Personally, I would like to replace TLS with a protocol that allows you to just send a public key that they store in their database to look up your user information. Signing a certificate is unnecessary if you are only talking to the issuer of the certificate.
Stronger forms of password entry / token generation:
– Password entry in a special dialog that the browser presents, the browser calcuates the respective token
– Password entry in a special dialog that the host OS presents, the OS calcuates the respective token
– Tokens calculated on a separate hardware that protects the password.
I’ve haven’t been able to put my thoughts down, having two other major writings in progress at present, but this presentation has only renewed my vigor. An Agile Approach” to share my experiences. In closing, I’ve been wanting to write a paper for quite some time titled “Better Productivity and Quality.
The added safety of open source only kicks in after something becomes popular enough to get a lot of attention and eyes on it, looking for its flaws. And finding them (and flaws often come in groups, so keep looking boys. Merely being open does NOT guarantee that ANYONE EVER LOOKS AT THE SOURCE. And THEN it becomes more safe than closed source (on average), after all that. And you get big newsy stories like heartbleed. So therefore being open doesn’t guarantee anything at all.
Fabrice Derepas wrote:
With my team we have just performed a formal validation of an open source SSL stack. None of those possibilities inspires confidence in your software. If you believe your software is immune to security flaws then you are naive, foolish, or careless to claim so. If you don’t believe it, then you are dishonest. This SSL stack is now immune to security flaws.
No, C is not a descendant of ALGOL. It is a descendant of PDP-11 Assembler, with a little syntactic sugar added to make it tasty. It is certainly better than straight Assembler, but it does not build anything solid on top of linear-memory-addressing-with-GP-registers.
It was an excellent commendation that MySQL AB management considered so highly the contributions from the community. 1 has great potential to expand what options are available to user of MySQL. As mentioned in the opening keynote, MySQL with the Storage Engine API with MySQL 5.
Assembly implementations of ciphers are generally not going to give you a significant enough boost to even be worth the higher security risk compared to using an easier to verify implementation in a higher-level programming language. Maybe if you are using AES-NI or CLMUL instructions, but GCC provides library functions to access those anyway.
And BND even has a tapping method that has 100 times the cpacity of the GCHQ, they write in the spiegel book. The Spiegel book “DER NSA COMPLEX” mentions that BND is helping the nsa by tapping fibers in war zones crysis regions and development countries, where the NSA can not go in. Especially when it comes to tapping fibers. Spiegel mentions that BND is sometimes ahead of NSA.
Html they codenamed this operation “Flying Pig”. But it does not matter. This attack is only possible if you have either stolen the certificate or if you can decrpyt the session with the help of some bug. NSA IS running man in the middle attacks on websites using ssl: https://www.
In NGINX I’m using these settings:
ssl_protocols SSLv3 TLSv1 TLSv1. LOW;
ssl_session_cache builtin:1000 shared:SSL:10m;.
” That security model says decompose app into communicating components (typical), then enforce a specific information flow between those components. Highly secure platforms such as LOCK supported this structure. What you’re describing is a form of “assured pipelines. It has an internal security kernel that ensures each function properly uses other functions. Only actual crypto library I know that does this is cryptlib. This doesn’t stop, say, a memory attack but does allow one to ensure proper use of the crypto primitives. A form of it can be done in SELinux, as it’s a LOCK decendent.