Documentation Analysis/Documents/Spec Security

From SQRLauth.net
Revision as of 16:18, 2 July 2017 by Perlkönig (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Outline

A standard part of RFCs is a "Security Considerations" section.

  • Proactive measures (key length, cryptographic algorithms, etc.)
  • Network environment (TLS required)
  • Remote online attacks
    • Man in the middle
    • DNS poisoning
    • Evil website
  • Local attacks
    • Shoulder surfing
    • Evil app
    • Brute force password guessing
    • Lost phone
  • Social engineering
  • Botnet account creation

Document