SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security
 
...SHA TLS RSA WITH AES 256 CBC SHA TLS RSA WITH RC4 128 SHA TLS RSA WITH 3DES EDE CBC SHA TLS ECDHE ECDSA WITH AES 128 CBC SHA P256 TLS ECDHE ECDSA WITH AES 128 CBC SHA P384 TLS ECDHE ECDSA WITH AES 128 CBC SHA P521 TLS ECDHE ECDSA WITH AES 256 CBC SHA P256 TLS ECDHE ECDSA WITH AES 256 CBC SHA P384 TLS ECDHE ECDSA WITH AES 256 CBC SHA P521 TLS...
 
Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes
 
 
 
 
Expand article

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper
 
...SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which Prof. Wang can find collisions by hand, but RIPEMD-160 still stands.) Cryptographers are ecstatic about this development: as if they were a bit bored since the...
 
Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function
 
 
 
 
Expand article

A New Hash Competition

2008-05-22 14:32:02 by Editor in IEEE Security and Privacy
 
...SHA-2 standards aren't yet immediately threatened, but their long-term viability is now in question. The US National Institute of Standards and Technology (NIST) has therefore begun an international competition to select a new SHA-3 standard. This article outlines the competition, its rules, the requirements for the hash function candidates,...
 
Tags: nist sha-2 standards, competition, standards, nist, sha-3 standard, international competition, collision attacks, long-term viability, article outlines
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...share their processes and tools with us, but its rare to see a top-to-bottom product review released. In California, there was both white and black box testing done by different teams, and weve studied these reports to see the perceptions of development practices from other vendors and results of a different type of review process Something...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

Squirreling Backdoors Into Distribution Points

2007-12-19 22:16:35 by Chris Eng in Zero in a bit
 
...shadow of a doubt that MD5 is not an effective method for verifying software integrity. There was hardly any doubt that this attack would surface eventually, so why is MD5 still in such widespread usage Cryptographic weaknesses aside, a lot of people completely miss the mark with hashes. MD5 or SHA-1 (or any hash function) are not very...
 
Tags: md5 collisions, md5, md5 hashes, distribution, php, execute php code, execute, code, md5 unsafe
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...SHA-256 (or better Prevent XSS vulnerabilities by using filtering and escaping libraries around all Web output Secure your SQL script by only using prepared SQL statements - no string concatenation or string replacement Run these tools habitually PREfast (in Visual Studio 2005, use the /analyze compiler option) a static analysis tool that...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Got Entropy ?

2008-04-02 02:55:47 by Erik T. Heidt in Art of Information Security
 
...SHA-256 Discard the last block Steps 2 and 3 remove any patterns, such as MPEG file formatting, from the data Steps 4 and 5 generate a 32-byte random value ( 1024 to 1 compression in the hash Check it out at http://gotentropy.artofinfosec.com Can an Attacker Broadcast a Signal to Undermine This Such an attacker could not remove RF noise from...
 
Tags: entropy, random, 32-byte random, byte, hardware random, entropy sources, sequence, random sequence, pull entropy
 
 
 
 
 
Showing 1-7 of 7 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia