protocol – What key is used to create a script?

I'm trying to sign an entry in my transaction. The question is: what key should be used in the "script", private or public? It would be stupid to disclose a private key there, right? But how will the network ensure that it's me, if I provide a public key (known to everyone)?

audit – Verifying the security of a custom network protocol

I have designed a custom network protocol using high level LibSodium primitives for authentication and encryption. The protocol aims at a game and the security is to make sure that only the paid players can connect and play. I unload the initial authentication on a web server via HTTPS. My protocol is therefore simply to transfer the client from the HTTPS connection with the web server to a connection on a dedicated game server. It is important to ensure that only authenticated clients are in the game servers in order to save money on the server's running costs. No sensitive personal data is touched or seen by the client or the dedicated servers – the only risk is the server's execution.

I am now about to look for a way to check the security of the design. I've done my best to search for many types of attacks, such as DoS, MitM, replay, reflection, and IP spoofing attacks.

What kind of measures would you recommend, beyond self-learning and self-auditing? The protocol is pretty simple, but maybe a bit long to post here directly.

Here are some pragmatic ideas I've had: Visit a local university to find security teachers interested in answering questions. I work at Microsoft. I could potentially try to make friends with security engineers. Third party security audit – I have no idea if these qualities are respectable or even affordable. Just free the game in the wild – I'm not at risk in the event of a security compromise and I can potentially fix the vulnerabilities as soon as they are detected by real attackers.

How would you like to check the design of a custom protocol with similar use cases?

openssl – Is the ephemeral, authenticated and encrypted TLS-PSK protocol ready for commercial use?

I have a secure way to get a pre-shared key between my server and all the clients.

Is there a standard way readily available (in an OpenSSL version, for example) to use it to configure TLS-PSK with all these cool features?

  • Confidential
  • authenticated
  • Perfect secret before

I see TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA in RFC 5489, which looks as he checks these boxes. Verifying my installation of OpenSSL 1.1.1a (openssl digits -s -psk) I see ECDHE-PSK-AES-256-CBC-SHA.

Is this the correct cipher suite to use? Does it provide the features I need? Ideally, I want to configure OpenSSL at each end to allow only this suite of encryption, then each end provides the same PSK, and then the forwarding secret and authentication are perfect.

Since I've only ever used "traditional" TLS certificates with X509 certificates, I'm a bit out of my element.

Why Realm_tgs is needed in the Kerberos protocol (step 2)

Kerberos message exchange

In msg.2, the AS sends Realm_c, ID_c Ticket_tgs, K_c-tgs, times, N1, Real_tgs, ID_tgs encrypted with E_k_c.
I do not understand why Real_tgs is included if AS and TGS are on the same machine.

json rpc – Stratum protocol – problem with the mining.submit method

the code has been written according to the documentation.

I have the following lines for the submit method

submit () {
//["["["["","","","",""]return this.call ('mining.submit', [this.worker.name, this.worker.jobId, this.worker.extranonce2, this.worker.ntime, this.worker.extranonce2])
}

According to the documentation "When a miner finds the job that meets the requested problem, he can submit a share to the server" and the result should be the following

{"error": null, "id": 4, "result": true}

But the test failed (result in the picture)

enter the description of the image here

QUESTION: Could someone clarify, what's wrong and how to solve the problem? What does "low difficulty" mean? Why did I receive this message?

ssh – OpenSSH & # 39; Protocol not available & # 39; when connecting Ubuntu (Client) to Windows 10 (Server)

I am trying to configure my Windows 10 1809 virtual machine for it to accept SSH connections. I installed OpenSSH on Windows by following the instructions below: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse

However, when I try to connect to the Windows virtual machine from an 18.04 Ubuntu client, the "Protocol unavailable" error message appears without any other code. 39; error. I've verified that both (client and server) can ping each other. My goal to use SSH is to remotely launch PowerShell scripts on my Windows virtual machine.

No suggestion?

Open Graphic Protocol – How to force Pinterest to use the OG Portrait Tag

I use Open Graph image tags for social sharing on my website. I have a 1200px x 630px image for Facebook marked in an OG tag, but it looks really bad on Pinterest since it uses portrait images. The problem is that Pinterest uses the same OG tag as Facebook, how to force Pinterest to use a different image (portrait)?

protocol buffers – gRPC Java Client with TLS Mutual Authentication

I am not a Java developer, but I am trying to create a quick start snippet to help Java users consume our service using the generated code from the .proto service definitions.

