Fucking awesome. The 'encryption backdoor law' in Australia went through!

Now, whenever served with such warrants, companies which are active in Australia will have to pay hefty fines if they don't give encrypted messages to law enforcement in readable form. No matter whether this means just decrypting it with the keys they have or pushing backdoors/inject code into the messaging apps/services in order to extract the contents.

Now let's see how much the big companies really care about their users! (I'd expect them to pull out of Australia but the chance that this'll happen is as tiny as about nothing)

What's wrong with WannaCry? All it does is secure you're system by encrypting your files for you.

Encryption

Another attempt at trying to get support for weakening encryption recently.

An FBI spokesperson said something like 'we can put people on the moon, why can't we just create law enforcement-accessible encryption? i just don't buy it."

Fuck off and die.

Dance like no one else is watching. Encrypt like everyone is.

Using Base64 "encryption" to store credit card numbers and passwords

When the "lost password" feature of a website sends you an email with your original password :/

When I was in my second semester of college I was tasked with creating a file encrypt/decrypt program. Take in normal textfiles and spit out a new random text and symbols file. I worked on it for two weeks and read up on all different encryption types and stuff. I was so excited when it was done. After it was done compiling I tried it out on its own source code. Encrypto.c and named the output file Encrypto.c 😰 The next thing I did was google " best version control and how to use it."

Dance like no one's watching. Encrypt like everyone is.

"Perl – The only language that looks the same before and after RSA encryption." - Keith Bostic

Had three servers running in prod. For extra security all of them were encrypted (hdd encryption) just in case.
"mate, servers need a quick reboot, that alright?"
Me: yeah sure!
"oh hey they're encrypted, what's the password?"
Uhm.....
😐
😓
😨
😵😨😮😧😫
😲😶😭

Yeah, i also forgot to turn on the backup process...

Story time:

I was once working on a project that dealt with incredibly sensitive financial data.

We needed a client’s database to do a migration.

They wouldn’t send it over the internet because it was too big and they didn’t think it would be secure.

They opt to send it in the post on an encrypted usb drive.

(Fair enough thinks I)

USB drive arrives.
Is indeed encrypted.

MFW there’s a post it note in the envelope with the password on.

MFW this is a billion dollar multinational petrochem company.

MFW this same company’s ‘sysadmin’ and ‘dba’ once complained because a SQL script I sent them didn’t work - they’d pasted it twice and couldn’t work this out from the fucking “table already created” error message management studio was throwing at them.

Bad handwriting is the most effective encryption

Fixing family / friends technical problems, episode 2.

Problem: "I lost my iPhone, I know there's a thing that lets you find it. Can you help?"

Debugging:

Me: sure, it's called "find my iPhone"

Friend: ah yes that's it. How do I use it?

Me: I'll show you, just login here and ... oh you didn't set it up?

Friend: Probably not, I don't know much about this computer stuff.

Me: ... when you setup your phone for the first time, it's a full screen thing that says "do you want us to locate your phone if it's lost. Yes / No". It's hardly writing an encryption algorithm now is it?

Friend: no it's not, but still I just didn't know. I probably clicked no for everything.

Me: ... says here you clicked yes for iCould ... and yes for photo sync ... so you read the one about your pictures but not about lost or stolen property ... nice.

Friend: ... so you can't find it then.

Me: No, natural selection took it away from you.

Friend: oh **** off.

So I work in IT for the police. I just received an "unneeded" encrypted smartphone.

I had to reconfigure it, in order to give it to the next policeman. Unfortunately nobody knew the password and there is actually no way to reset this damn thing.Trust me, i did my research.

About 2 days later i receive an angry call by the policeman that should be using the phone by now.

Policemen: "Why is my phone not ready yet?"
Me: "it's encrypted and nobody has the password."
Policemen: "Well just ask the previous owner then!"
Me:"It's a little difficult..."
Policemen: "Why?!?"
Me: "He shot himself."

Having a private conversation over WhatsApp these days...

> Claims to be a security expert and an Anonymous member

> His router uses WEP as encryption

*me, coding at a pub*
*random dude walks up to me*
He: "what are you doing? Programming? What?"
Me: "yup. That's a horizontally and vertically scalable webservice, that's using amqp, rest APIs and encryption to schedule starting, stopping and autoscaling of a total of 90 heroku applications. This webinterface *showing* allows you to trigger starts and stops manually and monitor all processes."
He: "oh, so you are programming a Website? In HTML?"
Me: "euhm........ Yes."

I understand this dude had probably no clue what I was talking about.. Yet I am angry at him. Reducing more than 12k loc to HTML... Go fuck yourself.

a picture worth thousand words

"Can you give an example of a work-based conflict you were involved in, and how you went about resolving it?"

"Heh, ohhhh yes. Last job actually. Manager flipped out at me for the billionth time for no reason at all. I calmly handed my notice in, changed a bunch of encryption keys and disabled a bunch of users on the server before leaving and never looking back."

"Wow. Seriously?!"

"Absolutely. I'm very forward-looking."

Still no idea if the guy just decided to turn up to the interview to waste our time, or he really was stupid enough to think that was a positive.

Me: "I'm a programmer"

Others: talks about linux
Others: search algorithms!
Others: service infrastructure
Others: memory optimization
Others: encryption

Me: "I'm a front end web developer"

Others: complex services
Others: strong user form validation
Others: lazy loading
Others: SEO

Me: "fucking, I make shit look pretty alright"

"Your public key is a lot like a Jayden Smith tweet, it turns content into confusing, meaningless garbage before sending it out to the internet"

Dead. XD

We've password protected a file and forgot the password we need it cracking asap.

Sorry we can't crack passwords on files.

If we don't get access to the file it'll cost the company up to 250k.

Well you should've thought about that before encrypting the fucking file with 256 bit encryption.

