If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...

If you have a not-so-usual solution for your problems but need to justify it to your boss...

If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...

...then 'No Bugs' Hare on Soft.ware might be the right place for you.

Your mileage may vary. Batteries not included

Assorted Rants Tagged ‘Crypto’, page 1:

Advocating “Obscurity Pockets” as a Complement to Security. Part II. Deployment Scenarios, More Crypto-Primitives, and Obscurity-Pocket-As-Security

posted February 7, 2017 by "No Bugs" Hare

Quote:	“In other words – such an Obscured RNG would protect us from Debian RNG disaster(!)”
Another Quote:	“such a protocol (if properly deployed on the Server Side) – would defeat Heartbleed too (even if all the details of the Client are known)”
	[→]

posted January 31, 2017 by "No Bugs" Hare

Quote:	“In a hypothetical world where attackers would need to create a unique attack script for each system attacked – such an economy would be a non-starter.”
Another Quote:	“If all the people would be the same – pandemics such as Black Death would easily take the whole humankind down; it is diversity among humans which allowed us to survive.”
	[→]

posted July 4, 2016 by "No Bugs" Hare

Quote:	“Unless our Joe Average is a security specialist, he’ll install the certificate for sure”
Another Quote:	“On the other hand, it is Very Clear that such a system IS a wet dream of a pretty much ANY government out there.”
	[→]

posted June 27, 2016 by "No Bugs" Hare

Quote:	“I STRONGLY recommend to provide an option for your players to use 3rd-party “social logins””
Another Quote:	“you can be sure that as soon as your game is alive and kicking – you’ll need to implement password recovery for your players.”
	[→]

posted April 25, 2016 by "No Bugs" Hare

Quote:	“Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryption”
Another Quote:	“Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.”
	[→]

posted March 7, 2016 by "No Bugs" Hare

Abstract:	Password hashing is a Big Headache, and doing it right is complicated
Quote:	“Note that none of the C++11 random number engines (LCG, Mersenne-Twister, or Lagged Fibonacci) can be considered good enough for cryptographic purposes – in short, they’re way too predictable and can be broken by a determined attacker, given enough output has leaked.”
	[→]

posted August 10, 2015 by "Sergeant Major" Hare

Abstract:	Client-Side password hashing (in addition to existing server-side hashing) can improve resilience to brute-force attacks.
Quote:	“Even if client-side is 10x slower than server-side, it leaves us with 10x improvement which is certainly a good thing to have”
	[→]