Common Encryption Pitfalls

Part 3 - Rethinking AccessURL Security Design

This is the last part of a three part blog series about AccessURL – Password Security and Cookies Security issues with AccessURL original implementation Solving all the issues by simple design change In the previous post we saw a few security issues in the way AceessURL generates the passphrase and the id for the share […]

Common Encryption Pitfalls

Part 2 - Security Issues Found

This is the second part of a three part blog series about AccessURL – Password Security and Cookies Security issues with AccessURL original implementation Solving all the issues by simple design change Security issues found After using AccessURL browser extension I found a few issues which allowed me to get almost any credentials. To have […]

Common Encryption Pitfalls

When Using AES256 Is Not Enough - Part 1

I recently came across AcessURL. AccessURL is an online service which offers an easy way to allow access to online accounts without sharing the account password. Unfortunately, their initial implementation had some security issues. In this post, I will describe and suggest how to fix these issues. It is important to say that AcessURL since […]