Working with a radio chip we selected because it had built-in encryption. Cannot make the encryption work, thus in contact with the manufacturer:
"- I cannot make the encryption work, it's like the chip doesn't want to take a key.
- which key do you use?
- does it matter?
- well yes, you can't just use any key!
- why not?
- you need to get an approved key from us.
- why is that?
- so that your competitors can't read your data!
- ...
- ...
- so the way to get working keys is to get them from you?
- of course!
- keys are 256 bits. Can we potentially use all of them?
- OF COURSE NOT!
- how many can we get from you?
- one! We reserve it from your company.
- are you telling me that all units within a company will need to have the exact same encryption key?
- yes!
- so anyone with our product could eavesdrop another same product?
- well yes, but it's all within your own products.
- ...
- ...
- that's not how encryption is supposed to work.
- but it's safe, your competitors cannot eavesdrop!
- I'm out of here."
(We finally found a satisfactory work-around, but i am still pissed at them)

"could you please just use the standard messaging/social networking thingies? That way it'll be way easier to communicate!!"

Oh I don't mind using standard tools/services which everyone uses at all.

Just a few requirement: they don't save information that doesn't need to be saved, leave the users in control of their data (through end to end encryption for example) and aren't integrated in mass surveillance networks.

Aaaaaand all the standard options which everyone uses are gone 😩

My disk isn't corrupted, it's just so secure that even I can't access it

This is super childish but it's the gameserver insidstry and karma is a bitch.

TLDR: I hacked my boss

I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.

I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :3

Manager: "The password must be encrypted to store it inside the database."
Me: "Great! No problem."
Manager: "Then it must have a copy of the unencrypted password to send it by email."
😐

So the new mass surveillance law will be going into effect from the 1st of January.

Of course, since I'm very keen on my security/privacy, I'm going to implement some precautions.

- A few vps's connecting to tor, i2p and VPN provider so that I can always use a secure connection.

- Setup anti tracker/ads/etc etc shit on the VPS's. Probably through DnsMasq and the hosts file.

- Use Tor browser by default. I've tried this for a while now and damn, the tor network has become way faster than only even a year ago! Some pages literally only take a few seconds to load.

- Wipe my laptop, encrypt the harddrive and at least put QubesOS on it together with probably a few other systems.

- Ungoogle my new phone, use it with VPN by default.

- Get rid of all non encrypted communication services. I think that only leaves me with a few account removals because I haven't chatted unencrypted for nearly a fucking year now.

If anyone has any more ideas, please share!

A US senator or judge or whatever his title is said today that he wants companies/governments to build a 'responsible encryption' system.

Preferably that would exist out of a big ass database which stores the private keys of citizens so in case a person loses their private key or the government needs access to encrypted content, that is possible.

NOO, WHAT COULD FUCKING POSSIBLY GO WRONG!?!?!

Seriously those kind of people should not be allowed to have the kind of positions they have.

This shit makes me so angry.

Project Manager: You used a hash/salt to encrypt the password in our customer database?

Me: Yes.

Project Manager: That's mean we will not be able to see the password?

Me: That's the whole point. Why would you want to see what password customer is choosing?

Project Manager: Change it. Use random encryption method.

That's some serious encryption in android I think.

Got some good news today, Australia's PM (Malcolm Turnbull) doesn't want a backdoor in encryption! All he just wants is "support" from companies to "access" their users encrypted data.

See the difference?

I don't 😒

(The exact opposite of a rant, yay)
My school gave everyone in my class (and the two other 10th-grade CS classes) these neat 64GB USB sticks.

They are our property (paid by our fee every student has to pay every year so the school can afford paper for the printers, school books, and other materials such as USB sticks for 10th graders), but we have to keep some files for a lesson on the root of the USB (currently ~900MB).
That's not an issue, personal files go in my _Personal folder anyway.

Of course, I wanted to VeraCrypt all my USB drives I use at school, but since I don't have admin rights at our school and they use Windows 10, I just used BitLocker. Good enough, the only thing I want to achieve with encryption is other students being unable to read data off a lost drive (such as my _Personal data)

Also this stick is hella fast even with BitLocker enabled, 200 MB/s (minus 13 MB/s with enabled BitLocker) sequential r/w speed according to CrystalDiskMark.

Citizens are advised not to use encryption as decrypting data takes too​ much time and is costly.
Please spread awareness and save money.

Thank you for Cooperating, have a nice day :)

I've always wanted to experiment with encryption but never do. This weekend, I'm fucking doing it. Even if I'm just flipping a few bits around, I'm fucking gonna flip those bits like they've never been flipped before and they are gonna FUCKING LIKE IT.

Dear Prof,

One does not simply encrypt the exam tips and give it to the students in a computer security introductory module.

Sincerely,
Disgruntled Undergraduate

> be me
> install linux on encrypted drive
> takes 8 hours to fill the drive with fake data so theres no chance of data leakage
> save encryption password to phone
> phone doesnt actually save password
> realize you dont have access to pc anymore
> cry
> reinstall linux

Tutanota (encrypted email service) has a newly designed interface.

I usually don't give a crap about design.

It's so beautiful 😍

I think I'm in love 😱

Senior C++ developer:
"Writing a custom encryption algorithm from scratch for our communications platform? Every developer knows that is an absolute no go, cryptography should be left to cryptography veterans!"

Same guy, year later:
"Blockchains? Hold my espresso, I can totally write a whitepaper on cryptography, write some shitty code with nice branding, and get millions from an ICO"

Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

- devRant TOR rant! -

There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!

First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.

Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!

And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?

Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.

"I should really make better offsite backups"

"Right, this service doesn't do client side encryption"

"Oh this one doesn't have a Linux client"

"OK this one only sets up a single directory you can dump shit into"

"Wtf this one charges more than a high class escort girl"

Whatever... I'm sure my house won't burn down.

Had to give a 15 min presentation on web development. I somehow turned it into me giving a 1 hour lecture on ssl and end to end encryption to a bunch of accounting students 😅

Me: *Has 3 difficult exams to study for and hours of work*

Also me: I should try my hand at encryption in Python.

Gotta say, I find it awesome that I can connect with some devRanters through encrypted channels.

It's awesome to talk to devRanters with the same mindset through channels that offer a very high level of security/privacy.

Thanks!

