|
ground floor security posting
|
# ¿ Dec 26, 2018 23:39 |
|
|
# ¿ May 9, 2024 00:34 |
|
Pile Of Garbage posted:i don't see how i'm an idiot for calling poo poo what it is: poo poo. upnp is straight garbage, i accept that it has been adopted and exists and that the majority of problems are due to lovely implementation but that aside it's dumb trash! lol take a look at this guy
|
# ¿ Jan 4, 2019 18:06 |
|
Raere posted:Say you're designing an authentication backend (I'm not) and are storing passwords as salted hashes. Where do you store the salts, if properly designed? if not using a library that automatically embeds the salt with the hash, you put it alongside the hash value -- salts to do not need to be secret.
|
# ¿ Jan 13, 2019 06:05 |
|
it seems that if the upgrade can't be verified with the built-in key, vlc downloads a new key from their server over http lol
|
# ¿ Jan 19, 2019 19:55 |
|
Rufus Ping posted:i think it then checks this key is signed by a hardcoded one. this makes sense (ish) because it allows the signing key to be rotated without locking old exe's out of the auto update mechanism yeah it's very possible i don't have the whole story, i am repeating what i heard
|
# ¿ Jan 20, 2019 02:08 |
|
|
# ¿ May 9, 2024 00:34 |
|
otoh, if the box can unlock its own encryption on boot, so can an attacker
|
# ¿ Feb 26, 2019 20:49 |