-
- Description: Improve the security of the application by implementing proper API key handling and preventing exposure in the source code.
- Skills Required: Security Best Practices
- Difficulty: In…
-
It's implied that cloud service providers (i.e., a specific ACME account key) can request certificates for any domain for which they can demonstrate domain control; there is an open question about whe…
-
# Bug report
When using the "apt:" module to configure a local mirror for the "primary" and "security" keys, if the mirror is signed by a local key, the rendered ubuntu.sources file still has "Signed…
-
### User Story:
As the Passport team,
I want to ensure that the cryptographic keys used for hashing and signing are secured against exposure,
So that the integrity and security of the platform are mai…
-
Read these pages:
- https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices
- https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
Write a new `ssh…
-
when I login to website that support login with security keys (eg, github), it didn't prompt me to enter email. I even tried with `incognito` mode, and it sill show me prompt to select a previously…
-
[§5.8.8. User-agent Hints Enumeration (enum PublicKeyCredentialHints)](https://w3c.github.io/webauthn/#enum-hints) defines some behaviour for how hints are interpreted relative to each other:
>Hint…
-
### Describe the enhancement you're suggesting.
The current module of security key U2F is not supported by windows.
Reproduction
Use the firmware as usual, get a clean install of windows 11, tr…
-
### The needs
When using security keys for GitHub signing & authentication, the `git` command line requests confirmation of user presence as shown in the screenshot below.
![image](https://github.…
-
Optics needs to have a story for how to handle keys in a mainnet environment.
Current options for handling keys:
- raw key signer in env var (bad, susceptible to infra compromise)
- raw key sig…