Saturday, July 25, 2015

How are typical users handling passwords of their online accounts?


There as much been written about users and their accounts and passwords, but I recently was confronted with a rather funny story about this topic. Perhaps you can recognize yourself in a similar situation?

The story...

Someone, in my social circle, recently got a new smartphone. She was very happy with it, but there was one major thing to do. Configuring it. As I am the local IT-guy in this circle, I was asked to help with it. Of course I want to help with that (for two reasons to be honest: firstly, to help the other, but it is always nice to fiddle around with a new phone though).

So I started to do the basic stuff first and ignoring the phase to enter accounts and such. First I disabled some apps (or bloatware if you like), set some settings, made connections with WiFi, renamed the name of the Bluetooth connection and so forth. Then I went to the first account. This was the Google Account which I needed to download the apps from the Play Store.

I gave the smartphone back to her and asked if she would like to fill in the account details. It went silent and a moment later the following was said.

Oh, I cannot remember that anymore...

I asked if she could have written it down. That was a possibility, so she went to search for the piece of paper with all their user credentials on it. There are some downsides with using a piece of paper as your Password Manager, but it is sure as offline as it can be.

After a long search, the final conclusion came: the password could not be found. So we started to try out some passwords. I helped her try to remember the passwords by suggesting some other passwords that are used for other accounts and by suggesting to extend the birthday and so on. Password reuse is the tradition here, but after 20 minutes of guessing and thinking we came to the conclusion that we would need to restore the password of the Google Account.

I could have started with this of course, but often such restore with Google accounts are bit tricky. You have to have continuously updated the restore information in your account and I was not sure that was the case. But as it was now time to undergo the last resort solution and I started to restore the account credentials. Luckily the information to restore (such as a valid alternative e-mail address) were up to date and the account was marked for a new password.

She went silent for a minute, processing all the passwords that have been thought of in the last 20 minutes, and decided that she had made up a new one. She entered it twice and hit the OK-button. The following message appeared.

The password has been previously used by this account. Please use a new one.

You can imagine the hilarious situation of this. When it was time to make up a new password, the actual correct password of the account was entered as a 'new' one. We had a good laugh, made up a really new password and written it down on the paper and all was set. And I moved on with installing and configuring the smartphone.

I immediately thought that it was a nice topic to write a blog-post about. I think it really reflects how typical users commonly handle their credentials.
  • They are written down in unencrypted manners or on paper.
  • Password reuse is the norm.
  • Passwords are relatively easy to predict.
  • There is not much commitment to do it the 'right' way.
Not that I can blame her or any other user on the last bullet though. The things to do are allot and sometimes difficult to configure or even difficult to use. And the fact that there are easily over 100 accounts that needs to be managed per user does not make it any easier.

So, I want to set out a set of simple best-practices to make improvements in matters such as above.

But what are the best-practices?

First of all, every account can be compromised. Sometimes by guessing or extracting (and using) passwords and sometimes by circumventing implemented Security controls. If an attacker is really dedicated and wants fast results, buying a 5 dollar/euro wrench at a local hardware store is enough to convince most people to give up their passwords. People tend to be more protective about their fingers and knees, than they are about their passwords.

But unless that is happening, you can follow the guidelines below when it comes to protecting your accounts.
  • Always use a unique password for every account.
  • Use a lengthy password:
    • A password is at least 16 positions long and is at least mixed with numbers, capital and non-capital letters.
    • A pass-phrase of at least 16 positions is also possible. For as long as it is not a easily guessable sentence.
  • Do not use your birthday and names of yourself, your spouse, friends, pets, and so one. Do not use any information in your password that might be found online.
  • If there is support for Two-Factor Authentication, always use that.
    • This is a feature that asks for an additional code (called One-Time Password) to be entered. The code can be send to your mobile using a SMS text message or can be generated on additional hardware or apps. This is often seen with electronic banking.
  • Store your account and password details in an application (Password Manager) built explicitly for such a functionality.
  • And never ever ever share your accounts and passwords with anyone else. Unless you are very certain that it can be done (think about a shared account between spouses to follow the sale of their home online).
With the rules above you can greatly improve the security of your accounts or the accounts of your family and friends. And most importantly, almost every family or a group of friends have someone in their mists who understands this all. Ask for his or her advice and ask them to help to get you going!

Do you have any other tips or questions? Please feel free to share them in the comments below!