I've concocted some code of work, inspiring examples of grpc / grpc-java, but I do not feel comfortable with the way the host and are defined, or with the return to zero of the Create a user method.

I would appreciate any feedback on the ease of implementation of the code below and would highlight any significant problem or improvement that could be made to improve the performance and productivity of the developers.

Example of a user client class:

package com.example.UserClient;

import io.grpc.ManagedChannel;
import io.grpc.StatusRuntimeException;
import io.grpc.testing.TestUtils;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NegotiationType;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;

import javax.net.ssl.SSLException;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

import com.example.UserGrpc;
import com.example.UserGrpc.UserBlockingStub;
import com.example.UserOuterClass.NewUser;
import com.example.UserOuterClass.NewUserResponse;

Public class UserClient {

logger final static private logger = Logger.getLogger (UserClient.class.getName ());

private static chain host;
private static int;

private final channel ManagedChannel;
final final UserBlockingStub userStub;

static private SslContext buildSslContext (string h, int p, string trustFile, string clientCertFile, string clientKeyFile) throws SSLException {
mHost = host;
mPort = port;
return GrpcSslContexts.forClient ()
.trustManager (new file (trustFile))
.keyManager (new file (clientCertFile), new file (clientKeyFile))
.to build();
}

public QuickStart (String host, int port, String trustFile, String clientCertFile, String clientKeyFile) throws SSLException {
this (buildSslContext (host, port, trustFile, clientCertFile, clientKeyFile));
}

Public QuickStart (SslContext sslContext) throws SSLException {
this (NettyChannelBuilder.forAddress (host, port)
.negotiationType (NegotiationType.TLS)
.sslContext (sslContext)
.to build());
}

Quick start (ManagedChannel channel) {
this.channel = channel;
userStub = UserGrpc.newBlockingStub (channel);
}

public NewUserResponse createUser (user NewUser) {
NewUserResponse newUser;
try {
newUser = userStub.createUser (user);
return newUser;
} catch (StatusRuntimeException e) {
logger.log (Level.WARNING, "RPC failed: {0}", e.getStatus ());
return null;
}
}

// Other method implementations ....

shutdown () public void () throws InterruptedException {
channel.shutdown (). waitTermination (5, TimeUnit.SECONDS);
}
}

Consume class:

CustomerClient client;
try {
client = new UserClient ("api.example.com", 443, "ca.pem", "client.pem", "client-key.pem");
NewUser user = NewUser.newBuilder ()
.setUsername ("TestyMcTest")
.setEmailAddress ("Testy.McTest@testy.com")
// additional parameters ...
.to build();

NewUserResponse response = client.createUser (user);

} catch (Exception e) {
e.printStackTrace ();
}

development – How does the gossip protocol announce the channels of a channel factory?

I have just listened to SLP59 with Christian Decker. They mainly discussed the canal factories. Although the construction of multi-party channels and higher-order systems (sub-channels) in drifting seems clear
and is described in this article, I wonder how the gossip protocol should be adapted so that people can advertise such channels?

Generally, it is necessary to point to a tx financing from a payment channel in order to avoid spam channel announcement messages and in order to authenticate the channels. However, with the chain factories, there is only one big funding for the multi-participant channel. Subchannels are off-line.

What would a solution for the gossip protocol look like?

transactions – Why has the lightning network implemented a gossip protocol?

As many Lightning developers have pointed out in the past (for example, Rustys Challenge 1 million channels), the gossip protocol is quite noisy and is part of the BOLTs, which generates many technical challenges.

Today, I learned that the Ethereum Raiden Network does not have a gossiping protocol. Since all Raiden channels are smart contacts that reside in the ethereum string chain, Raiden nodes are expected to learn about network topology by consulting the ethereum string string.

I think financing transactions could have been designed to store information on Lightning nodes. Why was it not done?

Reasons I see:

  • With our design, we can have private channels
  • blockspace is valuable so we did not want to store more string information than needed
  • we still needed a transport and communication protocol between the nodes, so why not add the Gossip protocol

My feeling is that there must be other reasons for this design decision. While I miss it?