Is there any scenario whereby randomly shufflying a sequence improves it’s compressibility?

I’m performing some correlation assessment à la NIST Recommendation for the Entropy Sources Used for Random Bit Generation, § 5.1.

You take a test sequence and compress it with a standard compression algorithm. You then shuffle that sequence randomly using a PRNG, and re-compress. We expect that the randomly shuffled sequence to be harder to compress as any and all redundancy and correlations will have been destroyed. It’s entropy will have increased.

So if there is any auto correlation, $ \frac{\text{size compressed shuffled}} {\text{size compressed original}} > 1$ .

This works using NIST’s recommended bz2 algorithm, and on my data samples, the ratio is ~1.03. This indicates a slight correlation within the data. When I switch to LZMA, the ratio is ~0.99 which is < 1. And this holds over hundreds of runs so it’s not just a stochastic fluke.

What would cause the LZMA algorithm to repetitively compress a randomly shuffled sequence (slightly) better than a non shuffled one?

Having a code-signed binary, how can I tell if it’s signed with an Extended Validation (EV) certificate?

I can’t seem to find an answer to this seemingly simple question. Say, on Windows, if I have a binary file:

enter image description here

How can I tell if it was signed with an extended validation (EV) code-signing certificate?

Say, the file above, being a Windows driver on a 64-bit Windows 10 has to have an EV signature to be able to load. So I can’t seem to find anything in its properties that can indicate that it’s an EV:

enter image description here

And since the OS can clearly tell the difference between EV and OV cert, how does it know?

Is adding a prefix to an API token lowering it’s security

When creating API tokens, one can pick any format one likes. Many people choose to use SHA1/SHA256 of random bytes or just random characters.

I’m wondering how much of a security issue is to prefix the API key with a prefix “leaking” it’s use-case?

E.g. if I were to use SHA1 tokens I could do:

'myproj-refresh-'+sha1(random_bytes()). So that the resulting token will be myproj-refresh-123456789321654987abcd.

This allows me to

  1. detect the API key in code (and invalidate it)
  2. minimize the number of false-positives of such token

What I’m worried about is that if it leaks, it’s not just a random number, that can be anything, but rather a thing that has an obvious meaning. It’s a refresh token for “my project”.

Do you think it’s a viable trade-off or should it be prevented?

I have 30 pages in my website but now it’s showing 3000+ pages indexed in Google

I have created 30 or 40 pages of my website. but yesterday I search is google with site:mywebsitename.com and it shows 3000+ links are indexed in Google. when I check some links every link is created like [ mywebsite.com/Radsport-Salomon-ADV-Skin-5-Set-schwarz-Rucksack-Trail-L-w493244/] and all links are redirected some other website.

My questions are how is it possible? Cause I've my website access only. So how someone can create those types of links for my website and indexed it too….

I have 30 pages in my website but now it's showing 3000+ pages indexed in Google

How can WhatApp be listed on the EFF secure application toolset when it’s not opensource?

I see this eff tool guide, proposing WhatsApp as one of “our pick of the best, most secure applications”.

How can WhatsApp be trusted as a secure application when it is not open-source (according to wikipedia: license: freeware), in contrast to Signal (according to wikipedia: All Signal software are free and open-source)?

Could such a choice, question EFF credibility related to privacy software proposals?

Is the oil thrown on a creature consumed when it’s dealt fire damage and lit?

I had the idea of throwing oil flasks on enemies at level 1, then hitting them with a torch to deal a bunch of bonus fire damage.

PHB 152:

If the target takes any fire damage before the oil dries (after 1 minute), the target takes an additional 5 fire damage from the burning oil.

PHB 152:

If you make a melee attack with a burning torch and hit, it deals 1 fire damage.

A flat 6 fire damage is pretty potent at level 1, but does the oil remain or does it burn out in a flash when hit (since it has no damage over time) when hit?

If not there is potential for a dual torch wielding PC to throw down 12 fire damage per round, or for multiple PCs to deal 6 damage per torch per PC per round.