2017 Security Recap

Cryptographers and Security Researchers have a penchant for coming up with colorful acronyms and names which describe, in brief, the vulnerability or exposure. Some are them are BEAST, CRIME, ShellShock, SLOTH, POODLE, Lucky 13, Sweet32, Smurf, Petya, BlackNurse, FREAK, DROWN, BREACH, LOGJAM, HeartBleed, CloudBleed, TicketBleed, Fireball, CLOAK and DAGGER, WANNACRY, SambaCry, HIDDEN COBRA, BroadPwn, Blueborne, ... read more

First SHA-1 collision, birthday paradox, should you rehash your will?

One of the most important properties of a cryptographic hash function is that of “Strong collision-resistance“, that is, it should be “computationally infeasible” to find distinct inputs x, x’ such that hash(x) = hash(x’).

For the SHA-1 hash function, which generates a 160 bit hash, to have strong collision resistance, only ... read more

Frequent password changes — good or bad?

I read an article titled Frequent password changes are the enemy of security which I find misleading and missing the point.

In this article, Carnegie Mellon University professor Lorrie Cranor, who became chief technologist at FTC challenges FTC’s advice

FTC’s advice: Encourage your loved ones to change passwords often, making them long, strong, and unique.

... read more