About passwordless authentication
## TL;DR: 1. Single Sign-On (SSO) 2. Biometrics 3. Possession factors -> OTP 4. Magic links 再來簡單了解一下各分類: 1. SSO -> FB login, Google Lo...
How to use Active Record Encryption without Rails credential
This post will teach you how to use Active Record Encryption with Dotenv ### Step 1: generate credential First of all, follow [officia...
How OTR (Off-the-Record) Messaging works
OTR stands for Off-the-Record Messaging, the OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on ...
Blowfish algorithm (bcrypt)
How to store password in the database using bowfish algorithm to hash (using Python to demostrate) ```py import bcrypt salt = bcrypt.g...
Install SElinux
```shell # install sudo apt install policycoreutils selinux-utils selinux-basics # activeate sudo selinux-activate # change to enforci...
How Digital Signature works
Key concepst: 1. private key 加密的訊息只可以用 public key 解密 2. public 加密的訊息只可以用 private key 解密 3. 不一樣的內容經過 hash function 後產生的 hash value 不一樣,一樣...
儲存 sensitive 資料的一些基本作法
### 大原則: 1. sensitive 資料加密儲存 2. Web server 只放加密用的金鑰,不放可以解密的金鑰 實際做起來就是:把需要解密的金鑰放到 worker 的 server,worker server 不接受來自外面的流量、且只能透過公司的 VP...
reset password token leaking
reset password 的網址常常是 https://yourdomain/password/reset?token=xxxx 但這樣就會被第三方網站從 `HTTP Referer` 內找到並紀錄起來 reset password 的 token,例如 googl...