Making the High Security of Repeated Hashing Practical
Last week I explained how repeated hashing works. Our user Alice can prove that she knows her secret without exposing that secret, and the server can verify this without knowing what her secret is. The follow-up question is – how to make it practical? My explanation last week told you how repeated hashing works, but […]
File System Encryption: When Is It Worthwhile?
Encryption is used to protect confidentiality. But what role should it play within your operating systems for protecting file systems? The answer, as so often, is “it depends.” Physical Theft A laptop or detachable media such as USB-connected external disks and thumbdrives could easily be stolen or lost. Especially with smaller objects, you may not […]
How ErsatzPasswords Hide the Real Passwords and Detect Attacks
Researchers at Purdue’s CERIAS group have developed a way of strengthening traditional password authentication against sophisticated attacks. Not only is the defense practical — you can download the PAM security module from GitHub — but it also includes a built-in alarm that warns you when attacker try to use decoy passwords they believe they have […]