Collaborate Disseminate
My understanding
TCP SYN Cookie mitigates SYN Flood attack by allowing all information to be stored in the cookie itself and not storing anything on the server.
TCP SYN Cookie is implemented as the Initial Sequence Number returned by the … Continue reading What’s the point of including time t in the hashed part of tcp SYN cookie?
I am confused about the TLS handshake process in TLS 1.2 and TLS 1.3.
When configuring Nginx with SSL enabled, does the ssl_certificate_key play a role in the TLS handshake itself, or is it only used for server identity verification?
I hav… Continue reading (nginx) ssl_certificate_key in Handshake of TLS 1.2 and 1.3
While analyzing the handshake process in TLS 1.3 and comparing it to TLS 1.2, I began to wonder if the simplified handshake structure in TLS 1.3 introduces new vulnerabilities. This concern is particularly relevant in scenarios involving S… Continue reading Does the Simplified Handshake in TLS 1.3 Increase Susceptibility to SSL/TLS Flood Attacks?
In the TLS handshake, I noticed that key messages like ClientHello and ServerHello aren’t piggybacked onto ACK packets and are instead sent as separate packets. From a networking perspective, this seems inefficient because there could be … Continue reading Why in this TLS handshake, the ClientHello,ServerHello, etc are not Piggybacked in the ACKs packets? [closed]
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello.supported_versions=0304, but ciphersuite select… Continue reading server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello.supported_versions=0304, but ciphersuite select… Continue reading server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK’s established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, psk_key_exchange_modes
Q1)If server sends a Hel… Continue reading In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
Why is step 4 needed? What does it protect in terms of security? Doesn’t the protection arrives from the last step so when Va and Vb (so called TK, Temporary Keys) are compared?
Other thing: I read somewhere that Cb is sent immediately an… Continue reading Why is the "intermediate" challenge needed in Bluetooth ECDH since the "real" verification is performed at the end with code comparison?
I have a peripheral to which I am trying to connect over BLE. I do not have access to the internals of the peripheral, though I do know it is using a TI CC2540 chip for its BLE implementation (not sure if that matters.) I am having trouble… Continue reading What Kind of BLE Connection Handshake is This?
I’ve been trying to crack wifi wpa2 handshake using airodump-ng and aireplay-ng.
I’m using alfa awus-036acs adapter.
sudo airodump-ng wlan0
sudo airodump-ng –bssid MAC ADDR of AP –channel 1 -w capture wlan0
and (tried both)
sudo airep… Continue reading aireplay-ng –deauth never finds BSSID available