Amazon could use public key encryption to verify the signature here - that way AWS doesn’t need a copy of the private key to verify the contents. Why would they use HMAC instead? https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html …
-
-
I know you know this, but password hashing is also a thing, you don't need to use asymmetric cryptography to protect against server compromise :) PKEY tends to discern itself when you want to use cards, Yubikeys, enclaves and offline signing.
-
Sure though hashing only is effective because it’s expensive right? You don’t want to do eg a 100ms bcrypt hash on every operation
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
...