Archive for the ‘Hashing’ Category
Posted by jpluimers on 2016/10/28
I’m really glad that more and more suppliers are providing sha hashes for their downloads.
It allows you to verify an already downloaded binary is in fact
For instance, Cisco does this with their Jabber Messaging software . That way I could verify the (when I wrote this) most recent versions were indeed the ones I already had by just clicking on the filename (no need to click on the Download button).
Mac :
$ shasum -a 512 CiscoJabberMac-11.0.0.216341.zipbd03b0f8542e0244b30601647e991eec74c2e5b358bf68cdf1b4d6f4e62f96fed83f813d0033e696012dc320a80cc96b9c17d5f98250d44b5252c06732c16df5 CiscoJabberMac-11.0.0.216341.zip
Windows :
$ shasum -a 512 CiscoJabber-Install-ffr.11-0-1.zip
–jeroen
Posted in Hashing , Power User , Security | Leave a Comment »
Posted by jpluimers on 2016/10/24
This Plain Text Offenders site lists email screenshots of organisations sending back plain-text passwords they kept on file (According to Robert Love , Idera/Embarcadero should be on the list as well).
It is one of the most horrible things that can be done for a password.
Business and IT do many horrible things, so I really hope someone will start a similar site about SSL Labs F-rated domains. The ones that are so broken that they degraded their https to virtually plain-text http quality.
In the past, a notorious example of this was Embarcadero, who in the past managed to get F-rating or had wrong configurations on the below domains, therefore preventing me from logging in and getting new products from them (which is far worse than them not cleaning up their bug database ):
Read the rest of this entry »
Posted in Delphi , Development , Hashing , https , OpenSSL , Power User , Public Key Cryptography , QC , Security , Signing , Software Development | 3 Comments »
Posted by jpluimers on 2016/07/20
Great explanation of Diffie-Hellman Key Exchange – YouTube .
It is based on mixing colors and some colors of the mix being private.
Brilliant!
–jeroen
VIDEO
Posted in Algorithms , Development , Encryption , Hashing , https , OpenSSL , Power User , Public Key Cryptography , Security , Software Development | Leave a Comment »
Posted by jpluimers on 2016/07/11
Still relevant after a few years: DEFCON 17: More Tricks For Defeating SSL – YouTube .
VIDEO
I landed there after trying to find out how to verify the Internic root server file is actually pubished by Internic via authentication – Ways to sign gpg public key so it is trusted? – Information Security Stack Exchange .
I remember reading his “if you have to perform any cryptographic operation before verifying the MAC on a message you’ve received, it will somehow inevitably lead to doom” post (Moxie Marlinspike >> Blog >> The Cryptographic Doom Principle ), but never noticed his videos .
It is still relevant as there are lots of implementations still vulnerable to these kinds of attacks.
Many more of his blog entries are interesting as well:
Read the rest of this entry »
Posted in Encryption , Hashing , https , OpenSSL , PKI , Power User , Public Key Cryptography , Security , Signing | Leave a Comment »
Posted by jpluimers on 2016/06/10
For my own reference:
Always get at least two keys, configure them, and use only one. Store the rest in a safe place for when the first dies.
Get the NEO (if you need NFC) or NEO-n (if you don’t need NFC but love small form-factor).
–jeroen
(Image courtesy of Yubico)
Read the rest of this entry »
Posted in Encryption , Hashing , Power User , Security , U2F FIDO Security Keys | Leave a Comment »
Posted by jpluimers on 2015/11/27
It feels like yesterday, but haxpo2015ams was already six months ago!
Session materials index:
Apache/2.4.7 (Ubuntu) Server at haxpo.nl Port 80
–jeroen
Posted in *nix , *nix-tools , Encryption , Hashing , https , LifeHacker , OpenSSL , PKI , Power User , Public Key Cryptography , Security , Signing | Leave a Comment »
Posted by jpluimers on 2015/11/11
Interesting: Hash Toolkit – Reverse MD5 / SHA1 Hashes
They generate and allow you to generate various hashes, and store both the hash and original so you can reverse it.
Not meant for production data, but an approach for verifying if you do hashing correctly.
–jeroen
via: Hash Toolkit – Reverse MD5 / SHA1 Hashes .
Posted in Development , Hashing , md5 , Power User , Security , Software Development | Leave a Comment »
Posted by jpluimers on 2015/11/05
Interesting: Life in a post-database world: using crypto to avoid DB writes .
For some security related operations, you only need smart use of HMAC , and no temporary database entries.
Thanks for the Jan Wildeboer referral to this .
–jeroen
Posted in Development , Hashing , Power User , Security , Software Development | Leave a Comment »
Posted by jpluimers on 2015/02/18
Mac OS X has md5 , but no md5sum .
I agree with Mac OS X: Replicating md5sum Output Format that the second way of emulating md5 is better than the first one.
So here it is:
Learn more about bidirectional Unicode characters
#!/bin/bash
/sbin/md5 -r "$@"
–jeroen
via: Mac OS X: Replicating md5sum Output Format – Raam Dev
Posted in Apple , bash , Development , Hashing , Mac , Mac OS X / OS X / MacOS , Mac OS X 10.4 Tiger , Mac OS X 10.5 Leopard , Mac OS X 10.6 Snow Leopard , Mac OS X 10.7 Lion , MacBook , MacBook Retina , MacBook-Air , MacBook-Pro , md5 , OS X 10.8 Mountain Lion , Power User , Scripting , Security , Software Development | Leave a Comment »
![[ICO]](https://wiert.me/wp-content/uploads/2015/10/blank.gif)
![[PARENTDIR]](https://wiert.me/wp-content/uploads/2015/10/back.gif)
![[ ]](https://wiert.me/wp-content/uploads/2015/10/layout.gif)
The Wiert Corner - irregular stream of stuff 