#publickeycryptography — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #publickeycryptography, aggregated by home.social.
-
#WorkStories:
Someone from my company needs SSH access to some special, new machines hosted by a service provider. So, how do you securely exchange SSH keys?The process that the nontechnical people came up with:
The service provider creates an #SSH key pair and sends us the private key via e-mail.
But they don't want to send over the SSH private key *unencrypted* via e-mail, that would be insecure. So someone should generate a #PGP key pair, send the public key to the service provider (via e-mail), who would encrypt the SSH private key with it and then send it via e-mail.I can't decide whether I should be rolling on the floor laughing, crying in a quiet corner of the office or banging my head against the wall.
:blobcatdizzy: :blobcatfacepalm: :blobcatgoogly:
-
New Kitten release
• Fixes redirection from sign-in page when person is already authenticated.
To learn more about how Kitten automatically implements authentication for your Small Web sites and apps using public-key cryptography (so even your own server doesn’t know your secret)¹, please see the Authentication tutorial:
https://kitten.small-web.org/tutorials/authentication/
Enjoy!
:kitten:💕
¹ The security (and privacy) of Domain/Kitten are based on a 32-byte cryptographically random secret string that only the person who owns/controls a domain knows.
This is basically a Base256-encoded ed25519 secret key where the Base256 alphabet is a set of curated emoji surrogate pairs without any special modifiers chosen mainly from the animals, plants, and food groups with some exceptions (to avoid common phobias or triggers, etc.) that we call KittenMoji.
…
When setting up a Small Web app via Domain, this key is generated in the person’s browser, on their own computer, and is never communicated to either the Domain instance or the Kitten app being installed. Instead the ed25519 public key is sent to both and signed token authentication is used when the server needs to verify the owner’s identity (e.g., before allowing access to the administration area).
The expected/encouraged behaviour is for the person to store this secret in their password manager of choice.
More: https://kitten.small-web.org/reference/#cryptographic-properties
#Kitten #SmallWeb #SmallTech #authentication #publicKeyCryptography #web #dev #NodeJS #JavaScript #HTML #CSS
-
How Google plans to make stolen session cookies worthless for attackers https://www.helpnetsecurity.com/2024/04/03/using-stolen-session-cookies/ #publickeycryptography #authentication #Don'tmiss #Hotstuff #cookies #malware #privacy #Chrome #News #MFA
-
"An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
-
"An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
-
"An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
-
"An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
-
Great example of how helpful #ChatGPT is: it just walked me through the math behind #PublicKeyCryptography. I kind of, sort of understand the math better now.
It also came up with #emacs #lisp code to show each step of the math involved, for whichever two primes are input. It seems to work fine, without any tweaking or fixing.
Don't worry - I know enough #CyberSecurity to know not to try to roll my own *anything*. This is just for showing #K12 #InfoTech students how public key crypto works.
-
why do websites rely on email they should also support making a account with #publicKeyCryptography
image boards kinda do this with trip codes, https://en.wikipedia.org/wiki/Tripcode
there are already tools for managing keys like #openkeychain for android. authentication can be done via challenge and response. anonymity can be handled with locally managed sub keys. or new unrelated keys. account recovery can be done by web of trust or make a back up account and mutually sigh your main one. -
Website for storing digital currencies hosted code with a sneaky backdoor - (credit: NoHoDamon)
A website that bills itself as providing a safer way to store Bitcoin and oth... more: https://arstechnica.com/?p=1510799 #cryptocurrencywallets #publickeycryptography #backdoors #biz&it