Some people are convinced that applying cryptography to their product or service solves all security and privacy problems. Of course, this isn’t the case, as shown in this article.
Latest articles
Using a YubiKey as a second factor for LUKS
The Linux Unified Key Setup (LUKS) is a platform-independent specification for hard disk encryption. In this tutorial, we use the challenge-response feature of a YubiKey to add two-factor authentication (2FA) to an existing LUKS-protected device.
The state of the LineageOS-based /e/ ROM in December 2019
More than four months ago, we checked the LineageOS-based ROM provided by the French /e/ Foundation for the second time.
In this article, we recheck our findings for the last time since Google dropped support for Android 7.1.2, the underlying Android version of the /e/ ROM for our device.
Yubico Security Key vs. Nitrokey FIDO2
WebAuthn, Web Authentication: An API for accessing Public Key Credentials Level 1, is a W3C Recommendation released in March 2019. It defines creation and use of strong, attested, scoped, public key-based credentials by web applications. It is very similar to the Universal 2nd Factor (U2F) standard, but extended and customized for online services.
Security devices with WebAuthn support allow you to use two-factor authentication more easily since they contain a secret key that provides a second factor only by pressing the device’s button. They can also be used as a single factor in some cases, storing your credentials for you.
We already compared the Yubico Security Key and Nitrokey FIDO U2F. In this article, we again compare the Yubico Security Key with the Nitrokey FIDO2, the successor of the Nitrokey FIDO U2F. If you need more features like support for OpenPGP, read our comparison “YubiKey 4C vs. Nitrokey Pro: Stalemate”.
3 Don'ts of penetration testing and security assessments
Penetration testing is a tool to find security vulnerabilities and discover security risks systematically. However, if done wrong, penetration testing results in a list of arbitrary problems that aren’t necessarily related to security.
In this article, we show three things good penetration testers don’t do.