Erwan Legrand

Rewriting the code example which builds a token signed with HS256 and "secret" as the key could be a first step toward 2.

hashcat includes support for cracking JWts: https://hashcat.net/hashcat/.

I thank you, @prince-chrismc, for the fast reply! > There's no objections to offering a more secure API and better examples. A contribution like this would be amazing! I can...

@Thalhammer I will not reply to everything you have written. If you could please give me pointers to these examples on jwt.io which use text as HMAC keys, though, I...

Also, the reason why passwords are commonly called "low entropy secrets" by cryptographers is that passwords are secrets which are generated, remembered and managed by humans and humans are really...

This appears to generate keys for HS256 the right way: https://github.com/rakutentech/jwkgen A classic example showing that password length and entropy are two different things: https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

I've been giving this more thought. I think I can suggest a plan to address the issue and maybe contribute some code, after all. (Do not expect the code to...

I have seen this happening with Samba's smbclient. According to the specs, the server must make sure the clients' credits do not drop to zero: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/2e366edb-b006-47e7-aa94-ef6f71043ced Thus, this looks like...