Sunday, July 19, 2015

From a Cybernator to an attractive or love-able Cyber-bot

Recently I wrote a blog about Terminator Genisys and the very fact that something like Skynet might emerge. As I am a huge movie-fan, and specifically in the science fiction genre, I did see two more movies that cover a bit the same topic. At least for the Artificial Intelligence (AI) part. These movies were Chappie and Ex Machina. I found the movies very nice and entertaining to watch and both movies took a different approach to the same question. Can a human care for, or even love, a robot?

The punch line here is that I do believe that we can love or feel empathy for a robot and I'll explain why we can.



For your information, I am not going to spoil the endings of the movie, so you can safely read ahead.

Love is not human-only

We all know pets like cats and dogs. They are likely the species that are kept most as a pet. Not weighing in the tigers and lions though. Non pet-owners, especially people who never had a pet, might find it difficult to believe that people who do have pets actually can really love their pets. People really do!

But why do people love their pets? Why are people grieving when their pet has died? I believe the most fundamental part in this love for a pet has something to do with reflection of human behavior. Behavior of your pet that 'shows' human-like emotions is a big part of the ability to love a pet. And not only the behavior is key in this, but also the feeling of actually connecting with an animal can result in feeling (at least) empathy for them.

Dolphins are smart and we can interact with them and learn all kinds of things. Same applies to dogs, cats, monkeys, rats, apes and many more. The more the animal resembles parts of a human, the more a human can feel empathy. The level of empathy differs from human to human of course, but the foundation holds truth here. I also believe that feeling empathy is the strongest with mammalian animals. Mosquitoes or the common-flew are not easily loved I guess (at least, I have troubles with that).

So, for arguments sake, lets state that humans can feel love or empathy for non-humans in the form of animals that represent some part of human behavior or emotions.

Chappie

Chappie is a robot who (funny, did not wrote which here...) is made sentient by the lead engineer of a corporation that makes these robots. The nice touch here is that the sentient is mentally 'born', almost like a human. It holds no knowledge yet and its brain functions are comparable to that of a human infant. Chappie grows up and throughout the movie it gets smarter real fast.

I found out that my emotional response to Chappie being mistreated is the same as to animals being mistreated. Or even a humans being mistreated. I started to care for Chappie and I hoped he would succeed in overcoming his fears and challenges he faced in this harsh world. I did say fear. It is not strange to believe that the moment a being is sentient; it will know fear of dying when it figures out that its existence can be ended. So Chappie gets to know feelings of fear, joy, happiness sorrow, loss, anger, and revenge. Including fear of death.

Physically he really looks like a robot. Metal, mechanical, rotors, buzzes and all. But in all his behaviors and all his communications he feels human. He reasons like a person and he struggles with the same questions about morality as anyone other does.

If a robot shows true AI on a level that can be recognized by and conversed with humans, is it possible to feel empathy for such a sentient being? Is it that much different than a dog or a cat? Or perhaps even a human being?

Again, I truly believe that it is possible to feel empathy for Artificial Intelligence.

Ex Machina

Whereas Chappie is more of an action movie, Ex Machina is more of a psychological one. The movie explores the very foundations of us being human and how it relates to AI. It revolves about a Turing-test that a scientist needs to perform on an AI enabled robot. Basically a Turing-test is a test that revolves around a human versus computer interaction in which the human does not know it is interacting with a computer. A spin-off thought here, what if the computer does not know it is a computer, but thinks it is a human? How can the human convince the computer that it is not human?

The robot in this movie, called Ava, is made by the company that has the world's biggest online search-engine. In a way there were many (bit scary) similarities with present reality. For that part this movie has a nicely worked out foundation on what is needed to develop an AI. Just watch the movie if you are curious how this is done.

Ava shows more similarities with humans then Chappie does. She has a female face, acts feminine, also has emotions like fear and joy, can make jokes, manipulate and lie. She even flirts with her male human opposite. It goes so far that man is starting to feel attracted (mentally and sexually) to Ava. When watching the movie, I can understand why he started to feel attracted. Especially if you see the ability of the robots to put on human skin and then actually look like a real person.

Could you love an AI enabled robot that looks like a real person? When the robot is smart and wise like a human, would you even recognize as it being artificial? And what if you do not recognize it as such, how could you not love such a robot?

Just philosophical for now

Al these questions are mostly philosophical of course, but they can become real questions for mankind in the coming decades.

