@GIMP A certain behavior of GIMP annoyed me, so I decided to create an issue/feature request on improving UI/UX.
This is what I did:
I would feel better if this whole process required less interactions :/
How to explain zero-knowledge protocols to your children
BREAKING: A catastrophic breach has impacted Discord user data including selfies and identity documents uploaded as part of the app’s verification process, email addresses, phone numbers, approximately where the user lives.
🔗 https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/
Have you ever tried to use your corporate gmail as a secondary for your github account?
Is it possible to receive organization-related github notifications (Issues, PRs conversations) to the work email, but keep other notifications (e.g. open source projects) in your personal mail?
Is it possible to select an appropriate email (personal/work) when you use "login with github" feature? E.g. when I login to some service (sonarcloud) that relies on me having a corporate e-mail for authorization.
Must not contain the characters <, > or spaces.
account.docusign.com
Do I get it correctly, that you disallow < and > symbols because you display plaintext passwords on HTML pages/other XML documents without proper encoding?
Do you use plaintext passwords for filenames (surely <, > and spaces are bad options for filenames)?
What could be the reasons to prohibit these symbols?
My first GNU/Linux distro was Debian.
Somewhere before 2015-02-16, I tried to install Debian as a second OS (dual boot) in addition to Windows 7 on my personal laptop... but failed to do so, meaning that I only got Debian and couldn't run Windows or get my old files :(
It was painful to not know if I can or cannot recover my data.
So in the next few days (before 2015-02-19) I've reinstalled Debian. This time I've reformatted my disk, so that old data won't be available for sure (I've probably formatted the disk during the first installation, though).
Later I managed to install Windows 7 and set up dual boot (achievement unlocked), but with all my data lost there were no many things keeping me in Windows. So eventually I have removed Windows and was only using Debian GNU/Linux until I bought a new laptop (with no OS) and installed Arch Linux on it.
Thus, I was using Debian since I was 15 for roughly 3–4 years.
AES CBC padding oracle in Python
nixCraft 🐧
404 Media
import os
from Crypto.Cipher import AES
class PaddingOracle:
def __init__(self, key: bytes):
assert len(key) in AES.key_size
self.k = key
def encrypt(self, pt: bytes) -> bytes:
iv = os.urandom(AES.block_size)
cipher = AES.new(self.k, AES.MODE_CBC, iv)
pad = AES.block_size - len(pt) % AES.block_size
return iv + cipher.encrypt(pt + pad.to_bytes() * pad)
def has_valid_padding(self, ct: bytes) -> bool:
cipher = AES.new(self.k, AES.MODE_CBC)
padded_pt = cipher.decrypt(ct)
pad = padded_pt[-1]
return padded_pt.endswith(pad.to_bytes() * pad)
padding is PKCS#7, i.e. one of
1
2 2
3 3 3
4 4 4 4
...
16 16 16 16 16 ... 16
Crypto.Cipher module provided by PyCryptodome
Hex-encoded key to initialize padding oracle (use bytes.from_hex(): d2ecd8e525321b2f282399662257ed6e
Hex-encoded messages to break using the padding oracle (do not decrypt them directly!):
4ab43f57b05f2e735a691a3a9df542a89ba8af9c0cb95e93dab6bff923ddb8f0b0b22e1c09bb754d71d6c5469cb46d7d5755083348b1a7e98cf6ae9c9b061cbd642008982d56f67f54dc105cd180921f5b27b50df20b41c685f666a08947bef70a843aefadae9ece328108d5fc667286f9bc30c954e70681776303e085155fd47e0d3070f5fcf4af0c91f2483bdecc3feab4cba2fcd67609fbb60b3a3cf4a2e26d333f6c0c7cf651011df8e5376cc0dca14937af61260c48824edb98a7795da3d032b22edb7e5a1ca219ea4b25e200c4d827817e1ecc999e2d1ea51eb2df48d696fa6940862c7dc1041e41d2c60e8ab8UA:
Про телеграм висловилися
What they say about #telegram. #bookmark
EN:
