Patrick on Securityhttps://patrickmn.com/feeds/security.xmlPatrick Mylund Nielsencontact@patrickmn.com2017-04-08T01:28:00ZQuorum and Constellationhttps://patrickmn.com/security/quorum-and-constellation/index.html2017-04-08T01:28:00Z2017-04-08T01:28:00ZTwo blockchain-related projects I've been working on for the past year: Quorum, Ethereum with privacy, and Constellation, an MTA+PGP+Keyserver combo using djb crypto.On Cryptographic Backdoorshttps://patrickmn.com/security/on-secure-golden-keys/index.html2015-03-04T00:00:00Z2015-03-04T00:00:00ZWhy cryptographic backdoors, or 'secure golden keys', are a bad and unnecessary idea, even for law enforcement.Problems with Cyber-Attack Attributionhttps://patrickmn.com/security/problems-with-cyber-attack-attribution/index.html2015-01-01T00:00:00Z2015-01-01T00:00:00ZThese days, we're quick to point our finger at the most likely culprit of a cyber-attack, but attribution is very difficult, and we must tread carefully.Beware of "Read-Only Bank Access"https://patrickmn.com/security/beware-read-only-bank-access/index.html2014-09-17T00:00:00Z2014-09-17T00:00:00ZMany services encourage you to connect your online banking accounts in a "secure and read-only manner," but these assurances are deceptive.Gambling with Secrets: an Introduction to Cryptographyhttps://patrickmn.com/security/gambling-with-secrets/index.html2012-09-13T00:00:00Z2012-09-13T00:00:00ZA very approachable miniseries on the history of cryptography, random number generation, key exchange, asymmetric encryption, cryptanalysis and why the Allied Forces broke the Nazis' Enigma machine.The Secure Remote Password Protocol Isn't Badhttps://patrickmn.com/security/secure-remote-password-isnt-bad/index.html2012-08-14T00:00:00Z2012-08-14T00:00:00ZBlizzard Entertainment has been receiving a lot of flak recently for using the Secure Remote Password protocol. That's wrong.Implementing Two-Factor Authentication Is Easier Than It Seemshttps://patrickmn.com/security/you-can-be-a-twofactor-hero/index.html2012-08-07T00:00:00Z2012-08-07T00:00:00ZPerhaps the most effective complement to passwords is two-factor authentication, and it's surprisingly easy to use and implement. Here's an example.The History of Password Securityhttps://patrickmn.com/security/the-history-of-password-security/index.html2012-06-07T00:00:00Z2012-06-07T00:00:00ZA summary of how password authentication and security functions have evolved since the 1970s, and an interesting look at concepts like salting which were used way before you'd probably expect.Storing Passwords Securelyhttps://patrickmn.com/security/storing-passwords-securely/index.html2012-06-06T00:00:00Z2012-06-06T00:00:00ZWhy "SHA 256-bits enterprise-grade password encryption" is only slightly better than storing passwords in plain text, and better ways to do it.What's Old Is New Againhttps://patrickmn.com/security/whats-old-is-new-again/index.html2012-04-19T00:00:00Z2012-04-19T00:00:00ZA new security vulnerability in OpenSSL turns out to have been included in a book about finding security vulnerabilities, 6 years ago!