HAHA. Classmates were trying to change my wallpaper or something on my laptop. They didnt even boot to the damn system. LOL. First they didnt know how to launch from GRUB. Ater they figured that out they were hit by SSD + HDD encryption. No fucking way they are gonna guess 28 character long decryption key which was randomly generated by my own program.
Revenge you say ?
Well done already.
The guy who had the idea had a notebook too. Well i just turned on the PC and hey look at that. Offline account with no password.Well i changed his wallpaper to just simple text. "USE PASSWORDS"
Oh yes this was all in the limits of fun. Nobody wanted to do some crazy shit that could break our systems. We were just having fun. But hey i guess i won.
Oh and yes as the second part of the revenge i was sending deauth packets to his PC all the time with help of Rpi zero in my desk. Damn was he pissed when i told him at th end of school that it was me.

10 years ago, I found a vulnerability in the connection between an insurer I was working for, and the network of databases of municipalities. I was only a hacker in so far as kids who watched Hak5 are considered hackers, so I always carried this laptop with a fake access point, package sniffer, wep crack, sslstrip, etc with me.

The vulnerabilities allowed me to register a new identity, for which I requested a passport.

Walking up to the town hall desk with two passports with different names, both mine, was pretty cool.

I did not do anything malicious, and was hired to fix the issues (wep encryption on insurers trusted wifi, and municipality postgres gave write access to all third parties)

For a few days I was the coolest kid in school though!

So... Facebook just stated that they plan on loosening up the End-to-end encryption in WhatsApp to analyze the messages and show user-specific advertisements.

Time to uninstall WhatsApp I guess!

Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???

One of my favourite, encryption puzzles is this:

ITuyVT93oUZtLKWyVT5iqPO3nTS0VUEbMKxtp2IyoD==

Answer is plain text string in english. Good luck, post solution in the comments!

"Just use MD5 encryption"

After seeing this app on the play store, I've officially lost faith in humanity.

I think I will ship a free open-source messenger with end-to-end encryption soon.

With zero maintenance cost, it’ll be awesome to watch it grow and become popular or remain unknown and become an everlasting portfolio project.

So I created Heroku account with free NodeJS dyno ($0/mo), set up UptimeRobot for it to not fall asleep ($0/mo), plugged in MongoDB (around 700mb for free) and Redis for api rate limiting (30 mb of ram for free, enough if I’m going to purge the whole database each three seconds, and there’ll be only api hit counters), set up GitHub auto deployment.

So, backend will be in nodejs, cryptico will manage private/public keys stuff, express will be responsible for api, I also decided to plug in Helmet and Sqreen, just to be sure.

Actual data will be stored in mongo, rate limit counters – in redis.

Frontend will probably be implemented in React, hosted for free at GitHub pages. I also can attach a custom domain there, let’s see if I can attach it to Freenom garbage.

So, here we go, starting up modern nosql-nodejs-react application completely for free.

If it blasts off, I’m moving to Clojure + Cassandra for backend.

And the last thing. It’ll be end-to-end encrypted. That means if it blasts off, it will probably attract evil russian government. They’ll want me to give him keys. It’ll be impossible, you know. But they doesn’t accept that answer. So if I accidentally stop posting there, please tell my girl that I love her and I’m probably dead or captured

Setting up my new second hand thinkpad with Linux Mint KDE.

I just chose for harddisk encryption.

My password is so freaking long and complicated and I didn't write it down so let's start learning this fucker out of my head 😅

Downloaded Kubuntu because i couldn't seen to be able to boot from a freshly created KDE Neon bootable usb.

Installed it onto my netbook (Lenovo Thinkpad X121E) and it worked great!

But just the fact that somehow the installer froze when trying to setup hdd encryption kept bugging me.

Took a random flash drive which was laying around and put it in to see what would happen. KDE Neon booted just like this and everything worked very well with hdd encryption.

I now have a very secure netbook 😊

It happened 2 nights ago.
We had a whatsapp project for the distributed application programming class, my project mate and me were coding for 2 weeks whole day to finish it, especially with the end-to-end encryption feature that teacher asked, till 2 nights ago the project was trash, the private chat wasn't working and and nothing else is done we had only the UI, we was really doomed especially we had 1 more day to deliver the software, and we decided to deliver the project as a trash and get marks from the UI and the presentation.....
Till the night before deadline at 8 pm
I wanted to try fix some interface pictures and to make it better......
The next thing it was 6 am and the project is full working..
When I told my project mate he was not believing, I had to swear multiple times fot him and hat to go and show him the project by the eye.
We delivered the prohect and got 22/25 😁😁😁
It was incredible I didn't believe my self at first place.
Sory for the long story 😓.

Today I visited a partnered company, best summarized as "our people are the best at what they do, although we haven't figured out what it is that we do".

It was fucking awful.

Halfway a presentation about "capitalization on the internet of things" which featured nothing about hardware or protocols at all, a guy stood up and started talking about improvements on ecdsa and schnorr encryption or something... for no apparent reason. Then followed a bunch of pretty slides about the sharing economy... after which the CEO concluded with some vague speech about decentralized management of assets in a globalist world or whatever...

It was like a bunch of pretty smart people all had been locked up in some kind of closet with mirrors on the inside for six months, discussed their best ideas with their own reflections, then immediately grouped up and convinced an investor to fund their startup.

Ugh, I have to wash my ears and eyes with bleach. My brain is flooded with pretentious bullshit buzz and over the top startup decadence.

Actually, I think this sums it up best: There was a framed oil painting of the CEO with his dogs in the conference room, and the bathroom had a large marble Charizard statue watching me pee.

Soooo my little encryption tool makes progress. <3

After a short break from development, we had our first successful loaded container yesterday!

This means:
- Protocoll is working
- We can create containers and store/copress files in it
- we're awesome
- I love it
- you are awesome, too!

(Loaded containers will be inaccessible for movement to different directories while our tool is open)

Base64 "encryption"

Boy, sure wish I knew about this before putting all of my passwords into lastpass. This looks way more secure. Handwriting in English is pretty much as good as encryption.

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

I love how the Keybase Linux client installs itself straight into /keybase. Unix directory structure guidelines? Oh no, those don't apply to us. And after uninstalling the application they don't even remove the directory. Leaving dirt and not even having the courtesy to clean it up. Their engineers sure are one of a kind.

Also, remember that EFAIL case? I received an email from them at the time, stating some stuff that was about as consistent as their respect for Unix directory structure guidelines. Overtyping straight from said email here:

[…] and our filesystem all do not use PGP.
> whatever that means.

