fido universal 2nd factor authentication

In the time since my rant about passwords, more and more sites adopt OAuth. I don’t like this development. Usually they offer login with facebook, sometimes with google or twitter and rarely with linkedin. The problem with OAuth is that the site operator decides what providers are supported. With OpenID on the other hand, I… Continue reading fido universal 2nd factor authentication

We have been using passwords for too long

Every time I have to register to a website using a password, I grow more annoyed. Passwords were fine when you only had one, to log in to your corporate mainframe. But these days, computers are better at cracking passwords than humans at remembering them. It only gets worse with the more sites you maintain… Continue reading We have been using passwords for too long

Full disk encryption with the crypto stick

Last week I finished the udacity applied cryptography course. I did not as well as in the other courses, nonetheless I learned a lot and it was (as always) really interesting. We learned about symmetric and asymmetric encryption, hashes as well as key exchange and management. Each week in addition to the regular homework, we… Continue reading Full disk encryption with the crypto stick

Playing with Smart-Cards

Ever since reading the book “Kryptographie und IT-Sicherheit” where I first learned about how SmartCards work, I wanted to do some SmartCard programming. In the book it describes some inner workings of Smart Cards, and that some of them have a small Java VM inside. But it turned out that the entry was not as… Continue reading Playing with Smart-Cards