Filter verified links without values

I sometimes see verified links such as a profile (or other) where i only see my link. I would like to be able to sort this “bad” link and not keep it for the benefit of another link which contains a minimum text, for example a certain number of sentences, words, or even in weight of text, any surrounded by a minimum of words in order to build my thirds on something long term quality.

Trying to use HMAC to pass a string to be verified. Is this secure

I am working on a django project and trying to create a REST api to verify email without using any database.

My present server connection is HTTP and not HTTPS

So some one using the api end point POST his email.

REQUEST:  curl --location --request POST 'http://127.0.0.1:8000/api/openlogin' \ --header 'Content-Type: application/json' \ --data-raw '{ "email":"test13@test.com", }' 

Now i am generating a random 6 digit number eg: 435667 and an email will be sent to test13@test.com

send_mail('PIN TO VERIFY','ENTER THE PIN 435667',None,[test13@test.com]) 

Send the HMAC value of 435667 as a response to this api

    raw = '435667'.encode("utf-8")     key = 'SOME_SECRET_KEY'.encode('utf-8')     hashed = hmac.new(key, raw, hashlib.sha1)     pin_hmac_hash = base64.encodebytes(hashed.digest()).decode('utf-8')     eg: pin_hmac_hash = "SOME_HMAC_HASH_OF_PIN" 

So the response for /api/openlogin will be

{ 'email': 'test13@test.com' 'pin': "SOME_HMAC_HASH_OF_PIN" } 

Now the user sends me back the pin along with the HMAC hash in the response

curl --location --request POST 'http://127.0.0.1:8000/api/verifypin' \ --header 'Content-Type: application/json' \ --data-raw '{ 'pin': "SOME_HMAC_HASH_OF_PIN", 'email': 'test13@test.com', 'emailed_pin':'435667' }' 

Will someone guess the pin from SOME_HMAC_HASH_OF_PIN.

Ofcourse i will further try to autenticate the api using JWT token. So the email cannot be tampered

This is an example of PIN but it can be any string of sensitive information. Can i rely on hmac

Does a lack of verified signatures for Windows Defender indicate malware?

I ran “autoruns” from Windows Sysinternals on a Windows 10 machine, and noticed that the Windows Defender services were marked in red colour, and did not have verified signatures. I checked these services on another machine and found that they were all verified as expected.

Does this mean the Windows Defender on my machine is malware? If so, how can I remove it and reinstall a clean Windows Defender? Running the thorough offline-scan did not help.

screenshot