Readit News logoReadit News
Posted by u/arkadiyt 11 days ago
LLMs suggest women seek lower salaries than men in job interviewscomputerworld.com/article...
arkadiyt commented on Show HN: Real-time privacy protection for smart glasses   github.com/PrivacyIsAllYo... · Posted by u/tash_2s
arkadiyt · 16 days ago
I don't need something to protect the privacy of others from me, I need something to protect my privacy from others. The majority of people who use smart glasses are not going to be using this - where is the product that will protect me from them?
Posted by u/arkadiyt a month ago
Tea App Users' Faces and IDs Reportedly Posted to 4chan in Security Breachcnet.com/tech/services-an...
Posted by u/arkadiyt 3 months ago
Anker comes clean about its Eufy security cameras (2023)theverge.com/23573362/ank...
arkadiyt commented on Why I no longer have an old-school cert on my HTTPS site   rachelbythebay.com/w/2025... · Posted by u/mcbain
nothrabannosir · 3 months ago
I thought FS only protected other sessions from leak of your current session key. How does it protect against passive recording of the session and later attacking of the recorded session in the future?
arkadiyt · 3 months ago
If using a non-FS key exchange (like RSA) then the value that the session key is derived from (the pre-master secret) is sent over the wire encrypted using the server's public key. If that session is recorded and in the future the server's private key is obtained, it can be used to decrypt the pre-master secret, derive the session key, and decrypt the entire session.

If on the other hand you use a FS key exchange (like ECDHE), and the session is recorded, and the server's private key is obtained, the session key cannot be recovered (that's a property of ECDHE or any forward-secure key exchange), and none of the traffic is decryptable.

arkadiyt commented on Why I no longer have an old-school cert on my HTTPS site   rachelbythebay.com/w/2025... · Posted by u/mcbain
nothrabannosir · 3 months ago
Amateur question: does a 4096 not give you more security against passive capture and future decrypting? Or is the intermediate also a factor in such an async attack?
arkadiyt · 3 months ago
> does a 4096 not give you more security against passive capture and future decrypting?

If the server was using a key exchange that did not support forward secrecy then yes. But:

    % echo | openssl s_client -connect rachelbythebay.com:443 2>/dev/null | grep Cipher
    New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
^ they're using ECDHE (elliptic curve diffie hellman), which is providing forward secrecy.

arkadiyt commented on Why I no longer have an old-school cert on my HTTPS site   rachelbythebay.com/w/2025... · Posted by u/mcbain
arkadiyt · 3 months ago
> Make an RSA key of 4096 bits. Call it your personal key.

This is bad advice - making a 4096 bit key slows down visitors of your website and only gives you 2048 bits of security (if someone can break a 2048 bit RSA key they'll break the LetsEncrypt intermediate cert and can MITM your site). You should use a 2048 bit leaf certificate here

Posted by u/arkadiyt 4 months ago
Facebook Detected When Teen Girls Deleted Selfies So It Could Serve Beauty Adsfuturism.com/facebook-bea...
arkadiyt commented on Ask HN: Former employees' RSUs at risk after startup's IPO    · Posted by u/jameskuang
AbstractH24 · 7 months ago
Can someone just name the company, cause there is enfough information here that it’s not hard to figure out.
arkadiyt · 7 months ago
185 days before 3/15/2025 is 9/11/2024. There were these IPOs around that time (all Nasdaq) [1]:

- 9/10: TDTH

- 9/10: XCH

- 9/12: GLXG

- 9/12: FVN

[1]: https://stockanalysis.com/ipos/2024/

a

u/arkadiyt

KarmaCake day21309May 30, 2015
About
https://twitter.com/arkadiyt

https://bsky.app/profile/arkadiyt.bsky.social

https://arkadiyt.com/about

View Original