无Home键!三星S8保护壳泄露外形:双曲面高屏占
百度 那么此类规则的出现,是否真的杜绝了司机拒载的问题呢?显然没有。
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
2,394 questions
943
votes
11
answers
336k
views
How to securely hash passwords?
If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?
I should point out that this relates only to retrieval directly from the database,...
AviD♦
- 73.8k
672
votes
4
answers
340k
views
Do any security experts recommend bcrypt for password storage?
On the surface bcrypt, an 11 year old security algorithm designed for hashing passwords by Niels Provos and David Mazieres, which is based on the initialization function used in the NIST approved ...
- 6,805
588
votes
3
answers
532k
views
What's the difference between SSL, TLS, and HTTPS?
I get confused with the terms in this area. What is SSL, TLS, and HTTPS? What are the differences between them?
- 13.3k
511
votes
9
answers
518k
views
RSA vs. DSA for SSH authentication keys
When generating SSH authentication keys on a Unix/Linux system with ssh-keygen, you're given the choice of creating a RSA or DSA key pair (using -t type).
What is the difference between RSA and DSA ...
- 13.3k
422
votes
14
answers
70k
views
How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?
I've often heard it said that if you're logging in to a website - a bank, GMail, whatever - via HTTPS, that the information you transmit is safe from snooping by 3rd parties. I've always been a little ...
- 4,525
301
votes
11
answers
472k
views
"Diffie-Hellman Key Exchange" in plain English
Can someone explain what the Diffie-Hellman Key Exchange algorithm in plain English? I have read that Twitter has implemented this technology which allows two parties to exchange encrypted messages on ...
user15119
294
votes
11
answers
96k
views
Why shouldn't we roll our own?
Why shouldn't we create our own security schemes?
I see a lot of questions around here about custom crypto and custom security mechanisms, especially around password hashing.
With that in mind, I'm ...
- 136k
274
votes
7
answers
119k
views
Password Hashing: add salt + pepper or is salt enough?
Please Note: I'm aware that the proper method for secure password storage hashing is either scrypt or bcrypt. This question isn't for implementation in actual software, it's for my own understanding.
...
- 7,772
269
votes
4
answers
171k
views
How does Google Authenticator work?
Google Authenticator is an alternative to SMS for 2Step verification, installing an app on Android where the codes will be sent.
It works without any connectivity; it even works on plane mode. This ...
user15194
258
votes
8
answers
79k
views
Why are salted hashes more secure for password storage?
I know there are many discussions on salted hashes, and I understand that the purpose is to make it impossible to build a rainbow table of all possible hashes (generally up to 7 characters).
My ...
user40448
245
votes
11
answers
64k
views
Why is Math.random() not designed to be cryptographically secure?
The JavaScript Math.random() function is designed to return a single IEEE floating point value n such that 0 ≤ n < 1. It is (or at least should be) widely known that the output is not ...
- 67.6k
244
votes
6
answers
290k
views
Is Telegram secure?
There is a new WhatsApp-killer application called Telegram. They said that it's open source and that it has a more secure encryption.
But they store all the messages in their servers and WhatsApp ...
- 2,783
242
votes
5
answers
119k
views
Recommended # of iterations when using PBKDF2-SHA256?
I'm curious if anyone has any advice or points of reference when it comes to determining how many iterations is 'good enough' when using PBKDF2 (specifically with SHA-256). Certainly, 'good enough' is ...
- 2,608
228
votes
9
answers
145k
views
How should I distribute my public key?
I've just started to use GPG and created a public key. It is kind of pointless if no-one knows about it. How should I distribute it? Should I post it on my profile on Facebook and LinkedIn? How about ...
- 3,160
218
votes
4
answers
76k
views
Is a rand from /dev/urandom secure for a login key?
Lets say I want to create a cookie for a user. Would simply generating a 1024 bit string by using /dev/urandom, and checking if it already exists (looping until I get a unique one) suffice?
Should I ...
- 5,304