Tag Archives: Security

The idea of choosing a list of common words as a password is fairly common and can lead to very secure passwords if the selection process is done randomly. The idea entered popular culture with the famous XKCD correct horse … Continue reading →

Troy Hunt, whom I’ve written about many times, has performed a public service by putting together 4 simple videos that show how easy it is to implement HTTPS on your site. The link takes you to a blog post that … Continue reading →

If you are unfortunate enough to work in a Windows/Outlook/Exchange/MS Office/Adobe/Flash environment, you know that you are constantly at risk of being infected with email viruses. Needless to say, no system is completely secure but there are safer alternatives. Of … Continue reading →

If you’re a geek with an interest in cryptography, you know that one of the hardest problems in practical cryptography is random number generation. A weak PRG (pseudorandom number generator) is one of the surest ways to get a cryptographic … Continue reading →

I can’t decide if this is a joke or if someone is actually that clueless. It’s not April 1st so I’m reluctantly concluding that it’s for real1. I’m sure Miessler was surprised to learn that he’s maintaining the master password … Continue reading →

The folks over at Ars Technica UK were resting up after Thanksgiving and reran an article from 2012. The article discusses a paper (2002) by the Microsoft engineers who worked on Palladium, Microsoft’s Trusted Windows Project. The project failed partly … Continue reading →

The TOR project has announced a new generation of Onion services. The project has been ongoing for four years and just released its alpha version. See here for the changes and how to try out the new system. The new … Continue reading →

Over at Hackaday, Pedro Umbelino has a nice article on the practical mechanics of using GPG and, more generally, public key cryptography. Rather than looking at its integration into a particular email client, Umbelino demonstrates everything on the command line. … Continue reading →

As most of you probably know, NIST recently updated their password guidelines. The three big changes are: Use long easy to remember passwords. Don’t worry so much about mixing in numbers and special characters. Don’t expire your users’ passwords—it only … Continue reading →

A recurrent theme here at Irreal is that you really need to be using a password manager. Let it generate a long, unique, random key for each site and protect those keys with a secure master password (generated by, say, … Continue reading →