Closed SleepProgger closed 9 years ago
Pretty cool -- I understand there's an implementation available with only a single, non-wildcard certificate -- I'm at Toorcon right now and Yan is speaking about it in a few hours. Will see if I can add more info on that...
Sounds interesting. I'd love more info on that.
Otherwise i'd have to wait till the Toorcon videos are being uploaded
Found the slides from the talk. Using the timing as response is definitely interesting (esp. as "history hack"), but i don't see how it helps with the certificate issue, or do you know more as i do ? ;)
Also am currently trying another variant of collecting that information based on redirects ( described here ). This might be the better solution for evercookie.
Hi, i just finished the hsts-cookie port to evercookie. It is a bit awkward as the get function is called before the set function finishes. But it should all be working (in fact it does on my system).
Again about the limitations of this technique: