The right SSL certificate at the right layerSSL certificate rejected trying to access GitHub over HTTPS behind firewall“Public key certificate and private key doesn't match” when using Godaddy issued certificateThird-Party Signed SSL Certificate for localhost or 127.0.0.1?Getting Chrome to accept self-signed localhost certificateWhere could I buy a valid SSL certificate?Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?How to create a self-signed certificate with OpenSSLSSL over HAProxy issueHow to protect HAProxy SSL Certificates as a service?Do I need two SSL certs when using Cloudflare?

Why "Having chlorophyll without photosynthesis is actually very dangerous" and "like living with a bomb"?

Can a virus destroy the BIOS of a modern computer?

What is the word for reserving something for yourself before others do?

Stopping power of mountain vs road bike

Can I ask the recruiters in my resume to put the reason why I am rejected?

Western buddy movie with a supernatural twist where a woman turns into an eagle at the end

Why are electrically insulating heatsinks so rare? Is it just cost?

Is it inappropriate for a student to attend their mentor's dissertation defense?

Is there a hemisphere-neutral way of specifying a season?

UK: Is there precedent for the governments e-petition site changing the direction of a government decision?

SSH "lag" in LAN on some machines, mixed distros

Is it possible to create light that imparts a greater proportion of its energy as momentum rather than heat?

Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?

How can I prevent hyper evolved versions of regular creatures from wiping out their cousins?

How to draw the figure with four pentagons?

Where does SFDX store details about scratch orgs?

Today is the Center

How to take photos in burst mode, without vibration?

Do I have a twin with permutated remainders?

What exploit are these user agents trying to use?

How to show the equivalence between the regularized regression and their constraint formulas using KKT

Theorems that impeded progress

Can I use a neutral wire from another outlet to repair a broken neutral?

Neighboring nodes in the network



The right SSL certificate at the right layer


SSL certificate rejected trying to access GitHub over HTTPS behind firewall“Public key certificate and private key doesn't match” when using Godaddy issued certificateThird-Party Signed SSL Certificate for localhost or 127.0.0.1?Getting Chrome to accept self-signed localhost certificateWhere could I buy a valid SSL certificate?Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?How to create a self-signed certificate with OpenSSLSSL over HAProxy issueHow to protect HAProxy SSL Certificates as a service?Do I need two SSL certs when using Cloudflare?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have a web app which requires fairly stringent security. I already have a reasonably secure solution stack, including Cloudflare, HAProxy and Modsecurity. I'm getting close to getting my Dev environment ready for testing before I build out my Staging and Production environments.



I was keen to use a Cloudflare Origin SSL cert on my Load Balancer and Web Server but I've struck an issue.



I was keen to achieve Full (Strict) crypto via Cloudflare which means Cloudflare will validate the cert on each request. So I wanted to use a Cloudflare Origin cert in order to but looks like I can use a Cloudflare origin cert on my Load Balancer only because it's designed for Cloudflare to Origin data flow only, which would leave me having to buy a cert from a CA for my Webserver(s).



That's three SSL certs to cover the three SSL termination points:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer
Load Balancer --> Web Server


I tried installing the Origin cert on the Web Server but it was unable to verify the validity of that cert. I've even updated OpenSSL to the latest stable release (v1.1.1b) to ensure I can prepare for TLS 1.3.



So I can only think of two possible approaches:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Cloudflare Origin cert)
Load Balancer --> Web Server (via DigiCert cert)


or



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Digicert cert)
Load Balancer --> Web Server (via Digicert cert)


I would appreciate anyone highlighting if I've missed anything important.






ssl cryptography ssl-certificate cloudflare







share|improve this question






















  • You've missed asking a question.

    – Maarten Bodewes
    Mar 22 at 11:48


















0















I have a web app which requires fairly stringent security. I already have a reasonably secure solution stack, including Cloudflare, HAProxy and Modsecurity. I'm getting close to getting my Dev environment ready for testing before I build out my Staging and Production environments.



I was keen to use a Cloudflare Origin SSL cert on my Load Balancer and Web Server but I've struck an issue.



I was keen to achieve Full (Strict) crypto via Cloudflare which means Cloudflare will validate the cert on each request. So I wanted to use a Cloudflare Origin cert in order to but looks like I can use a Cloudflare origin cert on my Load Balancer only because it's designed for Cloudflare to Origin data flow only, which would leave me having to buy a cert from a CA for my Webserver(s).



