- JSON -> Content-Security-Policy header compiler for Apache and nginx configurations
diff --git a/tmp/phr_471Znr/vendor/autoload.php b/tmp/phr_6bTGzo/vendor/autoload.php | |
index 46c0c70..65ab5cb 100644 | |
--- a/tmp/phr_471Znr/vendor/autoload.php | |
+++ b/tmp/phr_6bTGzo/vendor/autoload.php | |
@@ -4,4 +4,4 @@ | |
require_once __DIR__ . '/composer' . '/autoload_real.php'; | |
-return ComposerAutoloaderInit0d991f5b8a84042e16cf24b4b1b48953::getLoader(); | |
+return ComposerAutoloaderInit6ccd5a50ed5df4dc5993d5b375e26928::getLoader(); |
<?php | |
namespace Cryptography; | |
class Asymmetric | |
{ | |
// Let's not let users hang themselves; if we need more padding options let's add them later | |
const PAD_DEFAULT = 0; | |
const DRIVER_OPENSSL = 'openssl'; | |
const DRIVER_SODIUM = 'libsodium'; |
This is just a collection of thoughts and feelings about the technology industry and guidelines I feel should be upheld.
If a minimum wage employee cannot reasonably afford to attend an event (e.g. saving $300 for DEFCON is probably the upper limit), original research should NOT be presented at that event.
Presenting cutting-edge ideas to the wealthy only serves to insulate the fat cats from the disruptions of the poor. There are plenty of other researchers that hunger for career progression that will serve the whims and aims of the upper class that can afford to drop several thousand dollars on a technology conference.
This is my formal response to variations of the question, Why do you always link to paragonie.com in your technical discussions? which some people have asked (or implied while accusing me of being up to no good).
The short answer is because I always try link to the most relevant answer I can provide to a specific technical question, and the most relevant way to introduce a point I'm about to make is usually a blog post that I've already written.
But more importantly, I stand by everything written on that website. If a blog post doesn't line up with my current understanding of security engineering, cryptography, and the art/science of web development in PHP, I'll go back and change the post to keep it in line with new information.
Many of the blog points explain, in significant detail, a technical matter that I don't feel like reiterating every time someone is about to make the same mistake that the community has already learned from.
Typically, when someone makes this accusati
Okay, let's say you have:
- A password that consists of a single unknown character repeated an unknown number of times.
- A strong password hashing algorithm that doesn't impose an upper limit on length.
How hard is your incredibly unwise passphrase for a cracker to guess?
First, you have to know which character it is. If we go with printable ASCII characters, that gives us 94 possibilities.
However, if we stretch the alphabet out to include all UTF-8 codepoints, you get 1,112,064 possible values.
scott@debian ~ $ php -dmbstring.func_overload=2 sammy_test.php | |
bool(true) | |
scott@debian ~ $ php sammy_test.php | |
bool(false) |
- February 19, 2016: Initial release.
GitHub Gist doesn't send notifications when people leave a comment, so shoot me an e-mail at admin@cryto.net. I'll gladly fix it. Fuck advertising.
Suppose I have a friend named Alice. Alice has registered to WhatsApp with a | |
Saudi number but resides in Europe. We chat over WhatsApp regularly. We are both | |
using the latest version of WhatsApp for Android (2.16.155). | |
However, Alice is unable to receive or initiate WhatsApp calls, even though she | |
is in Europe and is using European WiFi. If you can test this, I suggest you do. | |
Get a Saudi phone number, register to WhatsApp, and then fly to France and make | |
a call. You will encounter the same result even if you're on French WiFi. | |
WhatsApp claims that "the Saudis are blocking the initial handshake [for |