Collaborate Disseminate
I have a postfix mail server that accepts these cipher suites:
tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RS… Continue reading Cipher suite choice on macOS on Apple Silicon
I need to verify a MAC for something signed with HMAC-SHA512/256, however, the language I’m using (Salesforce’s Apex language) doesn’t have support for that algorithm. It does have HMAC-SHA512 and HMAC-SHA256 though – is there a way to tra… Continue reading Is it feasible to calculate an HMAC-SHA512/256 MAC from an environment that only supports HMAC-SHA512?
I am generating random OTP-style strings that serve as a short-term identifier to link two otherwise unrelated systems (which have authentication at each end). These need to be read and re-entered by users, so in order to reduce the error … Continue reading Picking a check digit algorithm
MySQL’s old mysql_native_password hashing scheme was the equivalent of this in PHP:
sha1(sha1(‘password’, true));
That’s a hex-encoded SHA-1 hash of a binary SHA-1 hash of the password, without any salting.
MySQL 8.0 introduced a two… Continue reading What’s the algorithm behind MySQL’s sha256_password hashing scheme?
SMTPS (implicit SSL) has been deprecated/obsolete since SMTP+STARTTLS (explicit SSL) was defined in RFC2487. I’m not entirely clear on the reasoning behind that, but it was clearly considered a good idea at the time.
Is there a simple allowlist-style way of disabling CBC mode cipher suites in apps that use an openssl cipher suite list? I’m hoping for something in the style of !RC4, however, !CBC has no effect, and still allows suites such as TLS_DHE_RS… Continue reading How to disable CBC-mode ciphers