How to securely share a secret/ password by between n individuals, so that majority consensus is required to retrieve the password / secret?

The following constraints apply

  • cannot use physical storage medium (such as Safe/ Vault)
  • the service used to store secret/ password should be highly available and accessible from anywhere in the world.

security – How to securely develop and deploy a software

In our company, we are developing cutting-edge and critical software which they will deploy on mission critical product, so I wanted to know how should I make the whole process from software development to software deployment secure? i.e. no one (from internal or even cybercriminal) could make some changes and modifications to our software. So for this purpose, what standard or best practices I should follow?

key management – How can I store and manage my GPG key pair securely?

I’ve taken measures and thoughts on how to securely store and manage my key pair. In the process of it a few questions arose, which I’m not capable of answering yet. My key pair will be used to encrypt passwords and documents of banks, insurances, invoices, photos and the like. All this data is not publicly available. It is stored in a cloud with password restricted access. I’m evaluating right now, which one fits best.

This is how I set up my key pair:

# Generated a key pair in the past, following general tutorials
gpg> list
sec rsa2048/9AB628FC04C23871
    created: 2019-02-29 expires: 2022-02-29 usage: SC
    trust: ultimate    validity: ultimate
ssb rsa2048/17832C40CF826BA9
    created: 2019-02-29 expires: 2022-02-29 usage: E
( ultimate ) (1). Thomas Kelly <Tkelly@ua-corp.com>

> gpg --list-keys --with-fingerprint Tkelly@ua-corp.com
pub    rsa2048 2019-02-29 (SC) (expires: 2022-02-29)
       B69A 8371 FC28 402C C204 82CF 7138 A96B B8F4 C87A
uid         ( ultimate ) Thomas Kelly <Tkelly@ua-corp.com>
sub    rsa2048 2019-02-29 (E) (expires: 2022-02-29)

> fdisk /dev/sdb # n, 2048, +2G, w
> cryptsetup open --type plain -d /dev/urandom /dev/sdb1 data
> dd if=/dev/zero of=/dev/mapper/data status=progress bs=1M
> cryptsetup close data
> cryptsetup luksFormat /dev/sdb1 # pw ...
> sudo cryptsetup open /dev/sdb1 data
> mkfs.ext4 /dev/mapper/data

Then I went on and exported my keys towards this device, I’ve created. After I got used to it, that private keys are always a little bit different from another and you can’t export your sub-public key, the following questions remained:

  1. Are both of the following commands returning the ssb key (17832C40CF826BA9)?
gpg --export-secret-keys 17832C40CF826BA9
gpg --export-secret-subkeys 9AB628FC04C23871
  1. Is it fine to remove the key 9AB628FC04C23871 from my system, after I backed it up on the drive, created above?

  2. Should I save a revocation certificate with it?

  3. This key pair once expired and I changed the expire date. I can’t remember correctly, but I’ve found two additional certificates lying around that seem to be these old expires certificates. I’ve read that the process of changing the expiring value creates new certificates. Can you confirm this?

  4. I want to have two certificate stores like this on different locations. I’d renew the key on a yearly base. Should I use paperkey or the same digital method above?

iphone – Securely deleting data in iOS

As far as i understand, resetting an iOS device by using „erase all content and settings“ is considered secure deleting, as the key for the encryption is obliterated and no data can be recovered.

Just to be sure: is that still the case if i set up the device with the same Apple ID afterwards? Will iOS generate a new key, or will the system somehow recognize my Account and use the same key all over again?

Is it possible to securely factory wipe a phone directly after encrypting it?

I would really like to make my phone more secure. But at the same time I want to be able to factory wipe it any time. I’m afraid that factory wiping could brick the phone/makes it unusable. So is it safe to wipe the phone directly after encrypting it?

Can my phone be securely wiped after an encryption?

I would really like to make my phone more secure. But at the same time I want to be able to wipe it any time. I’m afraid that wiping could brick the phone/makes it unusable. So is it safe to wipe the phone directly after encrypting it?

chrome – How to securely use crypto wallet extensions?

Browser wallet extensions that let you interact with dapps are required to access different crypto-related services. These (to mention a few: MetaMask, Fortmatic, Tron wallet, etc) often require access to everything I do in the browser, including crypto exchanges, other wallets, etc.

Do I have a better option than install say 10 standalone portable chromium browsers, one for each extension?

deletion – Reccomended way to securely erase SSD storage of a smartphone?

deletion – Reccomended way to securely erase SSD storage of a smartphone? – Information Security Stack Exchange

software – The difficulty of securely storing a password

We have an open source software that allows users to be created. The users are saved in an LDAP directory. The software connects to the LDAP as an administrator to write a new entry for a new user, or to edit the password if the user wants to change his password. To do this, the LDAP master password must be stored in the software. Now, this password is valuable, where valuable means, if it gets into the wrong hands, you have to call the police within hours. Therefore the suggestion was made to store the password reversibly encrypted with salt. However, for me this does not come out on a remarkable improvement, because the key for the encryption must also be stored on the system, as well as the salt. If an intruder has root privileges on the system, he can read the encrypted password, key, and salt, and with the open source software application, with a little programming knowledge, he will have decrypted the password shortly. I think about the best way to solve this, but no matter which technology you use, the associated key must always be stored on the system, so it is just as vulnerable as before. So the question is essentially how do you make the application have the key, but it is not stored on the system?

The application is old and has a lot of memory leaks, so it has to be restarted automatically every night, so just keeping the key in memory is not a usable option. The key must be permanently available, even after restarting the server.

javascript – How to securely use CORS with php?

What i had assumed is that if i am able to set a CORS policy an error will be thrown if someone try to access by different means other than browser.
(meaning):

'Access-Control-Allow-Origin', 'http://localhost:4200'
'Access-Control-Allow-Credentials', 'true'

If i had set this above header in response from php then only a site (CORS enabled) that is running on ‘http://localhost:4200’ can access the server otherwise it will throw an error.

But recently i’ve found out that if i can edit a header origin and send a request it is not throwing a CORS error instead request was successful.

Is there any way i can just limit site access from browser only from ‘http://localhost:4200’?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123