itsYaBoyNoodles

  • 0 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: June 4th, 2023

help-circle






  • First, I should note that I haven’t come across (Readium?) LCP before - so I don’t have experience with this particular method for DRM - I do however like to play with these sorts of things and have definitely come across some similar methods, etc.

    I found a similar tool on GitHub which may help you to better understand what the process is for figuring out something like LCP: lcp-decrypt. I’m not sure how fresh your knowledge is on encryption - but it would help to have some knowledge of the process you’re trying to reverse engineer.

    If you happen to find a sample with of non-copyrighted material that has some sort of encryption you’d like examined, I’d be happy to have a look for educational purposes.







  • BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security. If this is going to become a mainstream thing, as it reaches and before it gets to that critical mass of users, there’s going to be SO. MANY. SECURITY ISSUES. There’s no 2fa at all, hacking and user-account hacking is just going to run rampant, and I’m left wondering ‘Where is my username and password actually stored?’. The answer, sadly, is wherever the dude who’s running the instance/server is.

    I wonder if IPFS would be better suited for the fediverse for this reason? You’ve brought up some solid points here and if history is anything to go by, it’s likely already seeing some exploitation in the wild. I think there’s likely to be a lot of work needed here. For example: Your cookies store JWTs in base85. Nice!