| Blog | https://www.eiken.dev |
| Bluesky | https://bsky.app/profile/eikendev.bsky.social |
| GitHub | https://github.com/eikendev |
| Pronouns | he/him |
Cloudflare now supports security.txt! It's off by default, but this should really help adoption. This is a very good thing.
HT @troyhunt, who posted this to X but not here.
I posted some notes on API keys. Bearer API keys, JWTs as API keys (š¤®), and signature based API keys. Considerations around storing hashed vs plaintext API keys, using unique key prefixes, and how we can make signature-based API keys more common.
What is an API key? An API key is a mechanism used to authenticate two pieces of software for programmatic access. Contrast this with a username and password, which is typically used for a user like you or I to authenticate with a website so that we can navigate around and use the site. An API key is meant to be a way for a programmer or other advanced user to automatically interact with the system.
On some level I think people become stronger engineers by running their own databases for a time. Pulling back the cover and seeing the hidden complexity can breed an understanding that serves folks well.
Obviously not a requirement--but something to consider.
I started working on a modern #cryptography tutorial as a single Python file, for some reason. It all got a bit out of hand. Itās not finished, so probably just gets you to the point of blowing your foot off. Err... enjoy?
https://gist.github.com/NeilMadden/985711ded95ab4b2235faac69af45f30
A couple notes about the Infineon timing side channel affecting most YubiKeys.
1. yubikey-agent is unaffected in the evil maid threat model as the attacker needs physical access *and PIN*
2. lol, Infineon
3. Go mitigates timing side-channels in ECDSA nonce inversion by not being clever and just using Fermat's little theorem, which is as simple as a constant time exponentiation by p - 2 (which can be optimized with @mbmcloughlin's addchain)
https://ninjalab.io/eucleak/
https://www.yubico.com/support/security-advisories/ysa-2024-03/
Download the Writeup Illustration Romain Flamand ā Flamingo Studio ā [email protected] Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure [ā¦]
Founder Mode is essentially āItās easier for me to make every decision than hire competent people I can trust, set up the right incentive structure and then hold them accountableā.
Itās a way to cope with not having certain leadership skills which is OK if that gap exists.
Regex isn't hard enough, so I present you with a crossword where all hints are regular expressions!
I confess at first it looked like the hints don't contain enough information to solve the puzzle but after some slow but steady progress I can confirm that they do š¤£
The original puzzle is from https://puzzles.mit.edu/2013/coinheist.com/rubik/a_regular_crossword/
I shared this on my blog: https://mathspp.com/blog/problems/regex-crossword
The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.
Adam Katz
dade
Corey Quinn
Neil Madden
Filippo Valsorda
amos
Dare Obasanjo
Rodrigo šš
BleepingComputer