Highest Voted Questions - IT Security Stack Exchange

202

votes

4 answers

Amount of simple operations that is safely out of reach for all humanity?

Cryptographic primitives usually assert some security level given as number of operations to mount an attack. Hash functions, for example, give different security levels for collision attacks, preimage attacks and second preimage attacks. From…

asked Aug 11 '11 at 17:35

Nakedible

4,571
4
28
23

201

votes

8 answers

Why not use larger cipher keys?

RSA Security commonly uses keys of sizes 1024-bit, 2048-bit or even 3072-bit. And most Symmetric algorithms only between 112-bit and 256-bit. I do realize that the current keys are secure enough for today's hardware, but as computers get faster,…

asked Dec 13 '12 at 11:48

Koning

1,653
3
11
5

201

votes

22 answers

How can I explain to non-techie friends that "cryptography is good"?

After that case in which Brazilian government arrested a Facebook VP due to end-to-end encryption and no server storage of messages on WhatsApp to prove connection with a drug case, it's become pretty common for friends of mine to start…

asked May 13 '16 at 18:54

user28177

200

votes

3 answers

Don't understand how my mum's Gmail account was hacked

My mum (on Gmail, using Chrome) received an email from a friend's Hotmail address. She opened the email (very obviously a phishing email) and clicked a link in it. This opened a webpage with loads of medical ads on. She closed the page and deleted…

asked Feb 23 '14 at 19:54

cja

1,639
3
12
9

199

votes

10 answers

Search for military installed backdoors on laptop

My laptop was confiscated by the military institute of my country and they made me to give them all my passwords (I cannot tell you the name of my country). They did not give it back to me for one week (yes, it was out of my sight for a while). I…

asked Dec 18 '18 at 10:43

Posse

1,811
2
8
15

197

votes

7 answers

How can I protect myself from this kind of clipboard abuse?

Clipboard abuse from websites Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is mostly used for advertising purposes, but PoC for…

asked Jul 18 '13 at 00:08

sam hocevar

1,909
2
13
9

196

votes

4 answers

How does Windows 10 allow Microsoft to spy on you?

Windows 10 is perhaps the most Internet-connected and cloud-centric operating system released by Microsoft to date. This, of course, has caused many users to be concerned about how the OS respects their privacy (or doesn't). Multiple sources are now…

asked Aug 13 '15 at 09:26

user83026

194

votes

4 answers

SSH key-type, rsa, dsa, ecdsa, are there easy answers for which to choose when?

As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some information about differences between the types, but not…

asked Oct 30 '12 at 12:50

user50849

2,580
2
17
15

193

votes

6 answers

Isn't Ubuntu's system prompt for my password spoofable?

Sometimes, Ubuntu shows the following window: This window can be caused by some background processes running, such as an automatic update, or a process which reports bugs to Canonical which manifests itself this way: Since those are background…

asked Aug 13 '17 at 13:10

Arseni Mourzenko

4,744
6
24
31

189

votes

6 answers

Does Facebook store plain-text passwords?

I was about to reset my Facebook password and got this error: Your new password is too similar to your current password. Please try another password. I assumed that Facebook stores only password hashes, but if so, how can they measure passwords…

asked Mar 16 '14 at 16:58

Michał Šrajer

4,184
4
19
21

188

votes

5 answers

How and when do I use HMAC?

I was reading HMAC on wikipedia and I was confused about a few points. Where do I use HMAC? Why is the key part of the hash? Even if someone successfully used a "length-extension attack", how would that be useful to the attacker?

hmac

asked Sep 13 '12 at 11:22

user5575

187

votes

6 answers

ECDSA vs ECDH vs Ed25519 vs Curve25519

Among the Elliptic Curve Cryptography (ECC) algorithms available in OpenSSH (ECDH, ECDSA, Ed25519, Curve25519), which offers the best level of security, and (ideally) why?

asked Feb 04 '14 at 09:53

Omar

1,973
2
12
5

187

votes

6 answers

How do I deal with a compromised server?

I suspect that one or more of my servers is compromised by a hacker, virus, or other mechanism: What are my first steps? When I arrive on site should I disconnect the server, preserve "evidence", are there other initial considerations? How do I go…

system-compromise

asked Jul 19 '13 at 17:40

Lucas Kauffman

54,437
17
116
196

186

votes

9 answers

Is the NHS wrong about passwords?

An NHS doctor I know recently had to do their online mandatory training questionnaire, which asks a bunch of questions about clinical practice, safety and security. This same questionnaire will have been sent to all the doctors in this NHS…

asked Oct 06 '16 at 20:31

Robin Winslow

1,758
2
11
11

184

votes

9 answers

How to determine what type of encoding/encryption has been used?

Is there a way to find what type of encryption/encoding is being used? For example, I am testing a web application which stores the password in the database in an encrypted format (WeJcFMQ/8+8QJ/w0hHh+0g==). How do I determine what hashing or…

asked May 20 '11 at 11:12

Karthik

2,324
4
19
19

Most Popular