* Posts by pruby

3 publicly visible posts • joined 16 Dec 2014

TLS isn't up to the job without better credential protection, says RFC

pruby

Mutual Auth

If we're going to standardise anything, it should be a mutual password authentication mechanism - that is, the client and server must both prove they know the underlying password, without revealing it. There's a mechanism like that in section 4.3 of the TCPCrypt paper:

http://www.tcpcrypt.org/tcpcrypt.pdf

The risk with mutual auth is always that the server leaks something that can be used to brute force the password. Not sure how that mechanism stacks up, but would certainly be safe for strong passwords as the hash functions could easily be specified as a proper password hash like Argon2.

If MR ROBOT was realistic, he’d be in an Iron Maiden t-shirt and SMELL of WEE

pruby

Re: I love the the access controls in movies

Actually, while still insane, this isn't quite as implausible as you might think. For fire regulations, locked doors are often required to "fail open".

Hackable intercom lets you SPY on fellow apartment-dwellers

pruby

Re: at a guess ...

He didn't hack his own apartment unit as he didn't technically own it. He bought the same model off ebay and attacked that. Same as the other talk on hardware at the conference - anyone with a reputation has to be pretty careful here.