Remix clone Hacker News

new | show | ask | jobs Github

▲

snickerdoodle12 7 days ago

Isn't this obvious to anyone who has seen a few base64 encoded json strings or certificates? ey and LS are a staple.

▲

mmastrac 7 days ago | parent | next [-]

`MII` for RSA private keys.

▲

Muromec 7 days ago | parent [-]

MII is not RSA, it's an opening header of asn1 structure encoded to DER -- 30 82 0x which is basically "{" when which can be pretty much anything from x509 certificate to private keys fro ECDSA.

Actual RSA oid is somewhere in the middle.

▲

mmastrac 7 days ago | parent [-]

True, but for the most part, RSA keys are the only keys that anyone encounters that start with long SEQUENCEs requiring two-byte lengths.

`eY` could be any JSON, but it's most likely going to be a JWT.

Neither is a perfect signal, but contextually is more likely correct than not.

	▲	Muromec 7 days ago \| parent [-]
		That depends on the kind of abyss you are staring into. Mine had plenty of non-RSA keys, certificates (which are of course two-byte length all the time) and CMS containers.

▲

InfoSecErik 7 days ago | parent | prev | next [-]

IMO depends on your career. I did a lot of pentesting with Burp Suite so I was able to (forced to) pick it up.

▲

SkyPuncher 7 days ago | parent | prev | next [-]

Probably is, but I still found it to be a fun tidbit.

I work with this stuff often enough to recognize something that looks like a key or a hash. I don't work with it often enough to have picked up `ey` and `LS`.

▲

FelipeCortez 7 days ago | parent | prev [-]

I thought so too, but xkcd 1053 / lucky 10000, I guess! I knew about ey but not LS