The next question is, would we recognize an AI as sentient when it is an intelligence we cannot comprehend, relate with or even cannot communicate with? If so, wouldn't that be an even bigger danger for mankind then AI we can feel empathy for? A nice book that covers this topic is The Swarm. It is not artificial but biological intelligence and that is all I am going to spoil. It is a nice book and worth the read.

If you want to share anything, please do so in the comments below.

Wednesday, July 15, 2015

The Cybernator is on the rise!

Ta-da-da-dadum, ta-da-da-dadum.... Yeah, I obviously went to see the movie Terminator Genisys. This time Skynet hides his evil schemes behind an epic operating system launch, and when online, all cyber breaks lose! I missed the dragons with Daene... uhm... Sarah, but hey, evil robots and artificial intelligence will do just fine. Besides that, nothing beats the awesome Arnie fighting-skills with his crushing-opponents-through-12-concrete-walls-in-a-row skill! Not the mention me wasting 30 megs on my data-plan just to hear "get to the choppah!!" again on some soundboard app. It was well worth it though and it was a nice evening (ghehe).
First iteration of Skynet?
It is obvious (I think) not to expect a serious review on the movie itself by me. I am far to biased here. But I want to talk about something I like about this Terminator-Universe (and similar movies alike). When I was roughly 12 years old I saw the movie The Terminator (1 and 2), and I was ever since hooked on its story-line. The very fact some man-made machine would be the end of our existence fascinated me. It made me wonder, how real is this threat?

Genisys is Skynet in disguise, or is it #Cyber?

No need for a spoiler alert in this post, but it is rather obvious that Genisys is Skynet in disguise. The fun twist here is that Genisys is nothing more then an abstracted view of our integrated Cyber world with millions of devices, services, apps and users. Perhaps even billions. This Cyber world is called Skynet in Terminator 1 and 2 (and 3?), and although not explicitly mentioned, it is basically the Internet in Terminator Genisys. Some doctor says "everything will be connected" followed by Sarah saying "huh?". Obviously there is no Internet in 1984 in the way we know it today so Sarah not knowing is forgivable. Skynet in the latest movie is actually more the artificial intelligence itself that will harness its power through the ever connected and growing Internet.

The Cybernator

I do not have a time machine to jump back in time or to the future, so I cannot say that our world will ever face a similar dystopian threat as Skynet. But the ingredients for this recipe are there though.

First of all. Skynet already exists and we call it The Internet. Or the Cloud. Or everything that is preceded by the word Cyber. Second, artificial intelligence (AI) already exists also. Not in the form of Skynet, but AI is doing allot of things for us mankind at the moment. The fact that it is not self-aware (yet!) and that it is doing most of the time a specific task, its algorithms are complex and machine learning is often applied within such algorithms.

Scientist are working hard on the first real AI in the context we often mean when we say AI. Which is a computer that is self-aware and has at least the same intelligence as us (which is not very ambitious in my opinion) and can make decisions independently from pre-programmed knowledge. This post is not meant to go in-depth about this topic, but if you want to know more, start with the book "How to Create a Mind" and see where your journey on this topic ends.

I personally and truly believe (based on previous technological advancements) that mankind will see the rise of the first AI in a couple of decades. The first version (or should I say generation) will probably be not 100% right, but that will chance quickly when it can evolve by itself. It will be a very digital AI also which does not harness a body (in this phase at least).

And third, the Internet-of-Things (IoT) is a new growing phenomenon. IoT are devices and services that operate and communicate with each other through the Internet without interference and without in-process-decision making by man. They act solely, based on constraints and rules, by themselves.

Well.. is the threat real?

So we have The Internet, the fist iterations of some form of AI, scientists working on real AI and we have the Internet of Things and soon old military surveillance drones as WiFi access points. Kinda starts to sound like Skynet right? Besides if the threat is real or not, the right question is (which also is slightly touched in the movie): "Are we prepared to merge the biological and technological evolution of mankind?". When we are not prepared to do so, we as a species might become threatened by either machine or hybrid (some sort of cyborg).

Hybrids may seem far fetched now, but when considering technology such as upgrading the lenses in your eyes in a couple of years with technological replacements (to enhance your vision and infra-red and all) it might be closer then you think. When is a man considered a hybrid? What if we are capable of connecting our brains to the cloud and learn the skill of hybrid thinking? Are we then part machine? Or are we still the biological mankind from 10 years ago?

