Erik van Straten<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@apicultor" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>apicultor</span></a></span> boasted in <a href="https://hachyderm.io/@apicultor/114518285382834735" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hachyderm.io/@apicultor/114518</span><span class="invisible">285382834735</span></a>:</p><p>"As someone with industry credentials in privacy regulation and compliance, I am telling you that you're talking out of your ass on these points."</p><p>And in the toot above you wrote:</p><p>"The key signs a nonce. If nonces are predictable then you have bigger problems. If they are not, there can be no replay."</p><p>Apicultor <-> Mallory <-> Erik</p><p>Suppose you (Apicultor) sends me a nonce which Mallory forwards to me. I then sign that nonce and return it, and Mallory forwards the signed nonce to you.</p><p>You will not be able to destinguish Mallory from me.</p><p>That situation changes if I include Mallory's domain name, and preferably a timestamp plus the reason for authentication (which was told to me by Mallory - and may be a lie).</p><p>However, misissued certificates will still wreak havoc.</p><p>Fix: instead of the domain name, I could include (a cryptograhic hash of) the certificate that Mallory sent to my browser. Unfortunately that will fail in the case of TLS inspection, such as conducted by some EDR solutions.</p><p>Anyway, with all your "industry credentials in privacy regulation and compliance", you mentioned none of the above in:</p><p>"The key signs a nonce. If nonces are predictable then you have bigger problems. If they are not, there can be no replay."</p><p>Last but not least, even with the solutions I proposed, the reliability depends on whether the RP (here "Apicultor") correctly validates that all signed data is as expected (I'm not holding my breath here).</p><p>Reliable authentication mandates that the verifying party is trustworthy. The absolute minimum a user needs to know is who the verifying party is and how reliable that information is.</p><p>Muting you now (don't bother to respond), blocking you in a couple of hours.</p><p><span class="h-card" translate="no"><a href="https://noc.social/@hlindqvist" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hlindqvist</span></a></span> </p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/NoSolutions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoSolutions</span></a> <a href="https://infosec.exchange/tags/Nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nonce</span></a> <a href="https://infosec.exchange/tags/SignedNonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SignedNonce</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
217active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#nonce
0 posts · 0 participants · 0 posts today
Felix Palmen :freebsd: :c64:<p>There's a lot that could still be improved in <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a>, but I don't get that "proof of work" idea out of my mind, so I started a branch to work on it:</p><p><a href="https://github.com/Zirias/swad/pull/1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zirias/swad/pull/1</span><span class="invisible"></span></a></p><p>I really think it makes sense when you want some publicly known "guest login" which is still protected against <a href="https://mastodon.bsd.cafe/tags/bots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bots</span></a>. Not sure yet whether this will succeed, we will see!</p><p>It certainly won't be as "fancy" as <a href="https://mastodon.bsd.cafe/tags/anubis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>anubis</span></a>, but do the same thing functionally: Require the client to find a <a href="https://mastodon.bsd.cafe/tags/nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nonce</span></a> that, combined with a server-provided <a href="https://mastodon.bsd.cafe/tags/challenge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>challenge</span></a>, hashes to something with 'n' leading zeros using <a href="https://mastodon.bsd.cafe/tags/sha256" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sha256</span></a>. In contrast to anubis, swad won't have to proxy everything (but rely on nginx' auth_request), and no challenge will be issued when the user logs in with credentials some *other* credentials checker accepts.</p>
Lazarou Monkey Terror 🚀💙🌈<p>Raping sex trafficked teenage girls will do that to ones reputation.</p><p>Seems to be a big day for sexual predators getting bad news :catjam: </p><p><a href="https://news.sky.com/story/prince-andrews-reputation-irrecoverable-after-newsnight-interview-says-royal-aide-13341839" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.sky.com/story/prince-andr</span><span class="invisible">ews-reputation-irrecoverable-after-newsnight-interview-says-royal-aide-13341839</span></a></p><p><a href="https://mastodon.social/tags/PrinceAndrew" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrinceAndrew</span></a> <a href="https://mastodon.social/tags/Nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nonce</span></a> <a href="https://mastodon.social/tags/Misogyny" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Misogyny</span></a> <a href="https://mastodon.social/tags/Patriarchy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Patriarchy</span></a> <a href="https://mastodon.social/tags/Predators" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Predators</span></a> <a href="https://mastodon.social/tags/Epstein" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Epstein</span></a> <a href="https://mastodon.social/tags/AbolishTheMonarchy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AbolishTheMonarchy</span></a></p>
