SEARCH RESULTS
 
Showing 1-10 of 61 records
 
Expand article

Third Parties Controlling Information

2008-02-27 05:46:46 by schneier in Schneier on Security
 
...Bits and pieces of the web disappear all the time. It's called "link rot," and we're all used to it. A friend saved 65 links in 1999 when he planned a trip to Tuscany; only half of them still work today. In my own blog , essays and news articles and websites that I link to regularly disappear -- sometimes within a few days of my linking to...
 
Tags: regularly disappear, regularly, disappear, position papers disappear, web bulletin board, web, information, entire websites disappear, internet
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...bits for secret-key ciphers; RSA or Diffie-Hellman >= 2048 bits or ECC >= 256 bits for public-key ciphers; SHA2 for hashing; and >= 128 bit key lengths for HMACs) for new code. This pretty much covers #8 on OWASPs list, Insecure Cryptographic Storage As for the rest of the OWASP Top Ten list, we still have some work to do to more fully...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle
 
...bits for (i=iLow; i case 1 : // set upper bits for (i=iLow; i case 2 : // toggle all bits for (i=iLow; i case 3 : // set to random chars for (i=iLow; i case 4 : // set NULL chars to (possibly) non-NULL for (i=iLow; i case 5 : // swap adjacent bytes for (i=iLow; i case 7 : // set bytes to one random char ch=(char)(rand() % 256 for (i=iLow; i...
 
Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz
 
 
 
 
Expand article

The Skein Hash Function

2008-10-29 04:35:29 by schneier in Schneier on Security
 
...bits, 512 bits, and 1024 bits -- and any output size. This allows Skein to be a drop-in replacement for the entire SHA family of hash functions. A completely optional and extendable argument system makes Skein an efficient tool to use for a very large number of functions: a PRNG, a stream cipher, a key derivation function, authentication...
 
Tags: skein, hash function, function, implement skein-256, implement, skein hashes data, skein website, hashes data, key derivation function
 
 
 
 
Expand article

Skein and SHA-3 News

2008-11-19 06:14:48 by schneier in Schneier on Security
 
...bits for Skein-256, 512 for Skein-512, and 1024 for Skein-1024), instead of a constant 256 bits for all three sizes. This error has no cryptographic significance, but affected the test vectors and the initialization values. The revised code also fixes a bug in the MAC mode key processing. This bug does not affect the NIST submission in any...
 
Tags: skein, skein-1024, skein-512, skein express surprise, skein website, skein code, submissions share, submissions, code
 
 
 
 
Expand article

The Cipher on the Wall

2007-05-24 00:00:00 by Ari Juels in Speaking of Security, the RSA Blog and Podcast
 
...bits is the length of many RSA keys used in practice today, a short journalistic leap of fancy raises the specter of imperiled retail transactions on the Web. If there is writing on the wall for 1024-bit RSA, though, what's written is in cipher--and it's wholly unclear how long the cryptanalysis will take
 
Tags: wall, 1024-bit rsa, short journalistic leap, recent announcement, retail transactions, wholly unclear, cipher, fancy raises, trade publication
 
 
 
 
Expand article

Cracking passwords on a PlayStation

2007-12-03 16:37:00 by Keith Brown in Security Briefs
 
...bits! If you used a 12 character password, it's only a 79-bit keyspace. And that's the best case, assuming you included numbers, punctuation characters, as well as upper and lower-case letters, and generated it from a good random source. If you only used numbers, you'd end up with a whopping 40-bit keyspace Hervey and I worked on an article...
 
Tags: password, character password, key, password database, keyspace, 256-bit aes key, 40-bit keyspace, passwords, encryption
 
 
 
 
Expand article

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security
 
...bits, except for the last two that use no encryption -- because it gives you better performance than the longer bit lengths. In almost all cases, a 128-bit key is more than sufficient to protect the information you're exchanging over HTTPS However, if you require something longer, and want to change the default, you can. Here's how Open your...
 
Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes
 
 
 
 
Expand article

Playing around with my blog

2007-09-26 18:40:21 by Steve Riley in Steve Riley on Security
 
...bits of info for you A ClustrMap , that shows the locations around the world where people read my blog from. I registered the thing back in December 2006, but just figured out how to add it to the blog software a few days ago My bookmarks from del.icio.us . I just started this yesterday and I've put in some links that many of you ask about....
 
Tags: blog, time, blog software, technorati favorites, days ago, ordinary citizens, technorati stuff, right-hand column, blood boil
 
 
 
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...bits die hard. For most of the history of information security, emphasis on security has roughly followed this model Historical approaches to security have placed most emphasis on the network, with decreasing consideration of individual computers and the applications they run, and the least amount of consideration for the security of the...
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes