kerkour.com
kerkour.com copied to clipboard
skerkour
(Ab)using technology for fun & profit. Programming, Hacking & Entrepreneurship @ https://kerkour.com
In https://github.com/skerkour/kerkour.com/blob/main/2022/rust_file_encryption_with_password/src/main.rs#L75 (and in many other places), you are assumption that the only scenario where you'll get less than the number of requested bytes is when you are at the...
I started this PR to do some absolutely unnecessary nitpicking, but it turned out the crate ~~actually eats data like there is no tomorrow~~ leads to silent corruption in a...
Bumps [axum-core](https://github.com/tokio-rs/axum) from 0.2.5 to 0.2.8. Release notes Sourced from axum-core's releases. axum-core - v0.2.8 Security breaking: Added default limit to how much data Bytes::from_request will consume. Previously it would...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [axum-core](https://github.com/tokio-rs/axum) from 0.2.4 to 0.2.8. Release notes Sourced from axum-core's releases. axum-core - v0.2.8 Security breaking: Added default limit to how much data Bytes::from_request will consume. Previously it would...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20210711020723-a769d52b0f97 to 0.17.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
I've been reading about the sha256 length extension attack in a book, and going to try this out in Go yesterday. Then I found your article https://kerkour.com/sha256-length-extension-attacks, which is really...
Bumps [webpki](https://github.com/briansmith/webpki) from 0.22.0 to 0.22.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [webpki](https://github.com/briansmith/webpki) from 0.22.0 to 0.22.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [xml-rs](https://github.com/kornelski/xml-rs) from 0.8.4 to 0.8.14. Changelog Sourced from xml-rs's changelog. Version 0.8.7 Basic parsing of DTD internal subset Speed improvements Version 0.8.6 Fixed parsing of incorrectly nested comments and...
Hello, Last week I encountered `Forbidden` when visiting https://kerkour.com with a webbrowser. It is reproducible from the command line: ```text $ curl --silent https://kerkour.com Forbidden $ ``` Today I digged...