Estelle Platini<p><a href="https://techhub.social/tags/nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nonce</span></a> is two separate nouns:</p><p>Nonce (1) means: The one or single occasion; the present reason or purpose.<br>(Etymology 1 is inherited from Middle English nonse, nones.)</p><p>Nonce (2, in Britain and Ireland) means: A sex offender, especially one who perpetrates against children.<br>(Etymology 2 is dated 1975, in British criminal slang.) French equivalent: <a href="https://techhub.social/tags/pointeur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pointeur</span></a></p><p>More: <a href="https://en.wiktionary.org/wiki/nonce" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">en.wiktionary.org/wiki/nonce</span><span class="invisible"></span></a></p><p><a href="https://techhub.social/tags/homonyms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homonyms</span></a> <a href="https://techhub.social/tags/incel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incel</span></a> <a href="https://techhub.social/tags/masculinism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>masculinism</span></a> <a href="https://techhub.social/tags/reputation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reputation</span></a> <a href="https://techhub.social/tags/fragility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fragility</span></a> <a href="https://techhub.social/tags/maleFragility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>maleFragility</span></a> <a href="https://techhub.social/tags/manliness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>manliness</span></a> <a href="https://techhub.social/tags/masculinity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>masculinity</span></a> <a href="https://techhub.social/tags/virility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virility</span></a> <a href="https://techhub.social/tags/homophobia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homophobia</span></a> <a href="https://techhub.social/tags/teenagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>teenagers</span></a> <a href="https://techhub.social/tags/prison" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>prison</span></a> <a href="https://techhub.social/tags/maleViolence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>maleViolence</span></a> <a href="https://techhub.social/tags/badBoy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>badBoy</span></a> <a href="https://techhub.social/tags/boys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boys</span></a> <a href="https://techhub.social/tags/gender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gender</span></a> <a href="https://techhub.social/tags/etymology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>etymology</span></a> <a href="https://techhub.social/tags/slang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>slang</span></a> <a href="https://techhub.social/tags/linguistics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linguistics</span></a> <a href="https://techhub.social/tags/English" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>English</span></a> <a href="https://techhub.social/tags/Adolescence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Adolescence</span></a> <a href="https://techhub.social/tags/Netflix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Netflix</span></a> <a href="https://techhub.social/tags/crime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crime</span></a> <a href="https://techhub.social/tags/criminality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>criminality</span></a></p>
Lazarou Monkey Terror 🚀💙🌈<p>Not even trying to hide what they are, they think they can get away with it.</p><p>Maybe the real Trump Derangement Syndrome it's nonces like this thinking they can 'grab the pussy'</p><p><a href="https://www.cbsnews.com/minnesota/news/minnesota-sen-justin-eichorn-arrested-bloomington-prostitution-sting/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cbsnews.com/minnesota/news/min</span><span class="invisible">nesota-sen-justin-eichorn-arrested-bloomington-prostitution-sting/</span></a></p><p><a href="https://mastodon.social/tags/TrumpDerangementSyndrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrumpDerangementSyndrome</span></a> <a href="https://mastodon.social/tags/USpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USpol</span></a> <a href="https://mastodon.social/tags/Nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nonce</span></a> <a href="https://mastodon.social/tags/Minnesota" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Minnesota</span></a> <a href="https://mastodon.social/tags/JustinEichorn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JustinEichorn</span></a> <a href="https://mastodon.social/tags/GOP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GOP</span></a> <a href="https://mastodon.social/tags/Misogyny" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Misogyny</span></a> <a href="https://mastodon.social/tags/Patriarchy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Patriarchy</span></a></p>
Lazarou Monkey Terror 🚀💙🌈<p><span class="h-card" translate="no"><a href="https://mastodon.social/@BNONews" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BNONews</span></a></span> lol, fuckinh 'ell....</p><p><a href="https://mastodon.social/tags/USPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USPol</span></a> <a href="https://mastodon.social/tags/Nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nonce</span></a> <a href="https://mastodon.social/tags/TrumpDerangementSyndrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrumpDerangementSyndrome</span></a></p>
d0rk ✅<p>Never saw that before (until now) and I thought it was a somewhat funny oxymoron:</p><p>A <a href="https://mastodon.social/tags/nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nonce</span></a> claim in a <a href="https://mastodon.social/tags/JWT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JWT</span></a></p><p><a href="https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims#public-claims" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">auth0.com/docs/secure/tokens/j</span><span class="invisible">son-web-tokens/json-web-token-claims#public-claims</span></a></p>
Tarnkappe.info<p>📬 Dark Skippy: Angriff kapert Hardware-Wallet-Schlüssel<br><a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSicherheit</span></a> <a href="https://social.tchncs.de/tags/Krypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Krypto</span></a> <a href="https://social.tchncs.de/tags/Blockchain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blockchain</span></a> <a href="https://social.tchncs.de/tags/DarkSkippy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DarkSkippy</span></a> <a href="https://social.tchncs.de/tags/HardwareWallet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HardwareWallet</span></a> <a href="https://social.tchncs.de/tags/Nonce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nonce</span></a> <a href="https://social.tchncs.de/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateKey</span></a> <a href="https://social.tchncs.de/tags/SeedPhrase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SeedPhrase</span></a> <a href="https://sc.tarnkappe.info/1161e0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/1161e0</span><span class="invisible"></span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload