Key Size in Crytpography

Key Size in Cryptography Simplified Cryptography Primer

In asymmetric or public-key encryption there are two main parts:

Encryption Algorithm (RSA, ECC, …) Cryptographic key pair

The two keys of the same key pair are strongly interconnected and are used together to achieve different properties:

confidentiality (message received by intended parties) authenticity (guarantees identity of the

Read More » Key Size in Crytpography

Browsers Do Not Care About Our Privacy

Your Privacy and your Web Browser is a Contradiction

I am mad as hell about WebRTC and google chrome.  I know this is a rant but it is disturbing that this is happening without any real regard to our privacy with new attack vectors being discovered every day from our browsers. Every browser is moving in

Read More » Browsers Do Not Care About Our Privacy

Crypto Jargon

Crypto Jargon Hash Functions

A hash function is a completely public algorithm (no key in that) which mashes bit together in a way which is truly infeasible to untangle: anybody can run the hash function on any data, but finding the data back from the hash output appears to be much beyond our wit. The

Read More » Crypto Jargon

Security Pages that Count

Security Pages that Count

With so many sites that offer helpful security information, this is my start of the must read sites.

Latest Reports ThreatPost – latest news of exploits HackerNews Browsers How they Work Browser Security Handbook Best Practices SSL Deployment Guide SSL Problems Survey of the SSL Implementation of the Most Popular Web

Read More » Security Pages that Count

Web Browser Security for the Layman

We hear that the connection between our browser and a website like is encrypted when we use https but how does that actually work? Learn about certificates and encryption in easy to understand terms.

Read More » Web Browser Security for the Layman

Self-Signed Certificates can be Useful

Self Signed Certificates another Layer

There is a lot of Internet press from companies and experts alike that self-signed certificates have to go away. It is a little unfair because they do have their place and if used within these limitations might even increase your security for certain edge cases. A few things to remember

Read More » Self-Signed Certificates can be Useful

Spoofing GSM Cell Base Stations

Researcher Chris Paget pulled off a stunt at the Defcon security conference Saturday that required as much legal maneuvering as technical wizardry: eavesdropping on the cell phone calls of AT&T subscribers in front of thousands of admiring hackers.

Read More » Spoofing GSM Cell Base Stations

DEFCON 17 – SQL Injection Attacks

SQL Injection Attacks

I don’t know about you but part of my education has always been to study code and learn the latest attack techniques.  I enjoy reading code and have been doing this for longer than I can remember.  Much of this code can be found with a google search or on some of

Read More » DEFCON 17 – SQL Injection Attacks

Fake sites from Google Results Again

Your Computer is Not Infected

This is starting to get tedious. These companies trying to sell you their fake windows repair software by spoofing a message on your computer screen. The tactic is to scare you into loading their software which then infects your computer and requires you to pay a ransom to have it

Read More » Fake sites from Google Results Again