Hi.
I need peer review for loplop
https://github.com/thedod/loplop
The code in question is 40 lines of python:
https://github.com/thedod/loplop/blob/master/CLI/__init__.py
It's a fork of the oplop stateless password manager
http://code.google.com/p/oplop/
What I've changed was to allow for passwo
On Sat, Nov 17, 2012 at 1:10 AM, Jeffrey Walton wrote:
> On Fri, Nov 16, 2012 at 12:34 PM, Uncle Zzzen
> wrote:
> > Hi.
> > I need peer review for loplop
> > https://github.com/thedod/loplop
> For the whole scheme, or just the change?
The whole scheme (including the
On Sat, Nov 17, 2012 at 9:51 AM, Kyle Creyts wrote:
> giving it an extremely brief run-through, I'd say that you've made a
> different compromise than the app-maker chose in making the limit 8.
>
> the choice of 8 base64 digits out of the 24 given by the md5 appears
> to have been explicitly done
Thanks.
The fact that MD5 is fast is indeed an issue I've overlooked (although I
understand this issue falls under "ugly but not too dangerous", I think the
exploding tire example at crypto.se conveys how ugly it is).
The problem is that I'm specifically looking for a reasonably-secure
backward c
I don't understand much about CAs, but I know what paypal does: you paste
your public key (while being logged in via ssl, of course) and THEY sign it
for you.
They also show you a "key id" string (don't remember exact name) that you
should include inside the encrypted request (probably against a ca