The only time you'll ever use PGP encryption in Keybase is when you're sitting there thinking "Oh, I really want to use legacy PGP encryption."
> Legacy encryption.. yeah right. Just as legacy as Vim is, isn't it?

You have PGP as part of your cryptographic identity.
> OH REALLY?! NO SHIT!!! I ACTIVELY USED 3 OS'S AND FAILED ON 2 BECAUSE OF YOUR SHITTY CLIENT, JUST TO UPLOAD MY FUCKING PUBLIC KEY!!!

You'll want to remove your PGP key from your Keybase identity.
> Hmm, yeah you might want to do so. Not because EFAIL or anything, just because Keybase clearly is a total failure on all levels.

Written quickly,
the Keybase team
> Well that's fucking clear. Could've taken some time to think before hitting "Send" though.

Don't get me wrong, I love the initiatives like this with all my heart, and greatly encourage secure messaging that leverages PGP. But when the implementation sucks this much, I start to ask myself questions about whether I should really trust this thing with my private conversations. Luckily I refrained from uploading my private key to their servers, otherwise I would've been really fucked.

On the presentation for my database project my team and I showed a NodeJS + Mongo + VueJS project with cloud storage capability, nothing fancy but did everything from scratch (from token auth and system encryption to the frontend CSS and the database) the teacher made some questions and meh'd at it.

Behold team two's project, WordPress with a standard template and phpMyAdmin, teacher loves it because "it's so beautiful"

Guess who just failed that class?

God I love college, it's the best time investment I've ever done and it'll surely pay out.

PM ordered me to not use encryption for customer authentication links because we want to be able so send same link if the user loose it. "we have to prioritize usability over security". At least I can tell future hackers it's not my fault..

I found this in the code of a non-adult video portal...

Why would they need AES encryption for a pornhub grabber?

Let's Encrypt-- Opinions?

"Why are there so many programming languages? Why don't you guys all just program in binary?" A friend of mine some of you may remember, the same one who decided to select system32 when trying out some encryption software from the internet, and who put a shutdown script in the start up programs

So we send a quote out to a client to update his website to make it compliant with the new privacy guidelines: SSL encryption, removing external libraries, removing Facebook Plug-ins, all that stuff. We didn't get a response.

On Monday, he called in a panic. "The website does not work, fix immediately!"

I check out the server, what do I see? An SSL cert installed the Friday before... Client decided to do it himself, on a Friday, without testing. He broke something, but cannot tell me exactly what he did.

And somehow he thinks all that is my fault :D

Perl – The only language that looks the same before and after RSA encryption.

It would seem that Australia just criminalized privacy. The world needs to watch, so this shit isn't repeated elsewhere.

Discussed my Internet privacy campaign - Google-free, encryption where possible, didn't even mention VPNs - with 2 people and they've both asked, "why, what are you hiding?"

Can someone please explain to me WHY THE FUCK non devs feel like they know shit. I DON'T GIVE A FUCK ABOUT HOW YOU FOUND SOME UNTRUE SHIT ON GIZMODO. I'VE KNOW SO MUCH ABOUT THIS SHIT, AND YOU LOOKED UP THE FIRST EXAMPLE YOU COULD FIND THE SUPPORTS YOUR CASE. The most recent time this happened was OVER THE LAST FEW DAYS when this DUMBASS that my friends and I BULLY but HE STILL HANGS AROUND. (By bully, yes sometimes we are mean to him, but we're not out to get him. He comes to us and we don't wanna be with him). So after the SEVENTH groupchat (on two apps) he created that night, HE WANTED TO SWITCH BACK TO ANOTHER APP I SPENT A WEEK TRYING TO GET THEM TO SWITCH FROM PREVIOUSLY (It was whatsapp, i got them to switch to telegram). THEN HE TRIED to ARGUE with me about how TELEGRAM wasnt secure. HE SEARCHED "is telegram secure" on Google and chose the FIRST ARTICE from the previously mentioned, GIZMODO which says that TELEGRAM chats ARENT ENCRYPTED by DEFAULT. HOW THE FUCK DO DUMBASSES GET THIS KIND OF PUBLICITY. There's a difference between ENCRYPTION and END TO END DUMBASS. Then he told me whatsapp is more secure than telegram. NO ITS FUCKING NOT. In telegram, your encryption keys CHANGE every chat, or every 100 messages. To my best research, whatsapp only has ONE key per USER. I could go on forever about how chat backups in whatsapp are UNENCRYPTED or how FACEBOOK stores your data, but blocked you works to.

Using encryption is paranoid

Today I was continuing my Ruby script for file encryption.

I added some features like Picture Encryption and Bookmarks.

Then I tried to start it to make sure it doesn't fuck up.

ruby PGCrypt.rb

No changes reflected.

w0t.jpg

Start debugging

Browses SO and DDG like a maniac

Reinstalls Ruby

Guess what happened.

My shell was in the wrong folder and I ran the old testing script.

GRAAAAAHHHH

Update on my quest for encryption!

For the (large number) people that don't know, I want to use encryption for (almost) everything / actually give a shit about internet privacy... And I want it done by 2018.

So.. here is my progress so far:

I have signal
I now have an @tuta.io email.
I have a complex, long password.
I am using blankslate.io instead of Google docs (except for school)
I run important stuff through Tor or a VPN or both
I have a firewall running on Android.

Any more suggestions on what to do or things to change??

(@linuxxx)

Edit: disregard this rant, as it seems I have no idea what I'm talking about

"Filesystems encrypted with 128 bit keys are practically unbreakable with today's technology" - my OS professor.

No, I didn't mishear him saying 1024. He said 128 bits.

And yes, it's the same guy from my previous rant (the one with "Linux is just for hackers")

I love it when a fellow "dev" asks about some interesting security topic (full disk encryption) and I'm like "yeah I use LUKS pretty much everywhere".. and then takes an entire arm when given a hand.

Performance in LUKS? Yeah sure you can benchmark it within cryptsetup. Here's how to do it and choose a good cipher for your CPU.

