Information Security Stack Exchange by Kiwix

Q&A for information security professionals

Most popular questions

1201 XKCD #936: Short complex password, or long dictionary passphrase? 2011-08-10T21:38:03.210

1160 How does SSL/TLS work? 2012-09-28T07:51:55.707

837 How to securely hash passwords? 2010-11-12T12:36:34.773

807 What technical reasons are there to have low maximum password lengths? 2013-03-30T21:30:36.967

609 Do any security experts recommend bcrypt for password storage? 2010-09-16T00:05:56.970

574 How does changing your password every 90 days increase security? 2011-06-22T13:36:45.887

551 What's the difference between SSL, TLS, and HTTPS? 2011-07-10T16:40:01.383

543 How can I explain SQL injection without technical jargon? 2012-12-20T04:06:00.943

523 Is my developer's home-brew password security right or wrong, and why? 2012-12-18T14:51:12.093

522 Police forcing me to install Jingwang spyware app, how to minimize impact? 2018-09-24T13:21:43.643

515 Why can I log in to my Facebook account with a misspelled email/password? 2019-08-06T21:26:02.770

507 How to store salt? 2012-07-20T06:28:12.467

459 RSA vs. DSA for SSH authentication keys 2011-07-08T23:22:00.510

444 Are passwords stored in memory safe? 2013-01-14T19:30:00.520

427 Is it bad practice to use your real name online? 2013-12-06T11:36:25.940

391 How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it? 2011-08-15T18:58:31.950

353 I found that the company I work for is putting a backdoor into mobile phones 2012-05-17T16:11:07.247

315 Is BASIC-Auth secure if done over HTTPS? 2010-12-05T22:42:45.140

301 Should I let my child's school have access to my kid's personal laptop? 2018-08-28T20:35:48.833

297 What is certificate pinning? 2013-01-30T23:27:08.263

297 SQL injection is 17 years old. Why is it still around? 2016-06-27T05:13:09.487

296 Is it normal for auditors to require all company passwords? 2017-10-25T17:20:55.147

292 How can someone go off-web, and anonymise themselves after a life online? 2013-12-18T21:57:52.900

287 CRIME - How to beat the BEAST successor? 2012-09-08T19:39:32.443

286 Why is Gbt3fC79ZmMEFUFJ a weak password? 2019-01-10T16:39:54.367

285 What's the rationale behind Ctrl-Alt-Del for login 2013-04-28T13:10:46.083

285 Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request? 2015-12-21T07:20:47.527

282 How does Google know where I am? 2016-09-21T14:58:50.517

280 What makes Docker more secure than VMs or bare metal? 2017-09-17T22:08:37.647

278 How did "tech-supportcenter" phishers trick Google? 2017-06-02T18:21:09.713

267 How to find live hosts on my network? 2013-05-19T18:03:08.053

257 "Diffie-Hellman Key Exchange" in plain English 2013-11-24T01:10:08.450

255 How to explain Heartbleed without technical terms? 2014-04-10T05:21:49.403

255 Consequences of the WPA2 KRACK attack 2017-10-16T09:32:34.993

251 Why shouldn't we roll our own? 2012-08-06T15:18:53.743

248 Can ads on a page read my password? 2019-08-06T15:54:17.487

246 Why are salted hashes more secure for password storage? 2014-02-20T20:58:40.367

245 How is the "WannaCry" Malware spreading and how should users defend themselves from it? 2017-05-12T19:02:43.297

244 SSL3 "POODLE" Vulnerability 2014-10-14T23:50:28.497

244 Is the save button delay in a Firefox download dialog a security feature? What does it protect? 2016-03-21T06:32:06.000

243 How do certification authorities store their private root keys? 2012-12-03T14:12:39.953

239 Passwords being sent in clear text due to users' mistake in typing it in the username field 2013-03-05T16:09:55.230

237 Is single quote filtering nonsense? 2019-02-04T13:28:36.757

233 All 0s (zeros) in a bank card's CVC code 2018-12-22T20:30:53.997

232 What is the difference between and 2013-03-10T15:03:15.303

231 My college is forcing me to install their SSL certificate. How to protect my privacy? 2015-11-04T13:57:57.233

231 Why did I have to wave my hand in front of my ID card? 2018-08-13T09:31:43.783

230 Why would you not permit Q or Z in passwords? 2014-05-14T00:56:56.187

229 Password Hashing: add salt + pepper or is salt enough? 2011-04-22T09:53:02.063

229 Is "the oft-cited XKCD scheme [...] no longer good advice"? 2014-07-10T05:16:43.553


  All tags