That's three SSL certs to cover the three SSL termination points:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer
Load Balancer --> Web Server


I tried installing the Origin cert on the Web Server but it was unable to verify the validity of that cert. I've even updated OpenSSL to the latest stable release (v1.1.1b) to ensure I can prepare for TLS 1.3.



So I can only think of two possible approaches:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Cloudflare Origin cert)
Load Balancer --> Web Server (via DigiCert cert)


or



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Digicert cert)
Load Balancer --> Web Server (via Digicert cert)


I would appreciate anyone highlighting if I've missed anything important.






ssl cryptography ssl-certificate cloudflare







share|improve this question






















  • You've missed asking a question.

    – Maarten Bodewes
    Mar 22 at 11:48














0












0








0








I have a web app which requires fairly stringent security. I already have a reasonably secure solution stack, including Cloudflare, HAProxy and Modsecurity. I'm getting close to getting my Dev environment ready for testing before I build out my Staging and Production environments.



I was keen to use a Cloudflare Origin SSL cert on my Load Balancer and Web Server but I've struck an issue.



I was keen to achieve Full (Strict) crypto via Cloudflare which means Cloudflare will validate the cert on each request. So I wanted to use a Cloudflare Origin cert in order to but looks like I can use a Cloudflare origin cert on my Load Balancer only because it's designed for Cloudflare to Origin data flow only, which would leave me having to buy a cert from a CA for my Webserver(s).



That's three SSL certs to cover the three SSL termination points:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer
Load Balancer --> Web Server


I tried installing the Origin cert on the Web Server but it was unable to verify the validity of that cert. I've even updated OpenSSL to the latest stable release (v1.1.1b) to ensure I can prepare for TLS 1.3.



So I can only think of two possible approaches:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Cloudflare Origin cert)
Load Balancer --> Web Server (via DigiCert cert)


or



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Digicert cert)
Load Balancer --> Web Server (via Digicert cert)


I would appreciate anyone highlighting if I've missed anything important.






ssl cryptography ssl-certificate cloudflare







share|improve this question














I have a web app which requires fairly stringent security. I already have a reasonably secure solution stack, including Cloudflare, HAProxy and Modsecurity. I'm getting close to getting my Dev environment ready for testing before I build out my Staging and Production environments.



I was keen to use a Cloudflare Origin SSL cert on my Load Balancer and Web Server but I've struck an issue.



I was keen to achieve Full (Strict) crypto via Cloudflare which means Cloudflare will validate the cert on each request. So I wanted to use a Cloudflare Origin cert in order to but looks like I can use a Cloudflare origin cert on my Load Balancer only because it's designed for Cloudflare to Origin data flow only, which would leave me having to buy a cert from a CA for my Webserver(s).



That's three SSL certs to cover the three SSL termination points:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer
Load Balancer --> Web Server


I tried installing the Origin cert on the Web Server but it was unable to verify the validity of that cert. I've even updated OpenSSL to the latest stable release (v1.1.1b) to ensure I can prepare for TLS 1.3.



So I can only think of two possible approaches:



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Cloudflare Origin cert)
Load Balancer --> Web Server (via DigiCert cert)


or



End User --> Cloudflare (via Dedicated cert)
Cloudflare --> Load Balancer (via Digicert cert)
Load Balancer --> Web Server (via Digicert cert)


I would appreciate anyone highlighting if I've missed anything important.






ssl cryptography ssl-certificate cloudflare




ssl cryptography ssl-certificate cloudflare






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 21 at 21:57









ChrisFNZChrisFNZ

549




549












  • You've missed asking a question.

    – Maarten Bodewes
    Mar 22 at 11:48


















  • You've missed asking a question.

    – Maarten Bodewes
    Mar 22 at 11:48

















You've missed asking a question.

– Maarten Bodewes
Mar 22 at 11:48






You've missed asking a question.

– Maarten Bodewes
Mar 22 at 11:48













1 Answer
1






active

oldest

votes


















1














Certs commonly contain the web server DNS as "common name". You need to make things compatible with that; that indeed means either installing an additional trust point on your load balancer or getting a "real" certificate.



Generally your end points can use a single certificate to identify themselves. The problem is that currently you are using certificates for which no trust chain can be build at the various end points. You can of course solve this by buying a cert for which a chain can be build (e.g. from a commercial CA). You can however generally also update the trust store to include additional certificates, so that a chain of trust can be build. In that case you can use your own certificates; it is your infrastructure after all.



What you don't want to do is to use the leaf certificates on multiple machines, as that would imply that you copy the private key to more machines. The security of the machines should be separate, so if you start copying PKCS#12 files you might want to rethink your key management solution (and if you don't have an explicit KM solution then this would be the right time).






share|improve this answer























  • Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

    – ChrisFNZ
    Mar 23 at 11:32











  • The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

    – Maarten Bodewes
    Mar 23 at 15:40











Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55289877%2fthe-right-ssl-certificate-at-the-right-layer%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Certs commonly contain the web server DNS as "common name". You need to make things compatible with that; that indeed means either installing an additional trust point on your load balancer or getting a "real" certificate.



Generally your end points can use a single certificate to identify themselves. The problem is that currently you are using certificates for which no trust chain can be build at the various end points. You can of course solve this by buying a cert for which a chain can be build (e.g. from a commercial CA). You can however generally also update the trust store to include additional certificates, so that a chain of trust can be build. In that case you can use your own certificates; it is your infrastructure after all.



What you don't want to do is to use the leaf certificates on multiple machines, as that would imply that you copy the private key to more machines. The security of the machines should be separate, so if you start copying PKCS#12 files you might want to rethink your key management solution (and if you don't have an explicit KM solution then this would be the right time).






share|improve this answer























  • Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

    – ChrisFNZ
    Mar 23 at 11:32











  • The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

    – Maarten Bodewes
    Mar 23 at 15:40















1














Certs commonly contain the web server DNS as "common name". You need to make things compatible with that; that indeed means either installing an additional trust point on your load balancer or getting a "real" certificate.



Generally your end points can use a single certificate to identify themselves. The problem is that currently you are using certificates for which no trust chain can be build at the various end points. You can of course solve this by buying a cert for which a chain can be build (e.g. from a commercial CA). You can however generally also update the trust store to include additional certificates, so that a chain of trust can be build. In that case you can use your own certificates; it is your infrastructure after all.



What you don't want to do is to use the leaf certificates on multiple machines, as that would imply that you copy the private key to more machines. The security of the machines should be separate, so if you start copying PKCS#12 files you might want to rethink your key management solution (and if you don't have an explicit KM solution then this would be the right time).






share|improve this answer























  • Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

    – ChrisFNZ
    Mar 23 at 11:32











  • The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

    – Maarten Bodewes
    Mar 23 at 15:40













1












1








1







Certs commonly contain the web server DNS as "common name". You need to make things compatible with that; that indeed means either installing an additional trust point on your load balancer or getting a "real" certificate.



Generally your end points can use a single certificate to identify themselves. The problem is that currently you are using certificates for which no trust chain can be build at the various end points. You can of course solve this by buying a cert for which a chain can be build (e.g. from a commercial CA). You can however generally also update the trust store to include additional certificates, so that a chain of trust can be build. In that case you can use your own certificates; it is your infrastructure after all.



What you don't want to do is to use the leaf certificates on multiple machines, as that would imply that you copy the private key to more machines. The security of the machines should be separate, so if you start copying PKCS#12 files you might want to rethink your key management solution (and if you don't have an explicit KM solution then this would be the right time).






share|improve this answer













Certs commonly contain the web server DNS as "common name". You need to make things compatible with that; that indeed means either installing an additional trust point on your load balancer or getting a "real" certificate.



Generally your end points can use a single certificate to identify themselves. The problem is that currently you are using certificates for which no trust chain can be build at the various end points. You can of course solve this by buying a cert for which a chain can be build (e.g. from a commercial CA). You can however generally also update the trust store to include additional certificates, so that a chain of trust can be build. In that case you can use your own certificates; it is your infrastructure after all.



What you don't want to do is to use the leaf certificates on multiple machines, as that would imply that you copy the private key to more machines. The security of the machines should be separate, so if you start copying PKCS#12 files you might want to rethink your key management solution (and if you don't have an explicit KM solution then this would be the right time).







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 22 at 11:56









Maarten BodewesMaarten Bodewes

63.5k1184177




63.5k1184177












  • Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

    – ChrisFNZ
    Mar 23 at 11:32











  • The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

    – Maarten Bodewes
    Mar 23 at 15:40

















  • Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

    – ChrisFNZ
    Mar 23 at 11:32











  • The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

    – Maarten Bodewes
    Mar 23 at 15:40
















Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

– ChrisFNZ
Mar 23 at 11:32





Thank you, most of that makes sense. I suppose my concern was that the same FQDN needs to be serviced by three layers, each with a different IP. (1) Cloudflare) resolves the FQDN to a public IP on their own network. (2) Cloudflare then routes traffic to the public IP of the *load balancer (which only accepts traffic from Cloudflare's public IP ranges) (3) Load balancer then routes traffic from it's internal IP to the internal IP of the Web Server(s).

