Other articles


  1. On agents and keychains (Part 1)

    Many people, myself included, use tools like ssh-agent or gpg-agent to protect their private keys from theft without sacrificing the convenience of password-less logins. Presumably even more people use some kind of password manager, whether that is the one included with their operating system or a third-party one. I've ...

    read more

    There are comments.

  2. Thoughts on a cloud-based password synchronization service

    Today, Apple has enabled its cloud-based password synchronization service, iCloud Keychain. The service promises to safely store and synchronize passwords and other sensitive user data like credit card numbers among multiple devices. Apple claims that the information is protected with AES, but that alone is meaningless without knowing where that ...

    read more

    There are comments.

  3. TLS client certificates and Mobile Safari

    Update (2013-08-31): Apple has asked me to refrain from publishing any details on this security-relevant bug for the time being; I hope that a fix will be released soon. When that happens (or after a reasonable amount of time has passed), the original post will be restored.

    Until then, I ...

    read more

    There are comments.

  4. VPNs and IPv6, part 2

    As I've written before, VPNs can lead to insecure situations when used with IPv6 enabled networks.

    The easiest way to mitigate that problem is actually just to enable IPv6 tunneling over the VPN itself, provided your VPN gateway has IPv6 connectivity and you have a spare /64 subnet you ...

    read more

    There are comments.

blogroll

social