CyberSecurity links
Application Security Resources, by Paragonie A serious issue with aescrypt
Google made the Titan Key to toughen up your online security | Google Wants You to Use Physical Security Keys So Bad It's Willing to Sell You One |
Protect against phone and SMS 2FA vulnerabilities: https://www.howtogeek.com/358352/criminals-can-steal-your-phone-number.-heres-how-to-stop-them/ https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factor-authentication/ https://www.howtogeek.com/358803/what-to-do-if-you-lose-your-two-factor-phone/
Cryptomator and Java | Cryptomator review | Cryptomator.org |
Dan Goodin and Brian Krebs on the inadequacies of SMS-based 2FA https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/ https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
https://twofactorauth.org/
5 libsodium ciphers | AEAD ciphers | Libsodium security assessment | wikipedia scrypt | Implementations of SHA-3: Validations List by nist.gov |
Q: For the uninformed, what's wrong with pbkdf2? [reddit thread] A. Outdated, doesn't use memory hardness to prevent easy GPU based cracking, difficulty per attempt for crackers is unintentionally half that of the difficulty for normal users (a quirk in the math makes is more efficient to batch compute a large number of these hashes than in normal usage)
Hashtags: #cybersec