Yup, confirmed: the ROCA guys deliberately obfuscated their vulnerable key test (and made it slower). This is sad.https://github.com/crocs-muni/roca/issues/39 …
That's actually not obscurity, it's real security (akin to a password), assuming no directory listing etc.
-
-
Obviously there are potential pitfalls, but the concept is secure and putting security tokens in URLs is common practice.
-
Both passwords and obscurity rely on secrecy of some sort. So where is the line drawn between the two?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.