting the file.
Is such a thing possible at all without a trusted third party?
Not in the negative form you've created. Bob has all the pieces required to decrypt the data. Once you have given a party all the pieces, there is no mechanism by which you can prevent them using those pieces (other than hoping that they will only use your software; security through hope is not a strong authentication). This is much of what escrow services (i.e. trusted third parties) exist to manage, not just in the data world, but the real world.
BTW, when designing security protocols, you probably want to get rid of even thinking in terms of "sends an email." This tends to lead to wrong thinking about the protocol. What you mean is "sends a message to Alice." The fact that the message is encoded as an email is completely irrelevant, and is likely to get you thinking in terms related to email implementations.
Related
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Reading articles like this one makes me wonder, is this a real world problem?
Say that someone (or something) wanted to crack my FTP login. The cracking software can deliver so and so many million guesses per second, but the server that is under attack can't possibly serve up that many "incorrect password" replies. In what kind of scenario do I need to worry about brute forcing?
If your database of password hashes is compromised, and they can try to crack it on their local machine
The point of these devices is to brute-force a password hash (from a leaked database).
No server is involved.
If they were trying to crack your FTP login, they wouldn't need lots of GPUs; they would simply need lots of network bandwidth.
The article says this, "Tools like Gosney’s GPU cluster aren’t suited for an “online” attack scenario against a live system. Rather, they’re used in “offline” attacks against collections of leaked or stolen passwords that were stored in encrypted form, Thorsheim said."
The article you linked already gives the answer to your question:
Tools like Gosney’s GPU cluster aren’t suited for an “online” attack scenario against a live system. Rather, they’re used in “offline” attacks against collections of leaked or stolen passwords that were stored in encrypted form, Thorsheim said. In that situation, attackers aren’t limited to a set number of password attempts – hardware and software limitations are all that matter.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I was thinking of creating an on-screen keyboard to protect against keyloggers. The main problem is that I have found that there is a category of keloggers, called screenshot key loggers, which are able to take screenshots of the screen every time the mouse button is clicked.
For this reason, I feel that my approach of creating an on-screen keyboard does not protect against this category of keyloggers. Is there a way of coding the application which does not allow screenshots to be taken, or else alerts the user if these are being taken without his permission?
Edit
I am assuming that only the user is present in the room. Therefore, I am not trying to protect against other users from taking photos with their digital cameras. I only want to protect against screenshot keyloggers.
This is an issue that Trusted Computing can potentially address, but not on any system you'd likely be trying to deploy this for. Beyond screenshots, remember that if a device or piece of code can have local access, screenshots are one way to take that data. Another way would be to take that data passing through memory or other avenues of processing through the system. It's a very hard thing to prevent entirely.
If you are that paranoid so that you cannot trust the computer you are working on, I would highly advise introducing "factor" in the authentication.
"Google Authenticator" is an open-source "two-factor" security system (like a software version of an RSA token). It means a user would have to have it running on their smartphone, but it means if one does NOT have the phone, even if they have successfully sniffed the username and password, they cannot log-in. Google "Google Authenticator".
Other 2-factor methods involve sending one-time login codes to ones' cell phone (which again must be held), using a hardware-token key, or a list of one-time-only passwords.
I actually created an Apache-specific port of this if you want to use it: https://code.google.com/p/google-authenticator-apache-module/
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I was always under the impression that whenever you provide a login interface and the user does not provide valid credentials you never confirm which of the username and password was incorrect as this can aid hacking attempts?
It would seem that wikipedia.org go against this standard of practices;
The answer is case-specific.
On one hand, you have public-usernames such as in websites that host forums such as StackOverflow and, in your example, Wikipedia. The term "public", in this sense, is used to mean that it is used as a public identifier for all to see. In these cases, it wouldn't make any sense to mask the fact that a username exists or not in a login form - this information is publicly accessible. Be it a page to view specific user's information or even by scanning every page on the website - you'd be able to enumerate a full list of users (at least, those that have contributed) with little effort.
On the other hand, you have private-usernames, such as ones used in banking applications. As a bank website would not (or at least, should never) display actual usernames on their site to anyone anywhere - the username is used purely as a website-identifier and authentication tool. In this case, it makes good sense to give a warning such as "The username/password combination you used is invalid." opposed to "The username you entered does not exist.".
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've seen lots of flash games with online highscores. Not just flash games, gamemaker games as well. How does the server side verify that the client has REALLY received the score that it has claimed to make?
Depends on how important it is to avoid cheaters. If it is not important, just trust the score coming from the client. If it is somewhat important, you might sign it with a key (though this key would need to be present in the client, and might be possible to reverse-engineer). If it is very important, you can monitor the entire course of the game, calculating the score on the server during play and detecting impossible actions; this will require cheaters to be able to play back an entire plausible game to your server in order to get you to trust their score.
For a game I made (not in flash) I dynamically provided a salt and the client code had to use this salt to make a hash of a few things (user name, IP, whole game, score) that I could verify on my server. This combined with a few things like debug detection (time based) seems to me to be strong enough for most cases.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Generally speaking.
How do a project manager evaluate and track the security issue for a project? Or is there any online resource that I can use as a reference ?
I would say that you would track this like everything else you track on your project.
Make sure that there is an architecture and project requirement review -- go though all aspect of the architecture and design and document any issues and questions as you go along. Depending on your application, it may include securing external communication and communication between different parts of the application, and understand any possibilities for malicious user input. If your application store any data, review what data is stored, and ask "what would happen if the data was lost or leaked". Understand how all sensitive data store is encrypted, and make sure that user passwords are never stored (store a oneway hash instead). Review how/if any encryption keys can be rotated, so that loss/leak of key does not mean compromise of security.
Document all issues and questions found in your favorite bug tracking and task management tool, even if just as reminder to get back and inspect actual implementation.
I think you add them as 'risks' or 'tasks' in your ALM system, depending on which phase you are current in with respect to your project.
How to evaluate security issues is usually deferred first to Devs or IT Profs depending on the nature and then reported back to the PM for review.