Post A19JmeeG5FDygaNkQq by wago@zap.dog
 (DIR) More posts by wago@zap.dog
 (DIR) Post #A196zD24ls3vOhB8iW by mike@z.macgirvin.com
       2020-11-13T05:45:13Z
       
       0 likes, 0 repeats
       
       Damn I hate debugging crypto. It's never interesting or fun -  it's  just tedious drudgery and bludgeoning the code and trying random permutations until until you figure out something that works and figure out what algorithm they really used to sign/encrypt it - despite what they tell you they used - which is wrong because if they did it right and you did it right, it would decrypt/verify. It's possible I did it wrong, and that's always my first assumption, but that has never before turned out to be the problem. This time it's JWTs.  Last time it was Diaspora using an obsolete algorithm completely by mistake, and the time before that it was StatusNet salmon signatures because the salmon spec changed and they hadn't updated yet. I'm thinking I need to go back to the RFC on this one.
       
 (DIR) Post #A19JmeeG5FDygaNkQq by wago@zap.dog
       2020-11-13T08:08:27Z
       
       0 likes, 0 repeats
       
       I recall some years ago getting frustrated with encrypted exchange between MS Windows desktop application and PHP. If you're sure the data is represented how you think it is  signed/unsigned, byte order, word size etc then i look at if its usimg an HMAC, the key size, and what they are doing with the salt. Could be appended to something.
       
 (DIR) Post #A19S4pcOpqgJYRgtwu by anmol@pod.datamol.org
       2020-11-13T09:41:25Z
       
       0 likes, 0 repeats
       
       Can I see an example how this reversed engineering is done? Or the code which give me some hint where to start.