D: Oh also how do I check my battery life?
M (thinking): you lazy fucking piece of shit.
M: FUCKING GOOGLE IT
D: Obviously that means that you don't know it.
M (thinking): so not only lazy but also disgustingly ungrateful, fucking twat.
M: acpi. Next time fucking Google it.
D: You know what? Never mind.

As if I'm the one that's fucking wrong now!! But you know what, never mind indeed. Because you've successfully wasted my fucking time instead of fucking googling "check battery life Linux" like a sensible dev would.

Fellow "dev", if you're on devRant I hope you read this. You can seriously go fuck yourself.

For anyone looking for a quick video conferencing solution, take a look at Jitsi Meet!

Although I'm still unsure about the levels of encryption, it works veeery well!

Was just thinking of building a command line tool's to ease development of some of my games assets (Just packing them all together) and seeing as I want to use gamemaker studio 2 thought that my obsession with JSON would be perfect for use with it's ds_map functions so lets start understanding the backend of these functions to tie them with my CL tool...

*See's ds_map_secure_save*

Oh this might be helpful, easily save a data structure with decent encryption...

*Looks at saved output and starts noticing some patterns*

Hmm, this looks kinda familiar... Hmmm using UTF-8, always ends with =, seems to always have 8 random numbers at the start.. almost like padding... Wait... this is just base64!

Now yoyogames, I understand encryption can be hard but calling base64 'secure' is like me flopping my knob on the table and calling it a subtle flirt...

Should I actually look into getting a dev job..?

*I have a high school diploma (graduated three years early)
*College dropout (3-4 months, Computer Science - Personal Reasons)
*No prior work experience.
*Good textural communication skills, poor verbal communication skills.
*Currentally unemployed. (NEET :P)

*I have extensive personal experience with Java, and Python. Some Lua. Knowledge of data generation, parsing, Linux, Windows, Terminal(cmd & bash), & Encryption(Ciphers).
*Math, but very little algebra/geometry (though, could easily improve these).
*Work best under preasure.

Remote only.

Think anyone would hire me..?

I enjoyed this little bit of Keybase humour. 😊

ROT13 as password encryption *cringes*

Not dev related but still a rant:

My company decided that all the network traffic should go throu a virus scanner. But they don't know what the fuck they are doing, so now EVERY valid SSL cert gets rejected by our browsers because the virus-scanner breaks the SSL encryption.

Anyone open for a pishing attack?

My teacher thinks encryption and encoding are same

Guys Quick Question 2 :

Should I Dance like no one is watching
and Encrypt like everyone is ?

Or do the opposite ?

Procedural customizable data encryption command-line Utility

Embedding private encryption key in production javascript file and fetching third party session token client side.

"Ultron brings to you the best in security and encryption, directly taken from IE 5.5."

*screams internally*

After working for this company for only a couple years, I was tasked with designing and implementing the entire system for credit card encryption and storage and token management. I got it done, got it working, spent all day Sunday updating our system and updating the encryption on our existing data, then released it.

It wasn't long into Monday before we started getting calls from our clients not being able to void or credit payments once they had processed. Looking through the logs, I found the problem was tokens were getting crossed between companies, resulting in the wrong companies getting the wrong tokens. I was terrified. Fortunately I had including safe guards tying each token to a specific company, so they were not able to process the wrong cards. We fixed it that night.

fuck code.org.

here are a few things that my teacher said last class.

"public keys are used because they are computationally hard to crack"

"when you connect to a website, your credit card number is encrypted with the public key"

"digital certificates contain all the keys"

"imagine you have a clock with x numbers on it. now, wrap a rope with the length of y around the clock until you run out of rope. where the rope runs out is x mod y"

bonus:

"crack the code" is a legitimate vocabulary words

we had to learn modulus in an extremely weird way before she told the class that is was just the remainder, but more importantly, we werent even told why we were learning mod. the only explanation is that "its used in cryptography"

i honestly doubt she knows what aes is.

to sum it up:

she thinks everything we send to a server is encrypted via the public key.

she thinks *every* public key is inherently hard to crack.

she doesnt know https uses symmetric encryption.

i think that she doesnt know that the authenticity of certificates must be checked.

Today I continued working on my File Encryption Frontend, nothing functional, yet!

The icons are selfmade, I think at least the folder icon is pretty.

Our programm will have something like a Zip-Explorer feeling too it, but our aim is still encrypting files to the unbreakable point.

A Bank Account Number is like a public encryption key. Any random person needs it to send me money. Why does it seem like banks treat it as a secret or even use it to confirm my identity? It's literally printed in plain text on every check.

Its really a great fucking time to be alive on linux. Not only freesync is there in latest kernel but hybernation encryption is going to be a thing. This is fucking amazing.

Keep it up guys. LETS SHOW WINDOWS THAT WE CAN DO MUCH BETTER.
Oh wait we already did few years ago LOOOOL

Maybe backing up WhatsApp messages is not such a great idea after all.

When i get ask to implement encryption methods in my code

Created an account on Juststickers.
This is the email I get

Spent 6 hours implementing a feature because my senior didn't want to use a 3rd party plug-in.

After said 6 hours, went to look at the plugin's source code to get some inspiration with a problem I was having.

Guess fucking what? Plug-in was implemented exactly as I had done it to start with. Even better, actually, since it fixed some native bugs I couldn't find a way around.

Went back to my senior, showed him both sources and argued again in favour of the plug-in.

Senior: "Meh, I'm not sure. Don't really like to keep adding plugins"
Me: "Why? Do they cause performance hits? Increase memory usage?"
S: "No, not all. But I don't like plugins"

/flip

We ended up using the plug-in, but I "wasted" a whole day doing something we scrapped. Guess I learned some interesting things about encryption on Android, at least...

Teaching my homeschooled son about prime numbers, which of course means we need to also teach prime number determination in Python (his coding language of choice), when leads to a discussion of processing power, and a newly rented cloud server over at digital ocean, and a search of prime number search optimizations, questioning if python is the right language, more performance optimizations, crap, the metrics I added are slowing this down, so feature flags to toggle off the metrics, crap, I actually have a real job I need to get back to. Oooh, I'm up to prime numbers in two millions, and , oh, I really should run that ssh session in screen so it keeps running if I close my laptop. I could make this a service and let it run in the background. I bet there's a library for this. He's only 9. We've already talked about encryption and the need to find large prime numbers.

