- JSON -> Content-Security-Policy header compiler for Apache and nginx configurations
Scott paragonie-scott
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/tmp/phr_471Znr/vendor/autoload.php b/tmp/phr_6bTGzo/vendor/autoload.php | |
| index 46c0c70..65ab5cb 100644 | |
| --- a/tmp/phr_471Znr/vendor/autoload.php | |
| +++ b/tmp/phr_6bTGzo/vendor/autoload.php | |
| @@ -4,4 +4,4 @@ | |
| require_once __DIR__ . '/composer' . '/autoload_real.php'; | |
| -return ComposerAutoloaderInit0d991f5b8a84042e16cf24b4b1b48953::getLoader(); | |
| +return ComposerAutoloaderInit6ccd5a50ed5df4dc5993d5b375e26928::getLoader(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Cryptography; | |
| class Asymmetric | |
| { | |
| // Let's not let users hang themselves; if we need more padding options let's add them later | |
| const PAD_DEFAULT = 0; | |
| const DRIVER_OPENSSL = 'openssl'; | |
| const DRIVER_SODIUM = 'libsodium'; |
paragonie-scott
/ QUEUE.md
Created
May 22, 2015 19:16
Paragon Initiative Enterprises - Open Source Projects in Development Queue
paragonie-scott
/ no-0day.md
Last active
November 18, 2015 03:41
PHP Cryptography Libraries I've Ever Reviewed Without Finding 0day
This is just a collection of thoughts and feelings about the technology industry and guidelines I feel should be upheld.
If a minimum wage employee cannot reasonably afford to attend an event (e.g. saving $300 for DEFCON is probably the upper limit), original research should NOT be presented at that event.
Presenting cutting-edge ideas to the wealthy only serves to insulate the fat cats from the disruptions of the poor. There are plenty of other researchers that hunger for career progression that will serve the whims and aims of the upper class that can afford to drop several thousand dollars on a technology conference.
paragonie-scott
/ why-self-promotional.md
Created
November 28, 2015 19:13
Why does Scott seem so self-promoting?
This is my formal response to variations of the question, Why do you always link to paragonie.com in your technical discussions? which some people have asked (or implied while accusing me of being up to no good).
The short answer is because I always try link to the most relevant answer I can provide to a specific technical question, and the most relevant way to introduce a point I'm about to make is usually a blog post that I've already written.
But more importantly, I stand by everything written on that website. If a blog post doesn't line up with my current understanding of security engineering, cryptography, and the art/science of web development in PHP, I'll go back and change the post to keep it in line with new information.
Many of the blog points explain, in significant detail, a technical matter that I don't feel like reiterating every time someone is about to make the same mistake that the community has already learned from.
Typically, when someone makes this accusati
Okay, let's say you have:
- A password that consists of a single unknown character repeated an unknown number of times.
- A strong password hashing algorithm that doesn't impose an upper limit on length.
How hard is your incredibly unwise passphrase for a cracker to guess?
First, you have to know which character it is. If we go with printable ASCII characters, that gives us 94 possibilities.
However, if we stretch the alphabet out to include all UTF-8 codepoints, you get 1,112,064 possible values.
paragonie-scott
/ run_with_mbstring_func_overload.php
Created
February 9, 2016 22:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| scott@debian ~ $ php -dmbstring.func_overload=2 sammy_test.php | |
| bool(true) | |
| scott@debian ~ $ php sammy_test.php | |
| bool(false) |
paragonie-scott
/ 1_changelog.md
Created
February 19, 2016 00:00
— forked from joepie91/1_changelog.md
Remove Wired's "ad-blocker veil"
- February 19, 2016: Initial release.
GitHub Gist doesn't send notifications when people leave a comment, so shoot me an e-mail at admin@cryto.net. I'll gladly fix it. Fuck advertising.
paragonie-scott
/ WhatsAppSaudi.txt
Created
July 13, 2016 19:10
WhatsApp Blocking Encrypted Calls to All Saudi Numbers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Suppose I have a friend named Alice. Alice has registered to WhatsApp with a | |
| Saudi number but resides in Europe. We chat over WhatsApp regularly. We are both | |
| using the latest version of WhatsApp for Android (2.16.155). | |
| However, Alice is unable to receive or initiate WhatsApp calls, even though she | |
| is in Europe and is using European WiFi. If you can test this, I suggest you do. | |
| Get a Saudi phone number, register to WhatsApp, and then fly to France and make | |
| a call. You will encounter the same result even if you're on French WiFi. | |
| WhatsApp claims that "the Saudis are blocking the initial handshake [for |
OlderNewer