STS (Secure Time Seeding) uses server time from SSL handshakes, which is fine when talking to other Microsoft servers, but other implementations put random data in that field to prevent fingerprinting.

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    I’ve read the stuff on STS and my first thought was: How can anyone be so stupid to try such a loony concept and still be able to create a working piece of code?