February 2006
Rainbow Cracking and Password Security
by Sam Varughese, CISSP, SCSA
Passwords are often stored hashed on the premise that significant time is required to brute force a hashed password. The value of password hashes, however, has been undermined by the Rainbow Cracking attack. Rainbow tables readily available today reduce the time required for cracking hashed passwords to minutes. This article presents this recent attack on password hashes.… more →
Assert Safely: How to use .Net's Assert wisely
by Sangita Pakala, GCIH
.NET’s Code Access Security is a powerful mechanism to ensure that your code is protected from malicious assemblies. In this article, we show you how to use a powerful feature of .NET securely: the assert security action.… more →
Quiz: Quiz: Handling Secrets in .Net
Which of these is not a good strategy for handling secrets in .Net?
- Use SecureZeroMemory to clear secrets in the memory
- Use aspnet_setreg to encrypt passwords in the registry
- Use .Net’s isolated storage to store secrets safely
Review: Software Security : Building Security In
by Gary McGraw
We discuss Gary McGraw’s excellent book on the philosophy of software security and how it is present in all stages of the software development lifecycle. A must read for software managers.… more →