am facing an issue with NVDA screen reader where in its not reading the links or text in a navigation.
Link – https://codepen.io/yogesharora28/pen/WNNPQKV
Am using arrow keys to navigate in NVDA, and if i move from a sub menu to next menu, for e.g. going from “home” and reading the items in its sub menu, moving next to “About us” menu, it wont read “About us”, instead reads the sub menu items of “about us” Any idea what could be going wrong?
. . . Or is that discouraged, and it’s better to use separate key pairs for TLS and JWT? (It would be slightly easier to manage one key pair only, but probably better security to use two separate key pairs).
I have a question:
Let’s assume I encrypt string A with string B(key) (the result is string C) and then I encrypt string B with string A(key) (the result is string D). Let’s say using AES algorithm.
If an attacker knows that AES is the algorithm I used and also has C and D, can they figure out strings A and B?
I’m working on a project to encrypt many files with a single password.
The steps I will employ to encrypt the files are:
- user will execute a command similar to
tool --encrypt --recurse directories/to/recurse and-other-files.txt
- the user will be prompted for a password
- two 64 byte crypto random salts and a 16 byte crypto random IV will be generated
- no 2 files will ever use the same salts or IV
- each individual salt will be combined with the password to create to 2 separate argon2id keys
- one key will be 32 bytes long and is used for the AES-256 cipher block
- the other will be 64 bytes long and will be used as the key for a sha-512 hmac
- the resulting encrypted file will be written as
I believe this would result in a reasonably secure, set of encrypted files. My main concern though, is that because of the way that users will use this tool, there is a good chance that they will accidentally encrypt small, easily guessed files.
And since CTR mode doesn’t require padding, anyone with access to the encrypted file will know the length of the plaintext file. It seems that CTR mode is considered secure for files, provided the IV is unique for each encryption run and the file is authenticated.
Is there a chance that the cipher key, HMAC key, or password could be derived through a known plaintext attack from enough small guessable files? Are there any other glaring flaws in my methodology that could leak data?
I downloaded a Qubes OS ISO and I’m trying to verify its legitimacy using this guide. GPG was behaving weirdly, so I created a separate user with a separate keyring to reproduce the issue.
When I try to verify the key on my Debian system, the signature on the release signing key is not there:
$ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc gpg: directory '/home/test/.gnupg' created gpg: keybox '/home/test/.gnupg/pubring.kbx' created gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc' gpg: /home/test/.gnupg/trustdb.gpg: trustdb created gpg: key DDFA1A3E36879494: public key "Qubes Master Signing Key" imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc' gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --list-sigs "Qubes OS" pub rsa4096 2017-03-06 [SC] 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown] Qubes OS Release 4 Signing Key sig 3 1848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key $
I expected another line with a signature from the master key, such as
sig DDFA1A3E36879494 2017-03-08 Qubes Master Signing Key
Surprised, I decided to check on another system. This one is running Arch Linux. I trust it less than the Debian system. Perplexingly, the signature does show up — the output is just as above, but with the added signature line.
The GPG version is
2.2.17 on both machines.
What could be causing this discrepancy?
I’m working on a web app, and I know little about security/cryptography (for now, still learning) but I’m trying to set up a front-end where:
At the very beginning, the user puts in their private key.
Any time the user does anything to interact with the backend, the key is used to sign or encrypt whatever data it needs to, the data is sent, and when the user is done with everything, they close the browser.
Is this a secure way of doing this? Can anything but my JS code access this key in the process?
(P.S. it’s gonna be RSA or ECC so asymmetric, private key is only known by front end user)
I want to map Super+Left and Super+Right Keys to Home button and End button.
But I can’t do. How can I do?
I’m currently looking at perfect hash functions. One thing I miss from the texts I’ve read so far is, how they cope when attempting to look up with a key that is outside of the set from which the perfect hash was generated from.
I’m running Ubuntu 18.04 on an HP Spectre x360 13″. My brightness keys work great, however I’d like to be able to change the minimum brightness displayed. For instance, at the lowest possible setting before going black, I have this:
$ cat /sys/class/backlight/intel_backlight/brightness 1201
However this is extremely bright in a dark room. A value of
200 would be more appropriate. Is there a way to adjust this?
I am using the PIM Evolution 3.22.6 for e-mail and contacts. For encrypting e-mails gpg (GnuPG 2.1.18) is used by Evolution.
How can I configure my system such as when I compose an e-mail the PGP key for the recipients are automatically retrieved from key servers and added to my keyring?
For example when I try to send an e-mail to a recipient, which is not in my keyring I get the following error message:
gpg: <firstname.lastname@example.org>: skipped: No public key
In case I run – outside of Evolution –
gpg --search-keys email@example.com a key is successfully found. Is there any way to tell Evolution to deal with the search?