Notions of security: Perfect Secrecy | Feb 22, 2016

The definition of “security” may seem intuitive to most people (basically, other people can’t see your communications without your say-so), but formally defining a complete and rigorous definition of security is actually very difficult.

It’s also important to note that there isn’t a single, all-encompassing definition of security. There are many, and choosing to meet a particular definition of security has its benefits and drawbacks compared to other security schemes. Let’s explore one such definition: the notion of perfect secrecy.

Read more.

Password security: don't forget the salt | Jan 20, 2016

I’ve done some research on hashing and information security at the Fraunhofer CESE. After some recent data record breaches, I thought it would be relevant to share some security considerations for users and administrators.

User account databases are common targets for hackers that are frequently breached. To prevent attackers from gaining access to user accounts, user passwords should never be stored in plain string form, whether in a text file or a database. Passwords are generally encrypted with a hashing algorithm, such as one of the SHA family, so that even if an attacker were to gain access to the database, they would not be able to access the passwords directly.

As with any security measure, attackers have found ways to retrieve user passwords, despite hashing, through clever methods like rainbow tables. Database administrators have responded in kind by introducing their own countermeasure to these attacks: adding salt, an artificial addition to a password.

Read more.