Tuesday, December 1st, 2020
SSL and TLS play critical roles in securing data transmission over the internet, and AES-256 is integral in their most secure configurations. The original standard was known as Secure Sockets Layer (SSL). Although it was replaced by Transport Layer Security (TLS), many in the industry still refer to TLS by its predecessor’s acronym. While TLS can be relied on for securing information at a high level—such as US Government TOP SECRET data—improper or outdated implementations of the standard may not provide much security.
Variations in which cipher is used in TLS impact how secure TLS ultimately is. Some ciphers are fast but insecure, while others are slower, require a greater amount of computational resources, and can provide a higher degree of security. Weaker ciphers—such as the early export-grade ciphers—still exist, but they should no longer be used.
The Advanced Encryption Standard (AES) is an encryption specification that succeeded the Data Encryption Standard (DES). AES was standardized in 2001 after a five-year review and is currently one of the most popular algorithms used in symmetric-key cryptography. It is often seen as the gold standard symmetric-key encryption technique, with many security-conscious organizations requiring employees to use AES-256 for all communications. It is also used prominently in TLS.
Read the rest of this post »
Tags: 128-bit rc4, 256-bit AES, aes, apache, beast, chrome, cipher, encryption technique, fips, firefox, gpg, internet explorer, iphone, mail.app, opera, outlook, pgp, rc4, safari, secret, side channel attack, ssl, symmetric encryption, the beast, thunderbird, tls
Posted in LuxSci Library: Security and Privacy, Popular Posts
16 Comments »
Thursday, February 28th, 2013
FTP, the “File Transfer Protocol” has been around almost since the inception of the Internet. As anyone with a web site knows, it permits files to be easily uploaded to and downloaded from servers. It is built into every kind of web site authoring software and even into most web browsers.
Unfortunately, FTP suffers from the same design flaw that pervades the basic usage of email services like POP, IMAP, and SMTP. If used in its default form, all data sent between your computer and the server is sent unencrypted, in “plain text”. This includes your username, your password, and all file data.
Essentially, if you are in a wifi hotspot, anyone there can likely get your username and password and read your files. Similar things can happen even though your direct or or office network connections …. connecting via FTP is like walking down the hall with your username and password taped to your forehead. Any one (or any hidden camera) can see it and use it.
Read the rest of this post »
Tags: dreamweaver, ePHI, filezilla, firefox, ftp, hipaa, sftp
Posted in Business Solutions, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »
Friday, February 27th, 2009
If you are allowing Mozilla FireFox or Thunderbird to remember passwords to web sites and/or email accounts in their Password Manager tool, you should know that these passwords are all stored in a plain text file (base64 encoded) on your computer’s disk drive. This file is accessible to anyone with administrative access to your computer. If you have any concerns about the possibility of other people accessing your computer and this gaining easy access to copies of the passwords that you are using, you really need to employ the “Master Password” feature of these programs.
Read the rest of this post »
Tags: 3des, encryption, fips, fips 140-1, firefox, firemaster, master password, mozilla, password, password manager, security, strong password, thunderbird, webaides
Posted in LuxSci Library: Email Programs and Devices
4 Comments »