Do the Secret Chats of Telegram really support Perfect Forward Secrecy?

In the Telegram API it is stated that Telegram support Perfect Forward Secrecy in their “secret chats”. It is also stated that

official Telegram clients will initiate re-keying once a key has been used to decrypt and encrypt more than 100 messages, or has been in use for more than one week, provided the key has been used to encrypt at least one message.

So my question is, in this case, if a session key gets compromised, is it possible for an attacker to read 100 messages (or possibly more)? If yes, can we still say that perfect forward secrecy is satisfied here?

[ Politics ] Open Question : I don’t really care about conspiracy theories but now that the Jeffrey Epstein portion of the pizzagate theory turned out to be true why…?

Has no one since this enlightenment brought any of that back up? The pizzagate thing was swept under the rug as lies, and then a big portion of the conspiracy theory involving Epstein turned out to be true. But the theory has never come back. Why?

Old Website gone. Is it REALLY gone? Now what? [duplicate]

Please excuse my total cluelessness. Based on what I’ve read in response to a previous question, it looks lie my lapsed domain name = All contents of my WordPress website have evaporated. Is that correct? (My site was created in 2014, and I probably let it lapse two years ago).

If I have to start from scratch, can you suggest what’s currently the best CMS for dummies? All I want is to be able to edit text, add/subtract photos and music videos, and do so without having to interact with the formatting and graphic elements. As simple as it can get. Any and all suggestions and tips are welcome. I have a MacBook, btw. Thank you!

Have I really been hacked or am I falling for a phishing scam

I received an email on the 14th saying that a hacker has access to my pc it says that at the time of hacking my account (myemail@gmail.com) had this password (it was a version of my password but not one that I’ve ever used for my gmail) and it claimed to have been watching me for months and that it had infected my pc through a adult website and had video of me when I was on the site doing you know what and that it would send it to my contacts and correspondence but I don’t have any contacts on my pc and also I use a different user and email when I do that, also why didn’t it send it to that email and not any of the other emails I have saved on my pc. Am I falling for a bullshit email or do I have something to worry about? Also it said I have 48 hours to pay them in bitcoins and that it would track when I opened it and start the countdown and I just opened it last night

Is it really that unsafe to store passwords in a text file on my computer?

These days, we have pretty secure systems.
I have a mac with T2 security chip and the whole disk is encrypted via FileVault.
iPhones are known to be pretty secure, with even FBI having a hard time breaking in.
Windows machines can be encrypted with BitLocker or VeraCrypt.
With these kinds of systems, is it really that unsafe to store passwords in a text file? for an average individual user?
Of course if I’m operating a server or anything like that, I would definitely need better security. But I was wondering how much security does and average individual user really need?

How loud are guns in Pathfinder, really?

Related question here, similar question about casting volume here.

I’m playing in a game with a gunslinger ally, and while this hasn’t come up just yet, I’m sure it will eventually. Are there any hard and fast rules for the actual DC value to hear a gunshot in Pathfinder 1e? I don’t have access to the books right now, but the SRD table for Perception lists “Sound of battle” as -10 to the DC as the closest thing, and I couldn’t find anything on the firearms page specifically.

Is there any ruling more concrete than this for the sound of gunfire, or are we in GM fiat territory?

Is HMAC really a benefit for AES-CBC?

I think I quite well understand the theoretical benefit of adding the HMAC (authenticity/integrity on top of confidentiality), but I am looking at this from a key management point-of-view.

Premise: Since anyone could in theory encrypt plain text, I add a MAC tag so the ciphertext origin can be verified. This derives the premise:

  • A malicious party could gain access to the secret shared encryption key and forge a cipher text

Then I argue, if an attacker can access the encryption key, why should he/she not be able to access to MAC key as well (and thus again be able to forge a cipher text)? Next, if we increase the key storage requirements for the MAC key (making its compromise less likely), why not simply store the encryption key more securely in the first place?

In my eyes, this method is adding two very similar security concepts together (shared symmetric secret key), which doesn’t magically increase the security, i.e., 1+1 does not always equal 2 in security.

If someone could briefly explain the error in my chain of thought or shed some light on this matter I would highly appreciate it.

Thanks in advance!

Is DeepCorr can really de-anonymize all Tor users?

https://people.cs.umass.edu/~amir/papers/CCS18-DeepCorr.pdf

I have some questions about this “Deepcorr”. Is “DeepCorr” really works that good?, they say that “DeepCorr’s Performance Does Not Degrade with the Number of Test Flows” but as more people using Tor more and more people browse websites(many of those are simple websites) with similar sizes around the same time so how they can tell the source of the traffic using size and timing alone when other flows have the same features?.

They said they used 1000 circuits to browse 25,000(the top sites on Alexa) sites with each circuit browsing 25 sites and they also used regular firefox browser instead of Tor browser. Could it be the reason for why it worked so good for them? may be firefox generated some extra unique traffic that Tor browser wouldn’t generate because of things like Ads and cookies?.

Can this attack work against hidden services(version 3) as well?.

What should I do when every PC has really low charisma (and it bothers me)?

I am currently working on a PnP which is a mixture of Traveller, DnD and some of my own game mechanics. The attributes of PCs are pretty much the same as in DnD, and I also decided to have players roll their attributes during character creation. Now all of them have very low charisma, and two of my three players have strong warrior-type characters.

Problem is: The first game is set on a public space station. They’re supposed to find a kidnapped woman without raising the kidnapper’s suspicion. If only one of them has the necessary intelligence score to get anything done without fighting…I really don’t want this to turn into a murderhobo adventure.

So, what do you people think I should do?

Since one of the two warrior PCs isn’t finished, I thought about asking them to re-roll. But I don’t want to force them to change their PC.

The other two PCs are pretty much finished, so I also don’t want to force them to change anything about their characters.

Should I rather just simplify all charisma checks to make sure that they at least have a chance to get something done this way? Or should I stop working on any dialogues and intriguing character relationships and just plan out several fights that will lead them to completing their mission?

(Sorry if my grammar or choice of words might be off, English isn’t my native language.)

EDIT: Charisma is basically the main modifier for pretty much all social skills. So if you want to haggle, you need high Charisma and Perception, but if you want to calm someone down, you just need high Charisma and so on. Without it social interactions are still possible, it’s just very hard to convince someone of doing something for you.