Jump to content
Welcome, welcome! Come in and register, and have some developer coffee. 👨‍💻 ×

chrono_legionnaire

Members
  • Content Count

    46
  • Joined

  • Last visited

  • Days Won

    9

chrono_legionnaire last won the day on September 10

chrono_legionnaire had the most liked content!

Community Reputation

22 Excellent

About chrono_legionnaire

  • Rank
    A Kaki Regular

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This article briefly describes cryptography.. I wasn't quite sure if it is more understandable. Just like some people said.., if you are able to understand something then you can understand.. else you can't .. https://www.techspot.com/article/2323-cryptography/ In symmetric encryption, industry uses only AES and Stream Cipher such as ChaCha20 or Salsa20. GSM,DES and RC was deprecated. We should not understand a topic based on fixing a subtopic.. or limiting on using certain information to understand.. We have to look at the topic as a whole.. Hope you guys enjoy this artic
  2. Correction: Do you mind help me in describing the pros and cons in what I am doing and also describe the pros and cons in what normal people does?
  3. Yup.. This is essential for the users.. However.. this is something that users have to think themselves.. How can they secure their device/app? The simplest solution was to use an antivirus/something similar The best was for them to practice "OpSec" I know that this do seem like convenient for most people.. However.., using these information.., based on my point of view.., is not that good and poses some ethical questions and have some drawbacks.. Like what we have seen in recent US devices left with biometric lock in the Afghanistan. That's why I said .. it's a
  4. I am just an ordinary computer science student(diploma graduate).. My lecturers didn't mention or teach these stuffs to me. They do mentioned something related to cryptography .. but they are not explaining it in a clear way nor do spark my interests.. If you do become security specialists, do come back and read what I have typed/talked here. You will realize what I typed/talked are just the tip of iceberg. I am not a security experts by all means nor I will become.. It takes time .. not to mention the costs needed.. If I do become security specialist(can be cybersecurity/informati
  5. I forgot to mention.., when using any of the solutions/alternatives that has either "security" or "privacy" .. Do bear in mind.., they are only in infancy.. I believe that "infancy" stage will not be gone even if we become older or old man/woman
  6. OTP or common scheme works the best if you hand in your personal credentials like phone number/email address to them. There're other alternatives for sure. But giving in personal credentials are consider the most effective way to do it. If you give them the personal credentials.. Users have to trust these information wouldn't be leaked and won't fall victim to usual social engineering attacks. In general they will be using something called "PBKDF2" or "Argon2" that comes from Scrypt or BCrypt or any cryptography library. What they are doing was to take your password and derive a ma
  7. I wished I could.. but because the technology does not comes from common technology .. It's not impossible but it's very hard for me to describe it in common terms as they are not common technology in the eyes of public. Yup .., that's the problem .., if possible all my applications won't be using passwords again.. storing important keys which is similar to passwords(symmetric key/public key cryptography key's private key) will be an issue. If done correctly.. my proposed login mechanism should have a higher chance in logging into the system without the need to remember the passwor
  8. Yup, that was indeed the case and it has been proven as well. However, I don't think it will be an issue. The 2nd "trusts" model consists of protonmail and tutanota that uses user password as master encryption key. If the users know what they are doing, the master encryption key can't be brute force nor it can be leaked. Given in this case, sure they(service provider) can give data to the government or any other similar agencies. However, let's be honest, if the users have good security knowledge, the data that they give to law enforcers just wouldn't be meaningful. The
  9. If you understand what my real aim was in my PriSec projects, the goal was never to secure data in server. If the goal was to secure data in server.., why not I do the same thing as GDrive, Firebase, AWS or any other similar services? I don't wanna do that, it's a suicide move from security point of view.., users can enjoy ease of use but in exchange their privacy and security were sacrificed. If I "secure data" in server, I won't even bother with user's privacy and security. The question then now becomes, will the target users accept what I do? Will they able to accept the fact that they are
  10. The "trusts" was a flawed mechanism but people don't want to give an opportunity to the services that build on reducing the amount of "Trusts" needed. That's why we are still using common services. When we talk about security, there's always pros and cons. There's no such thing as 100% security/privacy. Regardless how the company/corporate or individual manage and guard. When we talk about "trusts", there're 3 levels of "trusts": 1. Users required to put "trusts" towards the service provider(example are google, GDrive, Firebase, AWS.. and even minor server/web hosting). The adva
  11. Let's talk about the good and the bad. "Trusts" (No pun intended) Everything we use online revolves around "Trusts". Majority of the services do require us to trust the service provider. However, it's up to people to decide is it naive or is it there's no other way? Why said so? I will assume you have already understand what I post regarding the Post-Compromise Security Model. Let's use this website for an example, when we ask cloudflare to sign the certificate that generated locally in this website's VPS[I know it's quite tech-savvy for people], there're 2 questions that we need to
  12. Not sure if it's really popular lol.. After all, I am a nobody 🤣😂😅
  13. My repositories that have PriSec on it had been forked by an American Muslim. I wasn't quite sure if there's any downloads activity(not sure how to check) on my github. I also wasn't sure if there's users(I haven't check on my server side through sftp). I tried to reach out to people in reddit and atm I only get 10 upvotes.. Maybe the drawbacks is too great or maybe it's too confusing .. I don't really know ..
×
×
  • Create New...