Posted in Security World

First SHA-1 collision, birthday paradox, should you rehash your will?

One of the most important properties of a cryptographic hash function is that of “Strong collision-resistance“, that is, it should be “computationally infeasible” to find distinct inputs x, x’ such that hash(x) = hash(x’).

For the SHA-1 hash function, which generates a 160 bit hash, to have strong collision resistance, only ... read more

Continue Reading...
Posted in Security Software

Not so Uber security

I am a happy customer of Ola. I decided to try Uber. I installed the Uber app on my wife’s Android mobile and tried to register with her email address and got the message “Email address already in use“. I don’t recall registering with Uber and thought that my wife had done so. ... read more

Continue Reading...
Posted in Security

Frequent password changes — good or bad?

I read an article titled Frequent password changes are the enemy of security which I find misleading and missing the point.

In this article, Carnegie Mellon University professor Lorrie Cranor, who became chief technologist at FTC challenges FTC’s advice

FTC’s advice: Encourage your loved ones to change passwords often, making them long, strong, and unique.

... read more
Continue Reading...
Posted in Security Software

Perils of Unreachable Code — was it deliberate?

There is no substitute for detailed code reviews, more so if the code is related to security. Any changes to such code, however minor, should be reviewed. However, in addition, it also helps if the compiler, tools etc can help in flagging potential errors.

Take the case of the very serious security error in ... read more

Continue Reading...