If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...

If you have a not-so-usual solution for your problems but need to justify it to your boss...

If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...

...then 'No Bugs' Hare on Soft.ware might be the right place for you.

Your mileage may vary. Batteries not included

Developing secure software is a challenge. Writing really secure software is a real challenge.
Here are the articles which touch different security aspects of software, from “what cipher suites are not to be used with TLS”, to certain more or less novel things under ‘Security Research’ subcategory.

All Not so Profound Truths about Security, page 4:

Even Bigger Brother, or Governments using Social Engineering to Circumvent Crypto

posted July 4, 2016 by "No Bugs" Hare

Quote:	“Unless our Joe Average is a security specialist, he’ll install the certificate for sure”
Another Quote:	“On the other hand, it is Very Clear that such a system IS a wet dream of a pretty much ANY government out there.”
	[→]

Logins and Passwords

posted June 27, 2016 by "No Bugs" Hare

Quote:	“I STRONGLY recommend to provide an option for your players to use 3rd-party “social logins””
Another Quote:	“you can be sure that as soon as your game is alive and kicking – you’ll need to implement password recovery for your players.”
	[→]

Random Number Generation

posted June 21, 2016 by "No Bugs" Hare

Quote:	“even if your RNG is statistically perfect, people will still complain 🙁 “
Another Quote:	“On modern x86 CPUs, single core can generate 150M+ random bytes/second this way (and this is a Damn Lot).”
	[→]

Pages: 1 2

TCP and Websockets for Games

posted May 2, 2016 by "No Bugs" Hare

Quote:	“TCP is a byte stream, the whole byte stream and nothing but the byte stream”
Another Quote:	“if all packets reach Client, there isn’t that much difference between TCP and UDP”
	[→]

Pages: 1 2

UDP for games – security (encryption and DDoS protection)

posted April 25, 2016 by "No Bugs" Hare

Quote:	“Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryption”
Another Quote:	“Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.”
	[→]

Avoiding ugly afterthoughts. Part b. Coding for Security, Coding for i18n, Testing as a Part of Development

posted April 4, 2016 by "No Bugs" Hare

Quote:	“Doing sanitization at IDL level automates quite a bit of tedious-and-error-prone work, which is always a Good Thing™”
Another Quote:	“Hey, this whole thing can be made MUCH simpler, the only thing we need to acknowledge is that the best identifier for a string is the string itself!”
	[→]

Pages: 1 2 3

Password Hashing: Why and How

posted March 7, 2016 by "No Bugs" Hare

Abstract:	Password hashing is a Big Headache, and doing it right is complicated
Quote:	“Note that none of the C++11 random number engines (LCG, Mersenne-Twister, or Lagged Fibonacci) can be considered good enough for cryptographic purposes – in short, they’re way too predictable and can be broken by a determined attacker, given enough output has leaked.”
	[→]

«Previous Page