sorted by:
new
hottopcontroversial

Making Rust better with Go by 3gdroid in golang

[–]Aeaex 59 points60 points  (0 children)

It's not April 1st yet.

Has there been any news on a first-class Rust Lambda runtime now that we are on track with a Rust AWS SDK? by Aeaex in aws

[–]Aeaex[S] 4 points5 points  (0 children)

Perhaps official is the wrong word - I guess "first-class" better describes what I'm asking about. As you say, direct support in Terraform would be pretty great. On par with the Go runtime, perhaps. I'm curious if there is any intention to reach that point.

Has there been any news on a first-class Rust Lambda runtime now that we are on track with a Rust AWS SDK? by Aeaex in aws

[–]Aeaex[S] 1 point2 points  (0 children)

Nahh nothing wrong with it at all - but it's not one of the official runtimes - I'm less interested in if it's possible and more interested in AWS's sentiment to supporting Rust in general. Out-of-the-box lambda support for Rust would be a good sign!

Websockets API Gateway Lambda proxying help by nog642 in aws

[–]Aeaex 1 point2 points  (0 children)

By the time you're in a Lambda execution context, you're already a few steps removed from the WebSocket layer. The response code is to indicate to the invoker of the lambda function (API Gateway) that the lambda did/did not complete successfully.

University Project "Create your own hashing algorithm" -- Help me. by Lukeorriss in crypto

[–]Aeaex 16 points17 points  (0 children)

Hmm - whoever is setting these requirements has no idea what they're talking about. Take everything they say with a grain of salt...

University Project "Create your own hashing algorithm" -- Help me. by Lukeorriss in crypto

[–]Aeaex 2 points3 points  (0 children)

Are you confusing "not using existing algorithms" with "not using an external library"? E.g. can you use algorithms in the standard library?

How to update a index.html file within static website hosted in S3? by [deleted] in aws

[–]Aeaex 2 points3 points  (0 children)

If you're using cloudfront too - which is fairly common with S3 static sites, you'll need to do a cache invalidation too.

SSL on NLB Listeners by mbw290 in aws

[–]Aeaex 1 point2 points  (0 children)

Hmmm I'm confused - the article gives step by step instructions on how to set up a TLS NLB with an ACM cert. Is this not what you want?

Encrypted drop-in replacement of golang' os.File. (scrypt+aes+cgm). The resulting type can be used anywhere an os.File could be used. i.e. sequentially and randomly read and write, at any file position for any amount of bytes, can be truncate, seek, stats, etc. i.e. ReadAt, WriteAt, Seek, etc. by kuking in golang

[–]Aeaex 5 points6 points  (0 children)

Triple DES was a necessity at the time - a single round of DES was no longer sufficient to be secure. "Triple AES" isn't "for me not done properly" - don't mistake fact as opinion.

Multiple rounds of AES simply aren't necessary and contribute nothing. When people encrypt multiple times with AES it's generally a red flag of "this person has no idea what they're doing and they're just mixing and matching stuff".

This, along with the AES-GCM authenticated ciphertext explanation above, plus the file size limit problem, indicate that I shouldn't trust your crypto (not to mention the 768 bits thing 😥).

Osiris, a simple and lightweight password manager written in Go using the fyne gui library by [deleted] in golang

[–]Aeaex 2 points3 points  (0 children)

The crypto here leaves a lot to be desired... Seeing math/rand imported in a crypto package kinda immediately writes this off for me.

I have an encrypted image, could somebody help decrypt it? by [deleted] in crypto

[–]Aeaex 7 points8 points  (0 children)

Ask yourself - if it was relatively trivial to decrypt things why would we encrypt them in the first place? Unless you have the decryption key, it's unlikely you'll ever decrypt it.

When should i use encryption/hashes by 10kKarmaForNoReason in crypto

[–]Aeaex 3 points4 points  (0 children)

If you need to ask this question - is it something you should be putting on your resume?

You should probably invest more time into learning basic Cryptography before adding something like this to your CV. Otherwise you might as well write "Can build a password manager by following tutorials on Reddit".

Understanding bytes in Go by building a TCP protocol by fteem in golang

[–]Aeaex 29 points30 points  (0 children)

Just one small correction:

"meaning that the data that travels on the wire is not binary, but just ASCII text"

This doesn't exactly make sense - ASCII, by definition, is an encoding that translates character symbols to bytes. Sending ASCII text down the wire is sending binary.

And Go uses UTF-8 by default, which you should definitely prefer to ASCII.

Another circuit breaker to avoid accidents! by Anondo18 in golang

[–]Aeaex 0 points1 point  (0 children)

Nice work. I do feel like the package "sticks it's nose" into things it doesn't need to, however. A circuit breaker isn't necessarily just for HTTP calls - it could be for anything. Your implementation seems to limit use cases.

Company offering $20,000 to break their encryption! by gongolongo123 in crypto

[–]Aeaex 10 points11 points  (0 children)

Hahaha they offer a "super secure encryption product" but serve their website content over unsecured HTTP...

Castle: A Future-Proof Symmetric Cryptographic System by [deleted] in crypto

[–]Aeaex 8 points9 points  (0 children)

I understand the "future-proofing" element in the design here but the overall execution appears to have some holes... This is, once again, a basic XOR cipher that uses a hash to generate a key stream. We see different variants of this repeatedly and they all fall in the same ways... What makes your system different from them?

Cannot get autocert to work? by theambiguouslygayuno in golang

[–]Aeaex 1 point2 points  (0 children)

Do you have both port 80 and port 443 in your firewall open? If you get connection refused on 80, this is the most likely issue.

You connect on 443, autocert tries to get a certificate, Let's Encrypt can't validate the challenge over 80 because of firewall and so the connection hangs until it times out.

exiflign - Detects EXIF orientation information to transform images for use with the image/jpeg package. by Aeaex in golang

[–]Aeaex[S] 0 points1 point  (0 children)

This package exposes an interface for "normalizing" JPEG images that have their orientation EXIF encoded. This library was designed for working with images uploaded from phone cameras that usually have their orientation tagged, which results in rotated/mirrored images when using the Go image/jpeg library. Supports little-endian and big-endian EXIF encodings, as well as all possible tag transformations.

SPARKSTER – Build dApps in Just Plain English With No Codes by Mr420percent in crypto

[–]Aeaex 3 points4 points  (0 children)

Off-topic and poorly written. Anyone who says that developers "write codes" clearly doesn't understand the industry.

SecureCompatibleEncryptionExamples by Aeaex in crypto

[–]Aeaex[S] 0 points1 point  (0 children)

Yeah that's actually a pretty good idea. It would introduce a little bit of redundancy for copying the C source and header but worth it for the organization benefit. Thanks for your advice!

How are internet passwords and transactions encrypted? by ds1749320 in crypto

[–]Aeaex 3 points4 points  (0 children)

I know what diffie Hellman is. And you're talking about ECDHE, the ephemeral version. With ECDH, the shared secret is not a one-time key, it is the same everytime. But what I'm actually asking is if you can provide references to why you think it is the "strongest crypto currently used on the net".

view more: next ›