Update README.md

fix
This commit is contained in:
Crypto Officer | officercia.eth 2023-01-24 16:43:45 +03:00 committed by GitHub
parent d01753f90e
commit c7f1165cad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -149,6 +149,8 @@ If you see suspicious password activity or failed log-ins on any of your account
[KeePass](https://keepass.info) or [Keepassx](https://keepassx.org) or [KeePassDX](https://www.keepassdx.com) or [KeePassXC](https://keepassxc.org) or [BitWarden](https://bitwarden.com) are good options. I also found [this tutorial](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093) for [integrity check](https://keepass.info/integrity.html) (and other checks) very helpful, be sure to check it out as well: [link](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093).
- [This article tells that when using BitWarden one have to audit server side cryptography primitives by himself and monitor for changes!](https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations)
**On the opposite:**
> For 2FA one can use KeePass + Yubikey as well. KeePass allows setting up TOTP to any entry in your .kdbx file. Yubikey could be used in company with KeePass to add a bit of entropy on each re-encryption when adding an entry in your db file: [Ref No.1](https://developers.yubico.com/Developer_Program/Guides/Touch_triggered_OTP.html); [Ref No.2](https://www.reddit.com/r/KeePass/comments/opx34q/keepassxc_and_yubikeys_setting_up_the); [Ref No.3](https://github.com/keepassxreboot/keepassxc/discussions/6344).
@ -252,6 +254,7 @@ Offline (better - physical) backups. Store them in a safe. Can be written on pap
- [Audio Steganography : The art of hiding secrets](https://sumit-arora.medium.com/audio-steganography-the-art-of-hiding-secrets-within-earshot-part-1-of-2-6a3bbd706e15)
- [Audio Steganography Technique for Communication Security](https://ukdiss.com/examples/implementation-design-for-audio-steganography.php)
- [How I turned a mini-PC into an Ethereum node to run at home](https://medium.com/coinmonks/how-i-turned-a-mini-pc-into-an-ethereum-node-to-run-at-home-5aebf1b6f881)
Ask yourself, what happens if my house catches on fire? What temperature is my safe rated to? Some individuals find a safety deposit box handy.
@ -402,6 +405,9 @@ Remember: You Could Be a Target! We are a natural target for all sorts of attack
That said, it doesnt really matter what industry youre in. If you have any sensitive, proprietary information at all (and lets face it, most people in crypto do), then you could very well be a target. This is a good thing to always keep in mind.
- [Threat modeling for smart contracts step-by-step guide](https://composable-security.com/blog/threat-modeling-for-smart-contracts-best-step-by-step-guide)
- [How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense](https://officercia.mirror.xyz/W-SUbkTf18b3RuPL9DykXQmpexWBZxbp4P1xfCfXo4Y)
> Anything on a mobile device uses the built in render, aka, brave uses web kit from Apple on iPhone, or blink on Android. They are just ui wrappers with some functionality built on top. I'd say Brave browser is sufficiently secure, but (original) Chromium is better because of the faster updates then on its forks (like Brave). Other tools should be treated with the same attitude. I mean, you can use Chrome both in anonymous and private ways.
> Tor just makes your life easier a little bit. There is neither no out-of-the-box security nor out-of-the-box privacy solutions… There are no bad tools either. You can use obscore privacy enhanced forks like librewolf but its a trade off as you end up being more identifiable through browser fingerprinting, whereas when you use ff/chrome you are one of millions sharing a similar fingerprint.