The real threat can be defined from within the understanding of our history. If hybrids are real (mankind with enhanced and deeply integrated bio-technology) then we just have to look at the period from 1492 AD and beyond. The Indians were overrun by the technological more advanced European colonists. In the beginning all was fine, but as soon the Europeans wanted more land that was habituated by the Indians, the tensions grew rapidly. You might even wonder what would have happened if the Indians killed Columbus to moment he set foot on the ground. News of a success would not have reached home and colonization would probably have been delayed for a while. Would it be inevitable though?

And now fast-forward to the present day. If you look at the way we use connected technology (smartphones, tablets, Internet, IoT, and more), perhaps 'Columbus' already has discovered a new continent called #Cyber and that it is just simply to late for us to resist successfully. This struggle (or war even) between enhanced and non-enhanced humans is mentioned in this video Transcendent Man on YouTube, from roughly 56 minutes and beyond.

With all the new technologies ahead, we are at least entering exciting times that stretch beyond our imaginations. It is up to you and me in the near future how we will evolve not only technologically, but also morally and ethically.

What is your reflection on this subject? Feel free to debate it in the comments below.

Thursday, July 9, 2015

To bloat or not to bloat?

'Bloat-fish' from Finding Nemo 3D
To bloat, or not to bloat? That is the question. Or is it really? Recently a group of Chinese consumers in China filed a lawsuit against Samsung and Oppo for delivering to much bloatware on their devices. I tend to say that indeed bloatware is not good. But the real question that needs to be answered first is: "When does software become bloatware?".

Any app that connects to a service that is optional within an ecosystem should not be pre-installed and when such an app is a replacement of a local or connected app than the local or connected app should be pre-installed.

We all know that bloatware is added for mostly economical reasons. Be that it may be good or bad, but it helps reducing the price-tag of the devices. Although we have seen that companies, such as Lenovo, also added spyware which is downward evil in my opinion.

In this post I will outline the differences in software and bloatware and, hopefully, will show why I think the statement above is what bloatware is.

Purpose of devices

There are three (generalized) reasons that people use their devices. So lets take a look at that first.

The first one is that of consuming content. That may be books, movies, series, information from websites and apps, gaming, shopping, social media, et cetera. The second one is that of organizing. This is everything that is done to organize information and relations. Think about planning (calenders), note-keeping, keeping contacts, social media and other actions that support the activity of planning. The last reason people use their devices is that of producing. Albeit this is mostly preserved for laptops and desktops, it also happens on smartphones and tablets. Producing is making content or systems in whatever context that you make it. Think about drawings, video, music, websites, programs, and more.

But there is a sort of "fourth" category. And those are the activities that in some form interact with system components. Most often just because it can (I for one, like stats on my system and all its sensors, geek-stuff I guess). Think about the LED-light on your smartphone that is used as a flashlight. And think about the sensors in your device that give you the ability to use your device as a compass. This functionality of system components are more on an Operating System level and I tend to say that they support the usage of devices to consume, organize and produce.

The layers of software

We now have established an understanding of what the purpose of a device can be, so let's plot that on the layers of software on a abstract level. For the sake of reading, I call everything an app or functionality now.

Layer: Operating System (OS)

The layer of the OS supplies all other layers with functionality. Think about sensory information and specific hardware elements such as LED-light, camera. So here is a list of functionality, sensors and other important hardware that might be present on the OS layer.
  • Camera - To sense images
  • LED-light - To create light
  • Microphone - To sense sound
  • Accelerometer - To sense acceleration
  • Gyroscope - To sense position
  • Magnetometer - To sense magnetic fields
  • Proximity sensor - To sense objects nearby
  • Light sensor - To sense light intensity
  • Barometer - To sense atmospheric pressure
  • Thermometer - To sense temperature (inside device and outside)
  • Air humidity sensor - To sense humidity of air
  • Pedometer - To sense steps made by a person
  • Heart rate monitor - To sens heart rate of a person
  • Fingerprint sensor - To sens a fingerprint of a person
  • GPS - To determine global position of a device
  • NFC - To read nearby chips
And this list is not a definitive list. This list is translated in a list of apps below.
  • Photo and video camera
  • Flashlight
  • Compass
  • Voice recorder
  • Fingerprint scanner
  • NFC reader
  • Screen control by using the procimity sensor.
  • Environment apps that reads sensors such as barometer, thermometer, and humidity sensor.
  • Location and direction apps that reads sensors such as accelerometer, gyroscope, magnetometer, and GPS.
  • Health apps that reads sensors such as pedometer and heart rate monitor.
  • Other apps that read/connects to NFC, WiFi, Bluetooth, Cellular signals, Battery level et cetera.
I think that if you have a specific sensor or hardware capability in your device that you also need the capability to read sensory information of it or use the hardware. I state that such apps are not bloatware. They are an integrated part of your system and all its sensors and hardware.

