The Startup
Published in

The Startup

Hacking Encryption With Signing Oracles

And why you should never reuse encryption keys

Photo by Scott Rodgerson on Unsplash

I’m always looking for ways to find more IDORs. (More about finding IDORs here.)

Lately, I noticed a trend in the web applications I’ve been testing: protecting against IDORs by using encrypted parameters.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vickie Li

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7