Explore >> Select a destination
|
You are here 
|
httptoolkit.com | ||
| | | | |
httpwg.org
|
|
| | | | | This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265. | |
| | | | |
explained-from-first-principles.com
|
|
| | | | | Learn more about this critical infrastructure, which you likely use for hours every day. | |
| | | | |
www.mnot.net
|
|
| | | | | For better or worse, Requests for Comments (RFCs) are how we specify many protocols on the Internet. These documents are alternatively treated as holy texts by developers who parse them for hidden meanings, then shunned as irrelevant because they cant be understood. This often leads to frustration and more significantly interoperability and security issues. | |
| | | | |
blog.cr.yp.to
|
|
| | | [AI summary] The text discusses the complexities and security concerns of the ECDSA (Elliptic Curve Digital Signature Algorithm) compared to more modern signature systems like Ed25519. It highlights issues such as the lack of constant-time implementations in ECDSA, the importance of secure random number generation (RNG) for generating nonces (k), and the vulnerabilities that can arise from poor RNG practices. The text also compares ECDSA with alternatives like Ed25519, which uses deterministic methods for generating k, thus avoiding the need for an RNG and enhancing security. Additionally, it touches on the design of secure RNGs, the role of hash functions in generating k, and the potential for attacks due to non-constant-time implementations and poor random... | ||