Linux is shit, OSX and iOS are trash, windows is the only OS that actually works, open source is always inferior to closed source, if you use VPN or encryption youre a criminal, java is slow, vim worse than nano, ..

Now that I've got your attention and you probably raged and downvoted.

Downvotes don't actually work on devrant. (not a bug)

This has been going on for months already - why have that function to begin with, if its just not fucking working? The usual answer to people throwing a fit is "just downvote it", WHY? it doesnt fucking work.

For a while specific options while downvoting DID actually work, but now any of the downvote options are just straight trashed and ignored, they are saved, dont get me wrong (or else it would be too obvious), but they dont affect any of the scores at all.

I understand mass bot downvoting should be prevented, but why take away anyones voice by completely ignoring downvotes. I really dont get it, its not "punishing" the creator of said post or comment, its simply reflecting what the users actually think of said comment or post, it boils my blood how thats even a thing, I am honestly disappointed.

Why should also downvoting something hide it from the feed (especially on the "recent" filter), let me fucking decide what I want on my feed via option then atleast. What if I don't agree with a rant, downvote it, but then want to see what others thought of it? how am I supposed to find it again?

Google researchers breaks SHA-1. Next 90 days they will release the code that was used to break this encryption.

Are we fucked?

When I just started making things in PHP, I always taught that md5 encryption was the best thing out there.. Once I learned that it was the most easy way to break I changed to SHA1. What were I thinking? I now use a custom generated SALT for each user and encrypt with SHA512, should be safe for a while, right?

Let's teach the class about security. OK *spends 1.5 hr teaching about encryption and practices* OK now students make a login page and just store the passwords in a JavaScript array....... *Facepalm*

I need to post a laziest thing, because I sodding mistagged a completely unrelated rant.

About 20 years ago (!) we needed a couple of big primes to set up asymmetric encryption for some sort of verification/signing whatsit in this game we were developing. How do you generate big primes?

Well, there was this fairly new thing called openssl, which was open source, and _it_ had to have the facility to find large primes for RSA key generation. Half an hour of hacking at the openssl source code gave us a prime generator, saving us from writing one from first principles.

For context, our high score security consisted of simply xoring the data with a secret. The secret was one byte long.

Registered an account with a local pizza business and rated them 5* on Yell moments before checking my email and finding they had emailed me my unencrypted password, GREAT NOW I WON'T BE ABLE TO EAT

Some people are using base64 as an encryption method. Well I used to do so too.

Today I started coding an encryption algorithm I'm calling Aepples (apples)!! I'll let all of you know how it goes!

doge-cryption, doggo + encryption

What the fuck sort of help do you call this!?

Computer engineering : Insanity!!!

Today a friend of mine was assigned to make a Client-Server Encryption using Sockets. The guy did a great job applying BlowFish algorithm, but the teacher was disappointed because she couldnt map letters to the encrypted text and she declared the program to be wrong!!!

Ever encrypt files on a USB drive before?

Ever do that then forget the password you used for the encryption?

Yep... 😭

I just saw the equalizer 2 at the cinema and about half way through there is a phone with "military grade encryption" on it. We see the phone screen showing the encryption and what is it? Freaking JQuery!

I finally kicked myself to reinstalling my old 6 years running OS.
Now i installed Arch linux on it with gnome.
All running from HDD with encryption. Ohhhhh yessss.

I have a mate who downloaded encryption software that he somehow managed to use to encrypt almost every system file in windows, now the entire thing is fucked, like how can anyone be that stupid? Like before he even did that he tried encrypting the .exe of the encryption software and guess how that went

A website I made years ago, just needed to change the url to be logged in as admin and no encryption

It's been so long without an update on my little encryption project so...

We accomplished the following:
- big fixes and bug fixes
- drag and drop in files and folders
- screwed over many times
... And finally ...
- THEME SUPPORT!! WUHUUU

(Look attached screenshot)

Currently I just implemented two themes but a theme explorer will follow.

I'll create 3 themes for this project, normal, dark and Alice themed.

Stay tuned ✌️

FUCK OPENSSL. I LOVE IT AND HATE IT SO FUCKING MUCH. WORK FASTER AND BE LESS CONFUSING SO I CAN BRAG ABOUT MY PRETTY ENCRYPTION CODE SOONER. FUCK

Many people / engineers around me talk about trendy stuff like Cybersecurity or AI and show off what great encryption and neuronal networks they 'have built' ( I would rather say 'using').

I kinda get the feeling of 'Everbody talks about it - no one really knows what's goin' on inside (especially those guys who hate math and even algorithms).'

Am I just stupid or does somebody else here feel the same way? I mean people have been doing serious research about this stuff for years. And currently many kids are coming up with it as if it is easy stuff like the bubble sort.

Currently working with @Kreischo and another good friend to create a secured, encoded container to store files in it.

I am currently working on the frontend of things, thinking it's quite beautiful.. (Done with Electron)

Your opinion?

That moment on Devrant that someone thinks your comment is a vigenère, while it actually was some random generated text in my pocket while cycling home.

devRant is awesome! :)

I made a real working example of elliptic curve encryption without code examples in javascript. I really felt like a badass.

I saw this image on IBM's blog. The author was explaining how blockchain could be used to implement self sovereign identities. But, isn't the last step wrong? In order to decrypt Alice's message, Bob should use his private key instead of Alice's public key, right? Of course, while encryption Alice has to use Bob's public key.

TIL if you know the password for a WIFi SSID, you can replicate it with your hardware. All devices that have credentials for that SSID will connect to yours if your signal is stronger. The encryption just needs to be the same (wpa2/wep) The underlying UUID doesn’t matter.

Not bad for a quick and dirty man-in-the-middle attack. The WiFi spec needs a bit more work.
TLS all the things!

In my ongoing quest to un-Google my life, I turned off the Whatsapp chat back up, which uses Google Drive. There's a message in that setting which says, "Media and messages you back up are not protected by Whatsapp end-to-end encryption while in Google drive".
Damn.
All my Whatsapp chats for years have been on Google servers in plaintext.
I assumed it uploaded one massive encrypted archive.

