After publishing my previous post, I had thought that I would not be coming back to Crypto for a while. However, today evening Sebastiaan posted on SCRAM on one of the Directi mailing lists, and I got compelled to write down this one. Authentication in Cryptography has two aspects: data authentication and entity authentication. Data [...]
Most developers whom I have come across, lack a solid grasp of the fundamentals of cryptography. When a developer who does not understand crypto needs to use crypto, several things can go wrong: • Not understanding the implications of using some crypto technology in the code• Not realizing where to use crypto• Not implementing crypto [...]
At Microsoft India, we have been trying to raise security awareness in developers by sharing best practices for quite some time now. Yet, the lack of security knowledge is astounding, even on basic issues like password verification. So when I see a post like this one, it really makes me feel better! Thomas Ptacek talks about [...]
Microsoft recently released an Anti-Cross Site Scripting Library. "For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining [...]
David Litchfield has published a comparison of the security of the SQL Server and the Oracle products at http://www.databasesecurity.com/dbsec/comparison.pdf and he has clearly pointed out that SQL Server 2005 is more secure. For those of us who do not know Litchfield’s work, here is a bio copy-pasted from http://www.oreillynet.com/pub/au/1609: "David Litchfield leads the world in [...]
We closed the Cryptography Webcast Series on Friday, with the final discussion on storing secrets. During the webcasts, a lot of people asked whether we would put up the recordings for later viewing or not. I am happy to say that each webcast is available for online viewing at http://www.microsoft.com/india/webcasts/ondemand.aspx#Webcasts_on_Cryptography. I have also added links to [...]
Just got thru with the 4th webcast on the Crypto Series – there were several good questions. Much more than what people were asking last time. If you attended the webcast and have a question, do post it here in the comments section, and I’ll try and answer it.
Just concluded the third webcast in the Crypto Webcast Series. There were a couple of glitches – my audio call got put on hold during the webcast and it took a while getting that off the network. And later when I was doign the quiz, the slides were not visible. I apologize on behalf of our infra team for these glitches [...]
Just concluded the 2nd episode of the Cryptography Webcast Series – Hiding Secrets in Plain Sight. There were about 30-40 folks on the call. We talked about the basics of symmetric and asymmetric algorithms, esp the workings of some key algorithms and the various block cipher modes of operations. Not too many questions today – much unlike [...]
The video recording of the today’s webcast is now available online at http://www.microsoft.com/india/webcasts/ondemand.aspx#Webcasts_on_Cryptography.