Tag Archives: plaintext

Amazon 之前放出的 s2n 的安全性問題

Amazon 之前放 s2n 出來當作 TLS protocol 的方案,於是就有人摸出東西來:「Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS」。 即使是經過外部資安檢證,仍然還是有找到問題。這次找到的問題是 timing attack 類在 CBC-mode 下的 plaintext recovery: At the time of its release, Amazon announced that s2n had undergone three external security … Continue reading

Posted in Computer, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , | 1 Comment

儲存密碼的方式

主要是參考「Cryptographic Right Answers」這篇給的建議: Password handling: As soon as you receive a password, hash it using scrypt or PBKDF2 and erase the plaintext password from memory. Do NOT store users' passwords. Do NOT hash them with MD5. Use a real key … Continue reading

Posted in Computer, Murmuring, Network, Security | Tagged , , , , , | 1 Comment