Collaborate Disseminate
According to PAN-OS documentation for "Traceability and Control of Post-Quantum Cryptography",
Traffic encrypted by PQC [post-quantum computing] or hybrid PQC algorithms cannot be decrypted yet, making these algorithms vulnerabl… Continue reading How can you protect against a man-in-the-middle forging a TLS Client Hello that offers insecure algorithms?
I’m using a Flipper Zero which and I want to decode my unlock signal which is rolling. The FCC ID of the keyfob is N5F-A05TAA. I had calculated independently and later confirmed that the keyfob transmits on 313.85 mhz. How do I demodulate … Continue reading What is the modulation used in a Honda Civic keyfob? And how can you find this out?
I’m using Rust to create a program to attempt a timing attack on a network resource (a printer I lost a password to). I’m wired directly into it. What Linux environmental constraints can I optimize to minimize noise and variability?
Curren… Continue reading What optimization can be made for nanosecond IO and CPU stability when performing a timing attack?
According to the JellyFin documentation
Podman doesn’t require root access to run containers, although there are some details to be mindful of; see the relevant documentation. For security, the Jellyfin container should be run using rootl… Continue reading Why is it safer to run as non-root inside a single-user container that is deployed with rootless podman?
Eleptial Curve is now included in PGP. However when I run gpg2 –full-gen-key, I get
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing… Continue reading Why is ECC (Eliptical Curve) an `–expert` feature in PGP?
I’m using OpenSSH 8.9p1. I’m trying to connect to a git via SSH, and I’m getting
no matching host key type found. Their offer: ssh-rsa
I was able to fix the problem by adding the following to my ~/.ssh/config
Host git.host.net
Use… Continue reading Configuration option PubkeyAcceptedKeyTypes vs PubkeyAcceptedAlgorithms?
OAuth 2 supported a flow called the Implicit Flow where the authorization server on response just provided the access token directly to the browser without requiring a back-channel communication from the client to the authorization server…. Continue reading In OAuth 2.1, can the Access Token and Authorization Code be the same?
I’m evaluating running Chromium without native sandboxing in a rootless container. A few points:
You can containerize Chrome using rootless containers with something like podman. This will utilize kernel user-namespaces to isolate the Chr… Continue reading What are the potential vulnerabilities with containerized rootless Chrome and –no-sandbox?
I had a request by some people in the Linux Users Group to show off metasploit. This is a product I’ve used, but I’m by no means an expert on.
Is there anything like an open source repository of images I can run in a virtual machine or the… Continue reading Where to get images with vulnerabilities to test penetration tooling? [closed]
Before posting this question about ed25519, I learned that there are two formats for storing a private ed25519 key,
PKCS#8
OpenSSH Format
Why did OpenSSH create its own format rather than use PKCS#8? Please include any relevant citations… Continue reading Why did OpenSSH create its own key format, and not use PKCS#8?