jm + signing   2

Latacora - How (not) to sign a JSON object
good notes on authentication of API consumers using a HMAC. colmmacc also noted that using a constant-time comparison function of the expected and sent values, is important to avoid timing attacks. "A standard strcmp/memcmp isn't secure and I still see this error in 2019 :("
hmac  mac  authentication  crypto  security  json  apis  api  coding  signing 
26 days ago by jm
isign
Let's see how long this lasts:
Today Sauce Labs is proud to open-source isign. isign can take an iOS app that was authorized to run only on one developer’s phone, and transform it so it can run on another developer’s phone. 

This is not a hack around Apple’s security. We figured out how Apple’s code signing works and re-implemented it in Python. So now you can use our isign utility anywhere – even on Linux!
signing  apple  code-signing  pki  ios  iphone  apps 
february 2016 by jm

Copy this bookmark:



description:


tags: