The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Encryption’ Category

« Previous Entries
Next Entries »

Crypto Museum (Amsterdam, 2016) – Google Photos

Posted by jpluimers on 2017/12/15

Last year Robin Sheat made this nice set of pictures: Crypto Museum (Amsterdam, 2016) – Google Photos

via:

–jeroen

Posted in Encryption, History, Power User, Security | Leave a Comment »

Posted by jpluimers on 2017/06/30

It’s such an all time classic from 2006 that people even kept scans of the original 2006 Computer World publication by [WayBack] John Klossner.

Over the last few years, it has done its round over the internet a few times, so I did some digging for the scans, colour and mono originals.

Data security versus Human Error.

In this corner, we have firewalls, encryption, antivirus software, etc. And in this corner, we have Dave!!

[WayBackJohn Klossner Cartoons: Computer World has the original black and white version: it’s even a gif!

Way better than the scan from paper: [WayBackShackF00 » Weekend Round-up: Google Issues and a Sad-but-True Comic

In 2014, Spiceworks re-ran the black and white one: [WayBackAnd in THIS corner we have Dave! (Funny cartoon) – IT Security – Spiceworks

In 2015, Wombat Security published a coloured version on social media, and even bigger too: not just large, huge as well (:

–jeroen

via: [WayBack] Dave – CodeProject – Google+

Read the rest of this entry »

Posted in Encryption, Firewall, Fun, Power User, Security | Leave a Comment »

The Cryptowars, twenty years ago – The Isoblog.

Posted by jpluimers on 2017/06/27

Interesting read with lots of references: [WayBackThe Cryptowars, twenty years ago – The Isoblog.

My TL;DR:

  • the current cryptowar is very similar to 20 years ago
  • back then it was won by the people
  • current outcome is unclear (but the rules of math cannot be changed)
  • Laws/Rules/Postulates:
    • John Gilmore
      • »The Net interprets censorship as damage and routes around it.«
    • Shoshana Zuboff
      • »Everything that can be automated will be automated.«
      • »Everything that can be informated will be informated.«
      • »Every digital application that can be used for surveillance and control will be used for surveillance and control.«
  • Kristian:
    • »20 years later, the Cryptowar is still a thing. It will never be over.«

–jeroen

via: [WayBack] So as a society, we are having the same conversation for 20 years now, and we won’t really make progress here because of Zuboff’s law.  – Kristian Köhntopp – Google+

Posted in Encryption, History, Opinions, Power User, Security | Leave a Comment »

~650-thousand accounts exposed because of md5 hashing: Font sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

Posted by jpluimers on 2017/05/19

Over 98 percent of the passwords were cracked, thanks to the site’s poor password security.

No this isn’t just the hacked font

Source: [WayBackFont sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

via: [Archive.isFont Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts – Slashdot

–jeroen

Read the rest of this entry »

Posted in Encryption, Hashing, md5, Power User, Security | Leave a Comment »

Generate Mozilla Security Recommended Web Server Configuration Files

Posted by jpluimers on 2017/03/06

In case you manually want to configure or have a web-server that’s not supported by certbot for letsencrypt (yet): Generate Mozilla Security Recommended Web Server Configuration Files.

At the time of writing, these were supported by the generator (* were not supported by certbot for letsencrypt yet):

–jeroen

via: Feature request: admin web interface over HTTPS · Issue #630 · pi-hole/pi-hole

Posted in *nix, *nix-tools, Apache2, Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

SHAttered – stop using SHA-1; it’s broken

Posted by jpluimers on 2017/02/24

We have broken SHA-1 in practice.

This industry cryptographic hash function standard is used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, ranging credit card transactions, electronic documents, open-source software repositories and software updates.

It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.

For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create a valid signature for a high-rent contract by having him or her sign a low-rent contract.

–jeroen

Posted in Encryption, Hashing, Power User, Security, SHA | Leave a Comment »

Using the github version of certbot (formerly letsencrypt) to get Let’s Encrypt certificates

Posted by jpluimers on 2017/01/24

The Let’s Encrypt certbot (formerly letsencrypt) had some trouble on my machinery.

