Information Security Stack Exchange by Kiwix

Q&A for information security professionals

Most popular questions

1077 XKCD #936: Short complex password, or long dictionary passphrase? 2011-08-10T21:38:03.210

982 How does SSL/TLS work? 2012-09-28T07:51:55.707

700 How to securely hash passwords? 2010-11-12T12:36:34.773

592 What technical reasons are there to have low maximum password lengths? 2013-03-30T21:30:36.967

529 Do any security experts recommend bcrypt for password storage? 2010-09-16T00:05:56.970

515 How can I explain SQL injection without technical jargon? 2012-12-20T04:06:00.943

507 How does changing your password every 90 days increase security? 2011-06-22T13:36:45.887

450 What's the difference between SSL, TLS, and HTTPS? 2011-07-10T16:40:01.383

431 Is my developer's home-brew password security right or wrong, and why? 2012-12-18T14:51:12.093

407 How to store salt? 2012-07-20T06:28:12.467

405 Are passwords stored in memory safe? 2013-01-14T19:30:00.520

400 RSA vs. DSA for SSH authentication keys 2011-07-08T23:22:00.510

399 Is it bad practice to use your real name online? 2013-12-06T11:36:25.940

353 How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it? 2011-08-15T18:58:31.950

336 I found that the company I work for is putting a backdoor into mobile phones 2012-05-17T16:11:07.247

280 Is it normal for auditors to require all company passwords? 2017-10-25T17:20:55.147

274 CRIME - How to beat the BEAST successor? 2012-09-08T19:39:32.443

267 How did "tech-supportcenter" phishers trick Google? 2017-06-02T18:21:09.713

266 How can someone go off-web, and anonymise themselves after a life online? 2013-12-18T21:57:52.900

261 How does Google know where I am? 2016-09-21T14:58:50.517

258 What's the rationale behind Ctrl-Alt-Del for login 2013-04-28T13:10:46.083

258 SQL injection is 17 years old. Why is it still around? 2016-06-27T05:13:09.487

249 What makes Docker more secure than VMs or bare metal? 2017-09-17T22:08:37.647

244 Consequences of the WPA2 KRACK attack 2017-10-16T09:32:34.993

241 How to explain Heartbleed without technical terms? 2014-04-10T05:21:49.403

237 How is the "WannaCry" Malware spreading and how should users defend themselves from it? 2017-05-12T19:02:43.297

234 Is the save button delay in a Firefox download dialog a security feature? What does it protect? 2016-03-21T06:32:06.000

232 Is BASIC-Auth secure if done over HTTPS? 2010-12-05T22:42:45.140

232 What is certificate pinning? 2013-01-30T23:27:08.263

231 SSL3 "POODLE" Vulnerability 2014-10-14T23:50:28.497

227 Passwords being sent in clear text due to users' mistake in typing it in the username field 2013-03-05T16:09:55.230

223 Why are salted hashes more secure for password storage? 2014-02-20T20:58:40.367

220 Why would you not permit Q or Z in passwords? 2014-05-14T00:56:56.187

218 Tracing the location of a mobile IP from an email 2016-05-06T16:50:52.453

214 How exactly does the OpenSSL TLS heartbeat (Heartbleed) exploit work? 2014-04-08T07:40:22.917

213 How do certification authorities store their private root keys? 2012-12-03T14:12:39.953

213 What is the difference between and 2013-03-10T15:03:15.303

210 Is there any reason to not show users incorrectly entered passwords after a successful login? 2016-09-09T18:35:53.557

208 My college is forcing me to install their SSL certificate. How to protect my privacy? 2015-11-04T13:57:57.233

204 What is a specific example of how the Shellshock Bash bug could be exploited? 2014-09-25T00:30:37.223

203 Is "the oft-cited XKCD scheme [...] no longer good advice"? 2014-07-10T05:16:43.553

202 Why are hash functions one way? If I know the algorithm, why can't I calculate the input from it? 2012-02-14T11:09:49.977

199 Is there any reason to disable paste password on login? 2016-07-27T02:31:22.983

198 How to find live hosts on my network? 2013-05-19T18:03:08.053

193 "Diffie-Hellman Key Exchange" in plain English 2013-11-24T01:10:08.450

192 Why not use larger cipher keys? 2012-12-13T11:48:53.040

191 How can I explain to non-techie friends that "cryptography is good"? 2016-05-13T18:54:03.457

188 What should you do if you catch encryption ransomware mid-operation? 2016-04-17T15:07:31.077

185 How does Windows 10 allow Microsoft to spy on you? 2015-08-13T09:26:36.987

184 Password Hashing: add salt + pepper or is salt enough? 2011-04-22T09:53:02.063


  All tags