Encryption successful! 😂

When you spend 6 hours figuring out how to best encrypt/decrypt your unimportant website cookies just because you don't want people to see how bad you are at naming stuff :x

Encryption, Data, Servers, Protection, Certificate

oOOO WEE, I use big ear old words so I must be a hacker.

Hmmmm its almost new year im having finally holiday from school and all that stuff but still working on ROMs but well another story and i dont have a thing to rant about which i think is kinda good but sad at the same time.
So all i wanted to say to you guys that 2017 was an amazing year full of learning new stuff and trying, meeting some cool people.
I have done a lot of work this year.
Created a sort algo which well was already created but i didnt know that sadly.
Working on encryption algo (Still)
And lot more but thats not what the rant is about.
It was as i said above an amazing year and im sure we had a loooooooot of fun at devRant.
Some big changes happened this year at devRant mostly the web UI and livestream which was totally amazing.
Also a lot of thing happened here looooot of awesome things and i finally updated my fucking firefox extension for 57 standard (Yeah i was late on that one).
I surely would have said more but nothing comes up in my mind now only some quantum mechanics stuff but well thats not what the rant is about neither.
So Happy New Year to all of you guys and let the 2018 be more awesome then 2017;

Oh, you're encrypting user data
Your boss: write the encryption key on notepad or paper

Had a couple occasions to feel like a badass, recently.
I'm the only programming polyglot on the team. They've been wrestling with an encryption problem. I crack open C, make a few calls to wincrypt (yes, I'm sorry, we're a Windows company) and give them a dll they can call in their IDE. They were stunned by how fast it was.
Last week, my manager asked if I could put together a communications module for our flagship software.
Him: will 3 months be enough time?
On Monday, I had an alpha of the module ready, and a standalone simulator of the module, and a couple different examples of how to communicate with it written out in python.

Me: "I'll use my old laptop as a server to access via SSH to do my Docker Tests. I don't wanna use Keyboard and Screen. So, I'll set up Debian Server"

Also me: "Oh, full disk encryption with a preboot Login required. That's such a GOOD idea"

Introducing: Stupid me 🤗

We can hide messages in images via steganography (or ZIP sewing), we can hide messages in sound via either sound-based transmission (like Morse) or waveform-based transmission (think oscilloscope art videos), we can transmit it in videos in like 300 different fucking combined forms...

Encryption isn't the ONLY way, yo. Social engineering and being a cheeky shithead can get it done too.

I have a presentation which takes 10 min and must be about anything relative to computer .
Since the other students are very stupid , I might not choose a very advanced topic ( after thinking about encryption i realized this)
So i need help!

What is your recommandation for the subject?

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

!rant

Don't you just hate ignorance of others? I sure do. Don't you just hate when you try to tell someone something, but the person on the receiving end is like "Well, it's not my job, so I cannot relate, so I am not going to listen to you at all."

Now, let's talk about a little thing called PRIVACY. Whenever people ask me "Why do you not use Google Chrome, but you use firefox instead?" I always answer "Because it does not compromise your online privacy as much." But, those idiots never listen. The same goes with me being in favor of Unix-like systems such as MacOS and Linux. But they for some idiotic reason do not care for online privacy. They go for the "convenience". I know Google uses the data it collects to "help" you find better results. But the problem is is that you do not get a say in the choice that the algorithm chooses. Also, I know Google might say "Oh, we never look at your files and your information," and it is indeed true that most of the time when you try to research about the cons of Google using Google, only the pros of Google will pop up. Now, if I go onto DuckDuckGo or Bing or even Yahoo!, the results are going to be quite different. I have been using Gmail since about 2011. I have not switched because mainly of Youtube and because I have been using it for so long. True I have two other accounts, which are AOL and Hotmail, but I barely use them, and when I will be 100% concerned about my privacy, I am probably going to switch to AOL.

You might think that it is hypocritical of me to use Gmail, but have you ever tried switching from an email address that you have been using for years? It is hard. So I do the next good thing, and encrypt my emails whenever possible (GOD BLESS PGP). I know Google says that it itself encrypts the Emails itself, but, how can I trust such an advertisement monopoly? I mean, the encryption means nothing if they have the secret key, if needed, they'll just decrypt my email and read the fucking thing. That's why I have my own set of Public and Private keys, and I recommend you too encrypt your Emails, especially any sensitive data that you ever send. I am also buying a web camera cover, because I really do not trust the folks at the NSA and the CIA and all other 3 letter government agencies. But people always tell me "But how can I be significant to the government, I have nothing to hide," which is a fucking lie, EVERYONE HAS GOT SOMETHING TO HIDE.There cannot be freedom of speech if the government constantly sees what you're saying. I wish there were more people in the world like Snowden :/

Tinfoil hat time!

So, for this scenario we assume a world war has is in full swing, and all communications are either completely out or extremely monitored.

Additionally, no servers can be trusted and no ISPs can be trusted. Even when downloading software you cannot know if the software you got is tampered or not.

You have to send a message to a recipient you cannot physically contact, and you have to make sure him and only him get the message, otherwise nukes are deployed and we all die. The message has to arrive within 3 months or else it's too late.

Is it possible? If yes, how?

You know this MD5 encryption?

Me too - especially when saving customer passwords 😂

Decrypt api responses in an iOS app which my “senior” dev thinks it is more secure to encrypt responses in stead of setting up a proper SSL cert (they use plain http to save money 🙄)

They disable the encryption since it does not function as we wanted and set up SSL instead🙄

I just saw this on a website. Good to know that they use some kind of jQuery draggable plugin for encryption.

A couple of days ago, an individual attempted to convince me that the National Security Agency is capable of cracking Rijndael encryption; as a response, I informed the individual of the infeasible nature of the factoring of extremely large semiprimes; however, my attempts were futile, as the individual believes that NSA possesses sufficient power to crack this encryption without intercepting the transmission of the corresponding private key.
The Dunning-Kruger effect is real; although this individual tends to be logically-minded, there does exist an exception to this good behaviour.

"It is easier to square a circle than get 'round a mathematician."

