Kevin McArthur

icon indicating a website link http://www.stormtide.ca

icon company StormTide Digital Studios Inc icon location Sooke BC

Results 3 issues of Kevin McArthur

Dangerous Option

2 comment

https://github.com/Yubico/php-yubico/blob/master/Yubico.php#L331 and the httpsverify option. This option should be removed. Theres never a time you could safely disable peer verification. Correct fix for validation/self-signed issues is to apply a cainfo/cabundle...

Predictable Nonce.

https://github.com/Yubico/php-yubico/blob/master/Yubico.php#L291 Another instance of predictable nonce. Not sure of implication (if any) given request is hmac'd under shared key. Should probably be openssl_random_pseudo_bytes anyway.

Predictable Nonce?

2 comment

https://github.com/Yubico/yubikey-val/blob/master/ykval-synclib.php#L47 I'm not sure of implications yet, but this nonce appears to be predictable. If non-predictability is important (as it is for most nonces) suggest change to openssl_random_pseudo_bytes.