This post focuses on the popular symmetric cryptography choice, and our analysis of its implementation in the wild.

Pararise

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

This post discusses the issues with using symmetric key JWTs, including the high percentage of guessable keys and the risk of undermining authentication and authorization security.

Stop Recommending JWTs (with symmetric keys) ◆ Truffle Security Co.

Horrible to see that so many developers blindly copy-paste examples, even including secret keys. But I think it’s wrong to “stop recommending JWTs” - maybe it should be called “stop copy-pasting stuff you don’t understand” or “start using your brain” or “get to know the stuff you want to build” or “If you blindly use copilot to make your job you will be screwed sooner or later”.

Just because people are using it incorrectly, doesn’t meen the we should stop using it.

Tools like <a href="https://djecrety.ir/" target="_blank" rel="noopener nofollow">djecrety.ir</a> can be used to generate random secret

Nice post. Many devs do not pay attention to security.

Just use Paseto tokens <a href="https://paseto.io/" target="_blank" rel="noopener nofollow">https://paseto.io/</a>