(2/x) * Using 3DES for no reason * To calculate the HMAC key you need data from *inside* the payload * Their XML namespace isn't a real URL
(1/x) Spain's largest online card processor: * XML inside XML * Signing XML as text: cannot use a real XML parser or the signature breaks
-
-
-
(3/x) * Signing key is pre-diversified in a dumb way for no reason, reducing entropy * CBC mode with all-0 IV
- Show replies
New conversation -
-
-
Yes, slow but reliable. Almost.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Some of Spain's payment gateways are so awful... https://comercios.ceca.es/docs_constpv/img/manual_comercios.pdf …. Form with public signature + signed data except an 8-digit key :)
- End of conversation
New conversation -
-
-
Hey, the interns that designed it just learned all that stuff last year. Be kind.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Looks like my first XML parser!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.