@jedisct1 http://download.pureftpd.org/misc/class.cache_cookie.inc.php …
Hey, do you see the security weakness in this class? :)
-
-
Replying to @uir8br0
@voodooKobra@jedisct1 I'm curious, and that's really hard to read clearly on mobile - what's the issue?3 replies 0 retweets 0 likes -
Replying to @adamcaudill
@adamcaudill@jedisct1 https://github.com/sarciszewski/wicked-old/commit/15fd6f96637aed38f4fcbd1415963275c9c046bd … Something like this resolves it. It's code he wrote like 4 years ago :P1 reply 0 retweets 0 likes -
Replying to @uir8br0
@voodooKobra@jedisct1 As it's a PRF with partially unknown input, would it actually enable a faster than brute force attack?2 replies 0 retweets 0 likes -
Replying to @adamcaudill
@adamcaudill@jedisct1 Oh, I think there's still a length extension attack. (MD5, too.) But meh.1 reply 0 retweets 0 likes -
Replying to @uir8br0
@adamcaudill@jedisct1 I don't know if the LE attacks apply to HMAC3 replies 0 retweets 0 likes
@voodooKobra @adamcaudill And HMAC is not vulnerable to LE
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.