Location and health apps are specific categories though. Most often such apps are part of an ecosystem by a tech-company and those apps may have an impact on your privacy. I still think you should have an app that can read your heart rate (and perhaps switch it off!). It is another thing if such data should be stored locally or on a Cloud service. I will come back to this later in the ecosystem layer of software.

You will see that apps that resides on the Local and Connected Application are mostly about organizing and planning.

Layer: Local Application Layer

Here are examples of apps (and I state that I talk about the offline versions of them) that I think are tied to the Local Application Layer.
  • Contacts list
  • Calender
  • Tasks
  • Note-keeping
  • Clock, alarm and stopwatch
  • Phone
  • Calculator
  • Photo and Video viewer
  • Filesystem viewer

Layer: Connected Application Layer

Here are examples of apps that reside on this layer. Keep in mind that I talk about apps here that are not a part of an ecosystem, but just have to ability to independently connect to online services.
  • E-mail
  • SMS
  • Web-browser
  • Download Manager
  • Update Manager (updates should be where ever possible delivered from outside the ecosystem)

Layer: Ecosystem Application Layer

The last layer is that of the ecosystem itself. Most often this is the Google Play, Apple iTunes, Microsoft Store, Amazon, or other variations that are out there. In this layer most of the consuming apps resides and often also the producing apps. On the Windows platform Microsoft is also undertaking a move to make all Windows 10 desktop apps available through the Microsoft Store. Yes, it is still possible to install apps from outside the ecosystem (just like Android), but with Windows 10 Microsoft is slowly discouraging that.

I want to mention that only one app in this layer should reside on a device, but no more than just that one app. And that is the app to access and utilize the ecosystem itself. That might the Play Store, Appstore, and so forth. Sometimes this also comes with a video and music player and a book viewer, because that is not an integral part of the app for the store. There is a 'but' though...

Cross Layered Apps

And here is the gray area of software versus bloatware. Google, Apple, Microsoft and more companies alike, are developing ecosystem based apps that replace apps on the local and connected layer of a device. Think about Gmail, Google Drive, Outlook, OneDrive, iCloud, iCloud Drive, Calender, Contacts, People, Hangouts, iMessage, Facetime, Google Fit, S Health, S Note, and the list goes on and on. The reason this is happening is to keep you in the ecosystem by supplying an ever more integrated online and social experience.

And it works more often than not. When I look at myself I can draw that conclusion anyway.

So, when is an app bloatware again?

Any app that connects to a service that is optional within an ecosystem should not be pre-installed and when such an app is a replacement of a local or connected app than the local or connected app should be pre-installed. Here are some examples for the Android platform.
  • Gmail is not optional to the Play ecosystem (everyone with a Google account has Gmail). Therefore, Gmail could standard be present on a phone, but it might be redundant. There is in most cases also a connected version of the e-mail app available.
  • Google+ is an optional service within the Play ecosystem. It has no local or connected app as a counterpart, so Google+ should not be pre-installed on a device.
  • Play Movies is an integrated part of the Play ecosystem (to play videos rented or bought within the Play Store) and it therefore should be present on a device for the sake of user experience.
Apple does a better job concerning bloatware, although I really am wondering why there is a Stock Exchange app. It should just be an optional app. Just like the weather and news apps on all platforms of devices by the way.

Google and Microsoft are doing a better job also with the devices released by themselves. You also know that if you buy a device from them directly that you are really connecting to their ecosystem. Although this is not obligated in many cases and you can use a device outside the ecosystem (you will lose some functionality though).

But when devices are released by third-party manufacturers it suffers very often from bloatware. Especially with consumer devices from companies like Samsung, Dell, Packard Bell, LG, HTC, Sony, Hewlett Packard, Lenovo, et cetera. Most devices come pre-installed with many apps which operate within an ecosystem and often also with games.

