You send them your public key in a GET request, and the payload you get back is ... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		ivanbakel on April 28, 2017 \| parent \| context \| favorite \| on: Stupid security things You send them your public key in a GET request, and the payload you get back is the encrypted HTML page. Make sure to pick a big enough key size, or you might not see the whole thing...

bungie4 on April 28, 2017 [–]

No, in this case it's RSA SecureID

https://en.wikipedia.org/wiki/RSA_SecurID

A one time, time based hash as 2FA. Despite using this 2FA, the bad code completely circumvents it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact