Information Security Weekly Newsletter - Wednesday, September 30, 2015

Top new questions this week: Is there anything insecure about Google ReCaptcha? In this question on software recommendations, the OP asks for an alternative to Google reCAPTCHA because "for a security reasons also we don't want to depend on any out side services". As far as I ... captcha   asked by Mawg 28 votes answered by Michael 49 votes How do I purge Windows of my private data when formatting the drive is not an option? I'm changing my employer, and I'm about to leave my office computer. Due to internal regulations and my supervisor's orders, I'm unable to format the disk drive. I was hoping I would be able to do ... windows privacy   asked by trejder 23 votes answered by SilverlightFox 28 votes Is password reuse a problem if the password is very strong? I often read that using the same password on multiple sites is a risk. I'm wondering what is the real reason for the warning. In my case, I use the same password on multiple sites everywhere. My ... passwords password-policy   asked by chocolate 22 votes answered by Begueradj 61 votes How can the content of a file refer to its own MD5? So I just saw this picture on Imgur: http://imgur.com/gxRCrCM The intriguing thing about it is that the picture refers to an old Daft Punk song named "Face 2 Face". The image's MD5 is ... hash md5   asked by John Blatz 21 votes answered by Thomas Pornin 20 votes Is "mini-httpd" a secure web server? I'm using http://acme.com/software/mini_httpd/ for my embedded system. Is it as "secure" as more known web servers like Apache or lighttpd? Being a lesser known web server means that it's less likely ... webserver   asked by michelemarcon 11 votes answered by SilverlightFox 25 votes What are the implications of 5 million peoples fingerprints being stolen from the US Government? The recent OPM hack has revealed more fingerprints were stolen than previously believed. One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just ... biometrics fingerprint   asked by Steve Sether 11 votes answered by feral_fenrir 5 votes Is it bad that my ed25519 key is so short compared to a RSA key? I recently generated a new SSH key in the ed25519 format. The public key is only 69 bytes long while my old RSA key is 373 bytes. From my perception ed25519 is the more recent and secure format. So ... rsa ecc   asked by Alex 11 votes answered by Tom Leek 17 votes Greatest hits from previous weeks: Do any security experts recommend bcrypt for password storage? On the surface bcrypt, an 11 year old security algorithm designed for hashing passwords by Niels Provos and David Mazieres, which is based on the initialization function used in the NIST approved ... passwords cryptography hash bcrypt   asked by Sam Saffron 342 votes answered by Thomas Pornin 346 votes What exactly does it mean when Chrome reports 'no certificate transparency information was supplied by the server?' When visiting Gmail in Chrome, if I click on the lock icon in the address bar and go to the connection tab, I receive a message 'no certificate transparency information was supplied by the server' ... certificates chrome   asked by Andrew 134 votes answered by tylerl 133 votes Can you answer these? Is it secure to use one CSRF token multiple times? I am new to the CSRF problem and I am studying how CSRF protection is implemented in popular applications like Facebook, Instagram etc. Now I am studying how CSRF protection is used in OAuth ... csrf   asked by user1315357 2 votes Zero Knowledge Proof Password Systems I am wondering if there is a practical zero-knowledge proof system that can be used by humans to authenticate themselves to a server. Note that even the computer can not be trusted (at least with the ... authentication   asked by PyRulez 2 votes Key stretching approaches I've seen that a number of key stretching algorithms and they involved increasing the number of operations needed to compute the key(i.e. the number of rounds within a hash function). But, I wonder if ... passwords cryptography hash key-generation key-stretching   asked by Sebi 1 vote

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3