Category Archives: Security

What is a Nonce?

May 7th, 2020
Posted in Security | No Comments

A nonce is a value, N, that is used only once: Nonce. Nonces or nonce values are encountered in cryptography. The initialization vector used for AES in CBC mode are typically nonces: C1 = CIPHK(P1 ⊕ Nonce) Cj = CIPHK(Pj ⊕ Cj-1) for 2 <= j <= n Here, cipher block 1 is the result […]

Encrypting /home on Dell XPS 13 7390

November 28th, 2019
Posted in Security | 1 Comment

The following procedure adds encryption to pre-installed Ubuntu 18.04 on Dell XPS 13 7390: Within a console or terminal, sudo into root. $ sudo su – Create LUKS encrypted file container (20,000 Megabytes or 20GB, for example). # dd status=progress if=/dev/zero bs=1M count=20000 of=/.hostname-home.img # cryptsetup luksFormat /.hostname-home.img Open LUKS encrypted file container. # cryptsetup […]

Personal Password Policies

September 28th, 2019
Posted in Security | 1 Comment

Need secure passwords that are not completely unintelligible? Devise a personal password policy: Select three or four words from a dictionary. Consider using adverbial forms, past and present tense of verbs. Consider using singular and plural forms of nouns. Avoid idioms. Pick a number. Consider inserting leading 0s. Pick a symbol: !@#$%^&*()-_=+ Assemble the above […]

Securing Dynamically Generated HTML

September 22nd, 2019
Posted in Security | No Comments

Implementing code that simply displays a user’s IP address as part of an HTML page may be considered easy. Without security considerations, it can be implemented in PHP simply with the following: echo “IP: ” . $_SERVER[‘REMOTE_ADDR’]; 2011 CWE/SANS Top 25: Monster Mitigations recommends establishing and maintaining “control over all your inputs” and “control over […]

Security Review 2019

September 13th, 2019
Posted in Security | No Comments

Recent assignments that focus my efforts on securing web applications have motivated me to review the security of my personal websites. PHP code that I implemented 15 years ago is still used by my websites today. With the experience I gained over the years, and my current effort to acquire deep familiarization with security practices, […]