background preloader

Security

Facebook Twitter

Browsing

Cryptography. Protection. Designing an Authentication System: a Dialogue in Four Scenes. Copyright 1988, 1997 Massachusetts Institute of Technology.

Designing an Authentication System: a Dialogue in Four Scenes

All Rights Reserved. Originally written by Bill Bryant, February 1988. Cleaned up and converted to HTML by Theodore Ts'o, February, 1997. An afterword describing the changes in Version 5 of the Kerberos protocol was also added. Abstract This dialogue provides a fictitious account of the design of an open-network authentication system called "Charon. " Contents Dramatis Personae Scene I A cubicle area. Scene II Euripides' office, the next morning. Scene III The next morning, Athena catches Euripides at the coffee area.

The two head for the coffee machine. Scene IV The next morning in Euripides' office. Afterword The dialogue was written in 1988 to help its readers understand the fundamental reasons for why the Kerberos V4 protocol was the way it was. When I converted this document to HTML, I was amazed how much of this document was still applicable for the Kerberos V5 protocol. KDC_REPLY = {TICKET, client, server, K_session}K_user. You Want Salt With That? - Security tutorial. A poster to one of the Joel On Software fora the other day asked what a "salt" was (in the cryptographic sense, not the chemical sense!)

You Want Salt With That? - Security tutorial

And why it's OK to make salts public knowledge. I thought I might talk about that a bit over the next few entries. But before I do, let me give you all my standard caution about rolling your own cryptographic algorithms and security systems: don't. It is very, very easy to create security systems which are almost but not quite secure. A security system which gives you a false sense of security is worse than no security system at all! OK, so suppose you're managing a resource which belongs to someone -- a directory full of files, say. PBKDF2. PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898.

PBKDF2

It replaces an earlier standard, PBKDF1, which could only produce derived keys up to 160 bits long. Key derivation process[edit] The PBKDF2 key derivation function has five input parameters: DK = PBKDF2(PRF, Password, Salt, c, dkLen) where: PRF is a pseudorandom function of two parameters with output length hLen (e.g. a keyed HMAC)Password is the master password from which a derived key is generatedSalt is a cryptographic saltc is the number of iterations desireddkLen is the desired length of the derived keyDK is the generated derived key Each hLen-bit block Ti of derived key DK, is computed as follows: DK = T1 || T2 || ... || Tdklen/hlen Ti = F(Password, Salt, c, i) The function F is the xor (^) of c iterations of chained PRFs. References[edit] Logjam: How Diffie-Hellman Fails in Practice.

Telegram Messenger. TAILS & TOR. Privacy Captcha. Five free pen-testing tools. Computerworld - Security assessment and deep testing don't require a big budget.

Five free pen-testing tools

Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with. For scanning in the first steps of a security assessment or pen test, Nmap and Nessus share the crown. Nmap is a simple, powerful and very well-reviewed scanner that one finds in the toolbox of any serious security consultant. Nmap and its Zenmap graphical interface are free and available at nmap.org for virtually any platform from Vista and OS X to AmigaOS, and will happily run on low-power systems. Nessus performs scans and up-to-date vulnerability testing in one interface, through a purchased "feed" of vulnerability modules for the freely downloadable application. The Metasploit Framework provides more operating system and application exploit information than most analysts would know what to do with.

Five steps to successful and cost-effective penetration testing. Computerworld - Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent. 1.

Five steps to successful and cost-effective penetration testing

Set goals. Make sure you know before you start your penetration testing what you want the results to encompass. DNS-Based Web Security. KON-BOOT - ULTIMATE WINDOWS/LINUX HACKING UTILITY :-) System Requirements: Pentium III compatible processor, 10MB free space on the hard drive.

KON-BOOT - ULTIMATE WINDOWS/LINUX HACKING UTILITY :-)

CD-ROM, Floppy Drive or USB flash drive, keyboard, Internet connection (for product download). Compatible BIOS version.Windows system is required for installer to run. USB flash drive is required for the EFI version to work. Disk encryption is not supported. Tablets are not supported. Supported target systems: All Windows systems starting from Windows XP to Windows 10 (please note, authorization through domain controller is not officialy supported).

Free Kon-Boot version is still available but it does not support 64 bit systems and Windows 7/Windows 8/Windows 10. Will Hack For SUSHI. Australian Government Initiative - Stay Smart Online.