I would rather pay a couple of bucks more for a device if it does not come with bloatware.

What do you think about all this? Please share your thoughts in the comments below.

Friday, July 3, 2015

Guide for building an Encryption Policy: The Policy in Summary - part 4


Well, now it is time to give a summary on topics I have talked about in the other parts of this blog-series. In this post I will set-out the guidelines and if you want more background information on why I choose for some directions, please check the other posts.

I will setup the policy as much as possible on the way business rules are handled. This to maintain the audit-ability of the policy.

The series of posts are divided over the following topics.

The Encryption and Hashing Security Policy

General Policy

Every algorithm that is being used...
  • complies to the Kerckhoff's Principle.
  • is NOT theoretically or practically compromised or cracked.
  • is publically known and commonly used.
  • is sufficient enough to keep the data secret for as long as it needs to be secret.
  • is considered as part of a Life Cycle program in the organisation.
Comply or explain...
  • Every implementation and use of any encryption algorithm complies to the entire policy.
  • When it is not technically possible to comply to the policy then:
    • Always choose the next best possible option.
    • Always do an additional risk-analyses on the chosen option.
    • Always implement additional controls when the risk-analyses suggest you should.
    • Always perform penetration testing to test for weaknesses.
    • Always document the chosen option (explain).

Hashing Policy

Hashing Algorithm
  • The chosen algorithm is at least SHA-2.
    • Block size: at least 512-bit, but preferably 1024-bit or higher.
    • Output size: at least 256-bit (SHA-256), but preferably 384-bit (SHA-384) or higher
  • MD5 and SHA-1 are never used.
Salting with Hashing
  • Always salt a message before hashing when used to store passwords / passphrases and other session identifiers.
  • Every salt is unique, randomized and not reused anywhere else.
  • Every salt is as long as the output size in bytes of a hash.
  • Only use one hashing technique for one message.

Encryption Policy

Symmetric Encryption
  • The chosen Stream Cipher algorithms are ChaCha20.
    • The key-length is at least 128-bit.
    • The key-length is preferably 256-bit.
  • The chosen Block Cipher algorithm is AES or TwoFish.
    • The key-length is at least 192-bit.
    • The key-length is preferably 256-bit.
Asymmetric Encryption
  • The chosen algorithm is RSA.
    • The key-length is at least 2048-bit.
    • The key-length is preferably 3072-bit.
    • The key-length of 1024-bit is never used.
  • The Key Agreement is always based on Diffie-Hellman Key Exchange

Implementation Policy

Data in Transit
  • IPSec is used when ever possible.
  • IPv6 is used when ever possible.
  • If TLS is used, it is always version 1.2.
  • If SSH is used, it is always version 2
  • SSL (any version) is never used.
Data at Rest

Every option selected for encryption of data at rest...
  • is currently maintained by the developer.
  • has undergone extensive penetration testing.
  • is publically know for its security and is commonly used.
  • can use modern day Encryption and Hashing techniques.

Traveling Policy

The Wassenaar Arrangement is an international arrangement between a set of countries to control the use and export of dual-use goods and technology (Wikipedia & Wassenaar).  Encryption is considered a technological dual use good. Therefore, it might be prohibited for people to use certain encryption technologies (or strengths) in countries that may be considered as non-friendly or even hostile. This might mean you cannot take an encrypted phone or laptop with you when traveling. 

There is also a chance that when traveling a person must give away his or her encryption keys when arriving at the customs of the destination country. Many countries have these laws to check for data on the device that potentially violate the country's laws. And when the device is holding critical business data, it's security (and secrecy) might be violated.

When traveling...
  • the encryption technologies that are used in hardware and software that is taken by the traveler are checked for legality of export by the legal department.
  • the devices that are taken do not ever have sensitive data stored locally.
  • sensitive data is always collected through a VPN tunnel secured with proper encryption from the organisation's servers when the person has arrived at its destination.

End-word

That's about it about the subject of encryption, hashing and its policies. If you feel that something is wrong or should otherwise be adjusted or enhanced, please feel free to comment below. If you have any questions or whatsoever, please feel free to comment also.

Thank you for your time to read my blog-series about the Guidelines for an Encryption and Hashing Policy.

--
This post has the tag: update, meaning it will be updated when new information becomes available and/or relevant.