What could be the reasons for two different OTP messages for the same merchant when we do online transactions through debit card?

While I was doing a transaction (say adding money to one of the mobile wallets) through a SBI debit card, I could see two different OTP messages for different transactions. (Please refer to the image)

Say one time I am adding X amount, So I was getting OTP message from SBI but in the next transaction when I was adding Y amount, I was getting OTP message from BHIM SBI Pay.

What could be the reasons behind it? Is it becuase of the payment gateway (Like PayU,CC Avenue) or somethineg else? Has anyone else observed the OTP message coming in the name of BHIM SBI Pay / SBIPAY? AD-SBIPAY


Failing to capture messages 1 and 3 of WPA2 4-way handshake?

Trying to demo cracking a WPA2 protected AP using the aircrack suite, but the results seem to be nondeterministic (i.e. not good for demos).

Did some detective work with Wireshark and observed that after the authentication and association conversations, my monitoring interface only captured the client portion of the 4-way handshake (messages 2 and 4) approximately 95% of the time.

The device I’m monitoring with is about 15 feet away from the device I’m deauthenticating, and the router is in another room probably about 20 or so feet away from both devices, if positioning is a factor here. I’ve tried deauthenticating a smart phone and a laptop with similar outcomes. Any explanation or suggestions would be appreciated.

Does the Message spell truncate messages over 6 seconds long?

The Message spell’s duration is “1 round” (PHB, p. 259) and a round “represents about 6 seconds in the game world.” (PHB, p. 189)

Is a message longer than “about 6 seconds” truncated? Does the caster know it’s been truncated? Does the spell accept the too-long message anyway, or is the caster forced to limit their utterance to 6 seconds to start with?

is KDC better than using symmetric keys and digitally signing for messages?

Lets say some bank sends messages between its own branch related to deposits and withdrawals. Messages are encrypted with symmetric keys and digitally signed in order to insure that messages cannot be read or altered.

Is this still vulnerable to any specific kind of attack? How could it be made as secure as possible? Is KDC a solution?

Meaning of unacknowledged pre key messages

I’ve recently tried to work with the Signal protocol, but the documentation isn’t great. I’ve come across a problem where the messages being sent include the pre key because the client has unacknowledged pre key messages even if a session has already been established. I’ve checked the source code of the Java client, but couldn’t figure out how the flag is cleared.

Can someone explain the concept behind unacknowledged pre key messages? Thank you.

Other posts (without any answer): Signal forum 1, Signal forum 2, Reddit

Cell phone receiving text messages between an acquaintance and his girlfriend

An acquaintance was staying with us a short time ago and I let him use my cell phone to text his girlfriend and listen to music. A week ago he acquired a cell phone of his own. Completely different make/model than mine and using a different service provider. I have just noticed that his text conversations between him and his girlfriend are appearing on my cell phone. Yet they both are using different phones, different phone numbers, and different services. I know he downloaded some music apps on my phone. Did he download something else? My phone is an android

Threema: Are received messages exposed, when sender’s private key gets compromised?

Note: This question is specific to the Threema Messenger, and relates to their implementation of encryption (using the NaCl ECDH implementation as per their docs).

I refer specifically to their “note on outgoing messages” in their validation document on their website:

It may seem strange that outgoing messages can be decrypted by entering the sender’s private key and the recipient’s public key, i.e. without knowing the recipient’s private key. …

Now, consider this scenario:

  • Alice has received a message from Bob, while Eve records/intercepts traffic as person-in-the-middle on the way to Alice.
  • Alice’s public key of course is public, but Alice never disclosed the private key.
  • Eve somehow gets the private key of Bob.

With Bob’s key and the traffic, could Eve now decrypt all content Bob has ever sent to Alice?

In other words, with Threema, is the privacy of received content dependent on the safety of the private key of the SENDER?