I hereby claim:
- I am spaze on github.
- I am spaze (https://keybase.io/spaze) on keybase.
- I have a public key whose fingerprint is 4BD4 C403 AF2F 9FCC B151 FE61 B64B DD6E 464A B529
To claim this, I am signing this object:
Michal Špaček spaze
🔒
spaze
/ keybase.md
Created
July 13, 2014 00:17
spaze
/ CheckLength.php
Last active
August 29, 2015 14:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Check if the file is over given size. | |
| * | |
| * Use Content-Length header or partially download a file to see if it is bigger than specified size. | |
| * Downloads up to the $limit bytes but not more. | |
| * | |
| * Enjoy. | |
| */ | |
| class CheckLength |
spaze
/ rbcz-email-injection.msg
Last active
August 29, 2015 14:18
rb.cz email injection (working until new website got deployed 2015-04-02, vulnerable since 2011 at least, reported at least in 2013, 2014)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Received: (qmail 23343 invoked by uid 1013); 31 Oct 2013 16:45:31 -0000 | |
| Received: from no-reply@rb.cz by smtp by uid 0 with qmail-scanner-1.22 | |
| ( Clear:RC:0(62.168.6.253):. | |
| Processed in 0.011431 secs); 31 Oct 2013 16:45:31 -0000 | |
| Received: from smtp2.rb.cz (62.168.6.253) | |
| by smtp.example.com with SMTP; 31 Oct 2013 16:45:31 -0000 | |
| Received: from sv72-wwwjbo2-al-02 (unknown [172.18.8.181]) | |
| by smtp2.rb.cz (Postfix) with ESMTP id 2AF4D18038D | |
| for <spam@example.com>; Thu, 31 Oct 2013 17:45:31 +0100 (CET) | |
| From: no-reply@rb.cz |
spaze
/ cetelem.json
Created
June 28, 2015 21:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"host":"https://www.cetelem.cz/","port":443,"protocol":"HTTP","isPublic": | |
| false,"status":"READY","startTime":1434634996112,"testTime": | |
| 1434635164451,"engineVersion":"1.18.1","criteriaVersion":"2009j", | |
| "endpoints":[{"ipAddress":"193.86.17.252","serverName":"www.cetelem.cz", | |
| "statusMessage":"Ready","grade":"F","gradeTrustIgnored":"F", | |
| "hasWarnings":false,"isExceptional":false,"progress":100,"duration": | |
| 150647,"eta":2,"delegation":2,"details":{"hostStartTime": | |
| 1434634996112,"key":{"size":2048,"alg":"RSA","debianFlaw":false, | |
| "strength":2048},"cert":{"subject": | |
| "CN\u003dwww.cetelem.cz,OU\u003dMember, VeriSign Trust Network,OU\u003dAuthenticated by VeriSign,OU\u003dTerms of use at www.verisign.ch/rpa (c)05,OU\u003dCetelem,O\u003dCETELEM CR, a.s.,L\u003dPraha 5,ST\u003dPraha 5,C\u003dCZ,2.5.4.5\u003d#13083235303835363839,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3\u003d#1302435a", |
spaze
/ sktorrentanalysis.txt
Created
February 23, 2016 16:18
Password analysis of SkTorrent.eu dump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Basic Results | |
| Total entries = 118566 | |
| Total unique entries = 98397 | |
| Top 10 passwords | |
| FuckYou = 864 (0.73%) | |
| 123456 = 739 (0.62%) | |
| 123456789 = 677 (0.57%) | |
| NULL = 175 (0.15%) |
spaze
/ xzoneczanalysis.txt
Created
October 26, 2016 19:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Basic Results | |
| Total entries = 26502 | |
| Total unique entries = 25475 | |
| Top 10 passwords | |
| Tomáš = 11 (0.04%) | |
| Destiny251984 = 9 (0.03%) | |
| pchry = 8 (0.03%) | |
| Janusek = 7 (0.03%) |
spaze
/ result.txt
Last active
July 21, 2017 12:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id select_type table partitions type possible_keys key key_len ref rows filtered Extra | |
| 1 SIMPLE foo ref code code 34 const 1 100.00 Using index | |
| id select_type table partitions type possible_keys key key_len ref rows filtered Extra | |
| 1 SIMPLE foo index code code 34 12 10.00 "Using where; Using index" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 662538: URL_REQUEST | |
| http://www.michalspacek.cz/ | |
| Start Time: 2018-03-09 00:52:52.274 | |
| t=10702 [st= 0] +REQUEST_ALIVE [dt=76] | |
| --> priority = "HIGHEST" | |
| --> url = "http://www.michalspacek.cz/" | |
| t=10702 [st= 0] URL_REQUEST_DELEGATE [dt=1] | |
| t=10703 [st= 1] +URL_REQUEST_START_JOB [dt=0] | |
| --> load_flags = 37122 (BYPASS_CACHE | MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VERIFY_EV_CERT) |
spaze
/ ssls-letsencrypt.md
Last active
March 15, 2018 21:57
Otevřená odpověd ssls.cz na e-mail s předmětem "Upozornění: Zabezpečení domény"
Provozovatelé ssls.cz poslali e-mail zákazníkům, kteří od nich dříve kupovali certifikáty, ale přešli na certifikáty od Let's Encrypt. Ukázku toho e-mailu najdete na https://twitter.com/parisek/status/802847950863011840, podobná srovnávací tabulka je i na https://www.ssls.cz/lets-encrypt.html. Napsal jsem ssls.cz otevřenou odpověď, kterou najdete v nezměněné podobě níže. (Opravil jsem jen překlepy a chybějící interpunkční znaménka, díky za jejich nahlášení.)
Dobrý den,
(tuto odpověď píšu jako otevřený dopis, publikoval jsem ji také na https://gist.github.com/spaze/e081b948b8cd7d06dddbe9e6fa65c5ac)
díky za e-mail, jsem Vaším bývalým zákazníkem a podobným textem, který obsahuje zavádějící i nepravdivé informace, si mě nezískáte zpět. Pro mě
spaze
/ pbkdf2-symfony-polyfill.php
Last active
October 12, 2018 20:27
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow, DO NOT USE, use hash_pbkdf2 available in PHP 5.5+ if you must use PBKDF2 but just use password_hash) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) | |
| { | |
| // Number of blocks needed to create the derived key | |
| $blocks = ceil($length / strlen(hash($algorithm, null, true))); | |
| $digest = ''; | |
| for ($i = 1; $i <= $blocks; $i++) { | |
| $ib = $block = hash_hmac($algorithm, $salt . pack('N', $i), $password, true); | |
| // Iterations | |
| for ($j = 1; $j < $iterations; $j++) { |
OlderNewer