When trying to test if Apache default default · Issue #3307 · certbot/certbot and opensuse Tumbleweed: Each time I run certbot, a line with Listen 443 gets added to /etc/apache2/httpd.conf · Issue #3364 · certbot/certbot were fixed, I had to run certbot directly using specific github branches.

Normally certbot queries https://pypi.python.org/pypi/certbot/json to install the latest sanctioned version of itself. Which means this won’t work to run the version from github:

git clone https://github.com/certbot/certbot.git
cd certbot
./cerbot-auto <<command-line-parameters>>

But the below does:

git clone https://github.com/certbot/certbot.git
cd certbot
git checkout -b <<branch-name>>
./letsencrypt-auto-source/letsencrypt-auto --os-packages-only
./tools/venv.sh
source venv/bin/activate
cerbot <<command-line-parameters>>

The last statement will run ./venv/bin/certbot but you can also hard-code that (or perform which certbot to verify the directory is on the pat).

I used it to test with this branch:

git checkout -b origin/osrelease_like

The above are basically steps to setup a virtualenv as mentioned in Developer Guide — Certbot 0.9.0.dev0 documentation.

To undo, just run this from the certbot directory:

deactivate
rm -rf venv

The first statement will adjust your path and the second get rid of the virtual environment including all packages that were downloaded in it.

If you forgot to remove the venv directory, there might be old versions hanging around named like venv.1470590779.bak where the number in the middle is the number of seconds since unix epoch (1970-01-01 00:00:00 UTC) which you might want to remove as well.

Inside the venv environment you can use all kinds of Python tools, for instance:

  • Perform pip install ipdb after which you can add import ipdb;ipdb.set_trace() to any source line to break right into the Python debugger. There, it will drop you into debug console, which is pretty much fully fledged Python interpreter.
  • Run pip freeze to show all installed Python packages.

While testing, you can use the --test-cert or --staging command-line-options to use the Let’s Encrypt staging-environment this prevent running into the live environment rate limits (the main ones at time of writing are a Duplicate Certificate limit of 5 certificates per week and a Certificates per Registered Domain limit of 20 per week, whichever limit is lower).

–jeroen

Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »

Getting A or better grading on SSL Labs HTTPS tests

Posted by jpluimers on 2016/12/30

Now that everyone has had enough time to get proper TLS certificates using for instance LetsEncrypt, it’s time to up the ante: score better than an A on the SSL Labs tests from either their main site or dev site:

Here are some links to get there:

–jeroen

Posted in *nix, Apache2, Communications Development, Development, Encryption, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, TCP, TLS | Leave a Comment »

letsenctrypt certbot-auto – finding what certificates are there and which apache configurations use them

Posted by jpluimers on 2016/10/13

IRC #letsencrypt-dev today:

wiert

Is there any way for `certbot-auto` to show for which domains/apache-configs it has certificates?

pdeee

wiert, we actually made a ticket for 0.10.0 to do that

https://github.com/certbot/certbot/issues/3615

in the mean time, your imperfect options are:

for file in /etc/letsencrypt/live/*/fullchain.pem ; do echo -n $file ;  openssl x509 -text -noout -in $file | grep DNS; done

for installation in Apache configs, you can follow that with:

grep /etc/letsencrypt/live /etc/apache2/sites-enabled/*

wiert

@pdeee on OpenSuSE, the last statement should be

grep -r /etc/letsencrypt/live /etc/apache2/*

–jeroen

Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »

certificate – What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? – Server Fault

Posted by jpluimers on 2016/08/29

The canonical answer on extensions and formats like csr, pem, key, pkcs12, pfx, p12, der, cet, cer, crt, p7b, crl, PEM, PKCS7, PKCS12, PKCS10, DER, text, binary, ASN1: certificate – What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? – Server Fault.

Oh and it contains some openssl conversion tips as well, though this link has more: DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them.

–jeroen

Posted in Encryption, OpenSSL, Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »