The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,706 other followers

Archive for the ‘Hashing’ Category

More suppliers should include sha hashcodes for their downloads

Posted by jpluimers on 2016/10/28

I’m really glad that more and more suppliers are providing sha hashes for their downloads.

It allows you to verify an already downloaded binary is in fact

For instance, Cisco does this with their Jabber Messaging software. That way I could verify the (when I wrote this) most recent versions were indeed the ones I already had by just clicking on the filename (no need to click on the Download button).

  • Mac:
    • $ shasum -a 512 CiscoJabberMac-11.0.0.216341.zipbd03b0f8542e0244b30601647e991eec74c2e5b358bf68cdf1b4d6f4e62f96fed83f813d0033e696012dc320a80cc96b9c17d5f98250d44b5252c06732c16df5  CiscoJabberMac-11.0.0.216341.zip
  • Windows:
    • $ shasum -a 512 CiscoJabber-Install-ffr.11-0-1.zip
      7335b739498ca365952325931709bae1c0f5916302117b75fc06862d5623a017834ef3f6fafe76feb722dca5618c1e2d11be17e739a59e0b76a3c382f6d9c31b CiscoJabber-Install-ffr.11-0-1.zip

–jeroen

Posted in Hashing, Power User, Security | Leave a Comment »

List of “Plain Text Offenders”; hopefully someone publishes a list of https offenders too

Posted by jpluimers on 2016/10/24

This Plain Text Offenders site lists email screenshots of organisations sending back plain-text passwords they kept on file (According to Robert Love, Idera/Embarcadero should be on the list as well).

It is one of the most horrible things that can be done for a password.

Business and IT do many horrible things, so I really hope someone will start a similar site about SSL Labs F-rated domains. The ones that are so broken that they degraded their https to virtually plain-text http quality.

In the past, a notorious example of this was Embarcadero, who in the past managed to get F-rating or had wrong configurations on the below domains, therefore preventing me from logging in and getting new products from them (which is far worse than them not cleaning up their bug database):

Read the rest of this entry »

Posted in Delphi, Development, Hashing, https, OpenSSL, Power User, Public Key Cryptography, QC, Security, Signing, Software Development | 3 Comments »

testssl.sh on BashOnWindows (Ubuntu from Win10) – drwetter/testssl.sh

Posted by jpluimers on 2016/08/08

It works (but is sloooooow)

Source: BashonWindows (Ubuntu from Win10) not finding openssl · Issue #337 · drwetter/testssl.sh

Posted in Encryption, Hashing, https, OpenSSL, Power User, Security, testssl.sh | Leave a Comment »

Diffie-Hellman Key Exchange – YouTube

Posted by jpluimers on 2016/07/20

Great explanation of Diffie-Hellman Key Exchange – YouTube.

It is based on mixing colors and some colors of the mix being private.

Brilliant!

–jeroen

Posted in Algorithms, Development, Encryption, Hashing, https, OpenSSL, Power User, Public Key Cryptography, Security, Software Development | Leave a Comment »

DEFCON 17: More Tricks For Defeating SSL – YouTube

Posted by jpluimers on 2016/07/11

Still relevant after a few years: DEFCON 17: More Tricks For Defeating SSL – YouTube.

I landed there after trying to find out how to verify the Internic root server file is actually pubished by Internic via authentication – Ways to sign gpg public key so it is trusted? – Information Security Stack Exchange.

I remember reading his “if you have to perform any cryptographic operation before verifying the MAC on a message you’ve received, it will somehow inevitably lead to doom” post (Moxie Marlinspike >> Blog >> The Cryptographic Doom Principle), but never noticed his videos.

It is still relevant as there are lots of implementations still vulnerable to these kinds of attacks.

Many more of his blog entries are interesting as well:

Read the rest of this entry »

Posted in Encryption, Hashing, https, OpenSSL, PKI, Power User, Public Key Cryptography, Security, Signing | Leave a Comment »

 
%d bloggers like this: