HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lvlabguy

no profile record

comments

lvlabguy
·2 เดือนที่ผ่านมา·discuss
Basically, the client signs the shared key obtained through Diffie-Hellman key exchange, which then gets verified by the server. This ensures that the client and the server have the same shared key, hence no man-in-the-middle.
lvlabguy
·2 เดือนที่ผ่านมา·discuss
MitM is not possible if one uses public key authentication.
lvlabguy
·ปีที่แล้ว·discuss
Surprise surprise, now, it is Department of Government Efficiency that is wasting "tax payers' money".
lvlabguy
·2 ปีที่แล้ว·discuss
As a former physicist with a PhD in experimental condensed matter physics, I would say that this is one of the dumbest things I have ever seen. I suspect COVID-19 made people collectively dumber.
lvlabguy
·2 ปีที่แล้ว·discuss
You should not use JWT if you have a single application in your organization. However, whenever you have multiple applications, you need some form of central authentication / authorization service. Otherwise, you would have to maintain auth databases in each application, each application will need to be logged-in separately, you won't be able to implement a simple "suspend a user's accounts after X unsuccessful auth attempt", you won't have a central auth log.
lvlabguy
·2 ปีที่แล้ว·discuss
out-of-band way:

echo "cd /system1/pwrmgtsvc1; reset" | ssh -T ADMIN@<BMC-IP>