Posts

This is the way of hacking JWT tokens signed using weak keys. We will be using John The Ripper for determining the correct signing key! JWT tokens Introduction JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret with the HMAC algorithm....

I have always wanted to participate in the LFX Mentorship program and here I am, graduated, writing this blog. These 3 months were amazing! This blog covers my experience in this mentorship. What’s the LFX Mentorship? “The Linux Foundation Mentorship Program is designed to help developers — many of whom are first-time open source contributors — with necessary skills and resources to learn, experiment, and contribute effectively to open source communities....

On May 1, I received an email saying that I was one of the 82 interns selected amongst 20317 applicants for the Summer of Bitcoin 2022 program. I was really happy and surprised as I didn’t have any high hopes at that time. This blog covers my journey of getting selected into the program from the very beginning. So everyone might be asking a question: What is Summer of Bitcoin?...

Abstract This blog covers the work that I’ve done post mid-term evaluation. In the last part, I implemented the token generation part which included generating and saving the token in the users.json file, which acts as the local database of the user. Implementation Some things took a considerable amount of time and energy, as they needed to be discussed with the mentors. Change in plans Initially, the data was stored in individual entities, which resulted in creating several hashmaps which weren’t necessary....

Abstract Specter Desktop is a desktop GUI for Bitcoin Core optimized to work with hardware wallets. Specter already has a REST API system, but the authorization is currently done by HTTPBasicAuth and to improve the security, HTTPTokenAuth is really necessary. Access tokens would be a significant improvement. My Project I have to use access tokens for the token-based authorization, the access token I opted for was JSON Web Token (JWT) because:...