I like to think of our modern software infrastructure as being like a large city and posing the same trade-offs between risk and reward. We don’t wander carelessly around cities because of pickpockets, muggers, and crazy drivers. A city’s risks arise from its freedom, as does the city’s lure as ... Read More

 Peter Gutmann, an interesting crypto-academic from New Zealand, has proposed discussing two crypto libraries, libhairshirt and libfootgun:  In libhairshirt, the crypto is hard to use, and the API is hard to use. In libfootgun, the crypto is incredibly hard to use safely but the API makes it look really easy ... Read More

The University of Minnesota now offers a Cloud Security specialization through Coursera. It contains four courses (the fourth should be finished in early 2021). While the University does not offer course credit for completing the specialization, I am using it as the basis for a graduate course this spring, offered ... Read More

One of the most popular pages on this site provides a simple conversion to map numbers of various sizes to the corresponding memory storage sizes in bits (mathematicians and other geeks often call this “log base 2”). The popular table now includes all of the international standard integer size names ... Read More

Here is a crypto version of “Selling It,” a long-running back-page column in the magazine Consumer Reports. For those unsure of the acronyms, “SHA-256” stands for a version of the Secure Hash Algorithm yielding a 256-bit output. SHA is not encryption. People have used hash algorithms for encryption, but the ... Read More

My previous posting on the Proud Boys spam email speculated that voter records were widely available for such purposes. Here’s a story from 2017 reporting that voter data for about 198 million Americans was spilled from a “storage bucket” on Amazon’s Simple Storage Service (S3). The story shines a light ... Read More

The Proud Boys emails aren't actual threats. They're the lowest form of anonymous spam ... Read More

Members of the University of Minnesota’s MSSE Class of 2021: I am offering a Cloud Security elective based on the Coursera Cloud Security specialization currently under development. The first course, Cloud Security Basics, is already live. The remaining three courses go live this fall. If we think of networked computing being ... Read More

Like most people, I'm drawn to those small lists of "rules" that promise to make our lives better. Brian Krebs reposted a list back in May that we all need to share with our older loved ones: three basic rules of online safety ... Read More

Here’s an article from last year’s Scientific American: The Mathematics of (Hacking) Passwords. If you remember your logarithms, it’s a decent read. If you don’t, you can skip the math and read the details: why longer passwords are better. (The left-hand diagram comes from Figure 2.6 of Authentication.) ... Read More