– ChrisFNZ
Mar 23 at 11:32













The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

– Maarten Bodewes
Mar 23 at 15:40





The IP addresses don't matter much; it seems that most TLS implementations don't do reverse lookup, so as long as the domain name points to the right location for each of the services then you're OK. A well configured, secure DNS is always recommendable, of course.

– Maarten Bodewes
Mar 23 at 15:40



















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55289877%2fthe-right-ssl-certificate-at-the-right-layer%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

Image
Pages using ISBN magic linksMbegu za lughaKamusiIsimu nenoKiarabukitabulughaKiswahilialfabetimaanaufafanuzimanenomuhtasarisarufividahizoalfabeti Kamusi Kutoka Wikipedia, kamusi elezo huru Jump to navigation Jump to search Kamusi za Kiswahili Kamusi ya Kiswahili-Kiswahili (kamusi wahidiya) Kamusi ya Kiswahili - Kiingereza (kamusi thania) Kamusi (kutoka neno la Kiarabu قاموس qamus ) ni kitabu ambacho kinaorodhesha maneno ya lugha yaliyokusanywa kutoka kwa watumiaji wa lugha fulani, kwa mfano lugha ya Kiswahili. Maneno hupangwa kwa mtindo wa alfabeti, hutoa maana, asili na ufafanuzi wa utumizi wa maneno na jinsi yanavyotumika au yanavyotamkwa. [1] Yaliyomo 1 Aina za kamusi 2 Muundo wa kamusi 2.1 1. Utangulizi wa kamusi 2.2 2. Matini ya kamusi 2.3 3. Sherehe ya kamusi 3 Faida za kamusi 4 Dhima ya picha katika kamusi 5 Marejeo 6 Tazama pia 7 Viungo vya nje Aina za kamusi | Kuna aina mbalimbali za kamusi ambazo ni: Kamusi wahidiya yaani ya l
Read more

Swift 4 - func physicsWorld not invoked on collision? The Next CEO of Stack OverflowHow to call Objective-C code from Swift#ifdef replacement in the Swift language@selector() in Swift?#pragma mark in Swift?Swift for loop: for index, element in array?dispatch_after - GCD in Swift?Swift Beta performance: sorting arraysSplit a String into an array in Swift?The use of Swift 3 @objc inference in Swift 4 mode is deprecated?How to optimize UITableViewCell, because my UITableView lags

Image
Strange use of "whether ... than ..." in official text Could a dragon use its wings to swim? Car headlights in a world without electricity How to avoid supervisors with prejudiced views? Is the offspring between a demon and a celestial possible? If so what is it called and is it in a book somewhere? Can I board the first leg of the flight without having final country's PR card? subequations: How to continue numbering within subequation? How do you define an element with an ID attribute using LWC? Relevant Part for a Badminton Serve What CSS properties can the br tag have? What are the unusually-enlarged wing sections on this P-38 Lightning? Why did early computer designers eschew integers? Is it a bad idea to plug the other end of ESD strap to wall ground? Magento 1.9 observer on only new product added ( no updated product ) Airplane gently rocking its wings during whole flight It is correct to match light sources with the same color temperat
Read more

Access current req object everywhere in Node.js ExpressWhy are global variables considered bad practice? (node.js)Using req & res across functionsHow do I get the path to the current script with Node.js?What is Node.js' Connect, Express and “middleware”?Node.js w/ express error handling in callbackHow to access the GET parameters after “?” in Express?Modify Node.js req object parametersAccess “app” variable inside of ExpressJS/ConnectJS middleware?Node.js Express app - request objectAngular Http Module considered middleware?Session variables in ExpressJSAdd properties to the req object in expressjs with Typescript

Image
What steps should I take to lawfully visit the United States as a tourist immediately after visiting on a B-1 visa? Would dual wielding daggers be a viable choice for a covert bodyguard? For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash? Using Newton's shell theorem to accelerate a spaceship Why doesn't sea level show seasonality? What prevents someone from claiming to be the murderer in order to get the real murderer off? Has anyone in space seen or photographed a simple laser pointer from Earth? What does (void *)1 mean Why does the U.S. tolerate foreign influence from Saudi Arabia and Israel on its domestic policies while not tolerating that from China or Russia? Modulus Operandi What's the point of having a RAID 1 configuration over incremental backups to a secondary drive? How to ask for a LinkedIn endorsement? Good resources for solving techniques (Metaheuristics, MILP, CP etc) How woul
Read more