Safety from Pixelscan detector on Gologin [closed]
How can I keep my proxy from being detected by Pixelscan on Gologin?
Continue reading Safety from Pixelscan detector on Gologin [closed]
Author Archives: Eddie
Where does the "random" value come from in the TLS 1.3 Hello Request Retry? [closed]
I did a passive TLS capture as I was browsing around the web arbitrarily, and noticed all the Hello Retry Requests in my capture included this value in the Server Random field:
cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a833… Continue reading Where does the "random" value come from in the TLS 1.3 Hello Request Retry? [closed]
TLS 1.3 – GREASE – What if Middleboxes are updated to simply ignore GREASE values? Doesn’t the problem GREASE is trying to fix still exist?
Various ambiguous "middleboxes" exist at arbitrary points throughout the Internet between a Client and Server’s TLS connection.
A possible intent of these middleboxes is to enforce protocol standards, which sounds great in theory… Continue reading TLS 1.3 – GREASE – What if Middleboxes are updated to simply ignore GREASE values? Doesn’t the problem GREASE is trying to fix still exist?
Why is there an ASN1 OID and a NIST CURVE reference for the same curve?
$ openssl ecparam -in param-ec.pem -text -noout
ASN1 OID: secp384r1
NIST CURVE: P-384
The file param-ec.pem indicates the curve is P-384, also known as secp384r1.
In the same way:
secp521r1 = P-521 and secp256k1 = P-256 prime256v1 = … Continue reading Why is there an ASN1 OID and a NIST CURVE reference for the same curve?
What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?
CAA, or Certificate Authority Authorization, provides a way to designate which CAs are allowed to create a Certificate for specific domains. This is done accomplished by publishing new caa DNS records, with three directives: issue issuewi… Continue reading What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?
Are there any TLS Extensions that a server can *require* the client send?
This question is a bit of a follow on to this Q&A:
TLS 1.2 Handshake: Does the server have to take all extensions sent by the Client?
If the client sends an Extension that the server does not recognize, the server can simply ignore it … Continue reading Are there any TLS Extensions that a server can *require* the client send?
Why is the x509 standard for certificates called "x509"? What is meaning behind "x" and/or "509"?
X509 is the name of the standard which defines Public Key Infrastructure and the format of SSL/TLS Certificates. My question is: What does x509 mean?
What MAC did SSLv3.0 use? How did it compare to HMAC in TLS 1.0 and above? [migrated]
According to Wikipedia:
TLS has a variety of security measures:
Using a message digest enhanced with a key (so only a key-holder can
check the MAC). The HMAC construction used by most TLS cipher suites
is specified in RFC 2104 (SSL 3.0 us… Continue reading What MAC did SSLv3.0 use? How did it compare to HMAC in TLS 1.0 and above? [migrated]
How does IPsec turn KEYMAT into Encryption and Authentication Keys?
IPsec is a framework protocol that consists of the sub-protocols ESP and AH. IPsec, inately, doesn’t include a Key Exchange mechanism, and is therefore dependent on manually setting Keys (archaic), or using IKEv1 or IKEv2 to securely esta… Continue reading How does IPsec turn KEYMAT into Encryption and Authentication Keys?