-
Hello and thanks again for the great project. I read the code, read your thesis and am intrigued. I have also seen some other modern research in this area which basically says its not practical yet.…
-
1. **Implement Password Recovery API Endpoint**:
- Develop an API endpoint to handle password recovery requests.
- Ensure the endpoint securely accepts and validates the user's email address.
…
-
### Is your feature request related to a problem? Please describe.
`atKeys` files are not encrypted, thus they need careful management; I'd like it not to be a security problem if my atKeys file is…
-
Hi,
It looks like you're not using any sort of key derivation algorithm, so it's very easy/fast to brute-force keys to try and decrypt the chaabi file.
The [`crypto.createCipher` documentation t…
-
i tried to test it out w my account and it skipped over my password lol
-
**Is your feature request related to a problem? Please describe.**
Currently, for Auth you only allow an OTP code (6 digit number) to be sent by SMS. However, there is no way to send this code to a u…
-
Wallet Encryption is Bypassed with using the Mneumonic Phrase
It's still useful to prevent LIVE attacks against getting to the Mneumonic Phrase using Wallet Encryption
The Mneumonic Phrase shoul…
-
Hello shopcube developers,
We are a cybersecurity research group from the CISPA Helmholtz Center for Information Security and Ca’ Foscari University of Venice. We recently conducted an analysis of …
-
Here are some nice suggestions that could be optionally applied (by a conf flag) into iptables and ip6tables at the start of the ddos daemon with neccesary /proc/sys/ changes...
https://javapipe.co…
-
Currently the uninstall procedure is as simple as removing the app from the Applications (on Mac). However, the database still remains in place in the hidden user home directory. The drawbacks are:
…