Fucking christ this year is a fucking shitfest:

- wpa2 krack
- "DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions"
- "Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites"
- "Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe"

My fucking router didn't yet get patched, my fucking phone is outdated and I can't change to my patched one because devrant just shits the bed in extended desktop mode. Windows 8.1 loses support in 3 months, rendering my last chance of using it on my surface pro done, making me use windows 10 with its fucking shit ass not optimized tablet interface. I have just fucking constant paranoia what else could be hacked tomorrow, nothing is fucking safe anymore for fucks sake. I even went as far as implement 3 step auth and intrusion detection on my shitty ass VPS nodes, fucking give me a break you fucking assholes.

CS Teacher today:
"Transport Layer provides Security and Encryption to the communication" (TCP/IP stack)

me: WTF? Encryption is provided on the *top* of the transport layer (aka Application) ( and below [Network Layer] there is IPsec)

Teacher: no, it's wrong.

me: so Wikipedia it's wrong, RFC 5246 is wrong, and you have right?

Teacher: Yes.

me: Ok. (aka fuck you!)

An identity platform where you can find each other, get the other's public key and preferred contact method. And the entire key exchange and choice of contact method are negotiated automatically. No vendor lock in, encryption happens on your own device. Effortlessly and securely communicating, no searching for skype name, email, phone number, setting up shit. It would just work.

SecureMessengerAndroid

A chat app that uses AES encryption and doesn't require any personal information like phone number or email address.

Ok guys I need advice, haven't posted in a long time.

A profesor is asking my team to build a java application that runs on a server with a very specific tech-stack (database, container, encryption, use-case and UI design) it's basically a fully fledged app that I know would cost somebody hundreds if not thousands to buy. The thing is I'm getting the feeling he's using us to write this code and then later distribute it while all we get is 20/100 points we need to pass the course. I heard rumors...

So what I wanna do is throw it on github (he's obviously expecting me to open source it at which point he forks it and bam!) and slap the most restrictive license on it. Now I don't have much experience with licensing or this sort of thing... any advice? I want to be able to go at his throat if I ever find out he used my code which I'm supposed to spend 3 weeks writing for free for a fucking "uni" project that's worth a fifth of my grade in that one semester course!

2nd year programming professionally I designed, coded, and released a PCI compliant credit card encryption system, including updating all 7 million records (at the time) in our existing database to utilize the new system. By some miracle, it worked with only one small hiccup (see previous rant).

In an encryption-module, I had a bug, that caused my PC to crash, every time I tried to encrypt something.
Turns out, the loop, that appends
0-Bytes to the string, to make it Block-Cipher compatible,
Had an logical-bug in its exit-condition, that caused it to run infinitely and allocate an infinite amount of memory.

What's wrong with the idea of having a huge computational network like in Watch Dogs to bruteforce encryption ?
I mean suppose having 500 or more million cores , how long does it actually take to bruteforce a 256 bit key ?

When you do a login encryption using AES, rot13, Base64, rot13...
AES Password is also encrypted using rot13, Base64, rot13.

AND SOMEHOW IT DOESNT WORK FOR EVERYONE.

I cry

!rant

University assignment asks to create some encryption harder to break than Caesar Cypher. So I decided to go online and look for some tips on making a somewhat decent algorithm.

Universal answer: don't do it

😶

Well then, night off I guess 😎

Problem:
some folks left the angular codebase full of ridicolous console.logs, client was upset as he noticed it during UAT

Solution:
1. add extra script in main template page
window.console.log = function(){};
2. translate it into JSFuck
3. if they ask, pretend it's a super-secret encryption algorithm to improve security

Found a new "encryption" mechanism in the DB. It was base64.

Who would be interested in reviewing an old peice of Python code I wrote..? It's a few years old, and it uses basic procedual generation to cypher text (entry, or ASCII files) using a hashed password. It's a command line tool.

I used to brag about how "secure" it was, and now I'm curious if it is secure or not.

I plan on picking it back up and open-sourcing it, but I want to know what problems might be wrong with it now.

In these dark times, it's inspiring to see that a country as insignificant as Australia can demonstrate to us how things can always get worse.

By passing a law mandating that encryption must be broken, in secret (like the US's National Security Letters), at the demand of the Government, the two biggest parties have colluded to destroy Australia's tech sector.

This is the same government that has been whining endlessly about using Huawei LTE equipment in Australian infrastructure "because it might be secretly compromised". Now the same is true of Australian equipment, by law.

My favourite part of all this is how there will be firmware updates for devices sold in Australia, in order to comply with the new law. How well do you think those backdoors will be secured? How thoroughly do you expect them to be tested, given Australia's population of only 25 million?

How can any Australian company expect customers to trust them now?

I want to use the DevRant community for a Unit test.

Inspired by Memento, I will make a tattoo ... but ... I want it encrypted. I know nothing about encryption.

I want to make some encrypted messages and I want you guys to decrypt them.

If I'm gonna put something on my wrist for life, it should be secure

So, my network security faculty thinks s/mime is secure multipurpose internet message encryption. And ssh is secure socket header.
Time to leave the class. 😭

So, you have an accessibility problem? Well, now you have a device encryption problem too.

The coolest project I ever worked on wasn't programming per second, though it involved a bit of scripting. The company I worked for had an FTP over TLS backup solution and it was put together with glue and paperclips by a guy that hadn't the slightest idea what he was doing. In order to conform with the insurance, data had to be encrypted. I setup a raid-ed server with full disk encryption on the raid volume that fetched the key over the network at boot from another secure server. I wrote a series of scripts for provisioning users and so on. The backup connections was sftp using a ssh tunnel, the users were chrooted to their own home directories, and were unable to open shells. The system was 100x more robust and secure than the original. I set it up on short notice and received absolutely no recognition for saving the company's ass, but it was definitely a fun project.

Coolest bug is less of a bug and more of a feature. I've been working on a medical app and I used an open source backend which had almost everything I needed. To be hipaa compliant you have to encrypt all sensitive data - full db encryption was not something this backend was capable of.

So my solution was to encrypt the data on the client side and create a secondary server - that can only be accessed on my app server - to store and retrieve the keys.

If anyone's thinking of working on a HIPAA project - you're welcome