Sometimes it is necessary to generate a password. This might be done to create a secure account on a machine, or to reset a user’s password via email (although a one-time use security token is a much better answer). Another possible use is to generate passwords for your own use on a website. There are [...]

 

So I ran into this article entitled “How to Create a Personal Encryption Scheme to Easily Hide Your Data in Plain Sight” on lifehacker. I just want to say: This is a REALLY bad idea. The recommendation is to create you’re very own personal ‘encryption‘ system to encode you’re personal information in plain site. The [...]

 

If you’ve missed it there is great article entitled Keep it secret, keep it safe by Eric Lippert. Essentially it attempts to dissect the essence of typical crypto issues in plain English (i.e. crypto for dummies). He did a great job of explaining the difficulties in key management, worth a read. I found it particularly [...]

 

Last year I ran across this 2009 post by Bruce Schneier entitled “Another New AES Attack“. It got me thinking about and dissecting the Rijndael algorithm which most of you know as AES (Advanced Encryption Standard). This research surprised me, I found that AES has only three variants. These variants are best known by their key [...]

 

A good friend of mine who is the definition of a ‘Security Expert’ replied to my recent post regarding the use of current encryption technologies. He had this to say about my assertion that PKI cannot prove my identity: PKI-based authentication can prove who you are, to the extent it can prove that the name [...]

 

An excerpt of a recent slashdot post: “… I wanted to ask the Slashdot community, what do you think the hold up is (regarding use of encryption)? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption [...]