Image of the glider from the Game of Life by John Conway
Skip to content

{ Category Archives } Security

The Entropy Server

With my last post about the entropy key hardware true random number generator (TRNG), I was curious if I could set this up as a server. Basically, bind to a port that spits out true random bits over the internet, and allow clients to connect to it to fill their own entropy pools. One of […]

The Entropy Key

Recently, I purchased 5 entropy keys from They are hardware true random number generators using reverse bias P-N junctions. Basically, they time when electrons jump a depeltion zone in the junction, where a voltage is applied to the point of near breakdown. Basically, taking advantage of the random characteristics of quantum mechanics. There are […]

Haveged Continued

I noticed that on my machine, my entropy was staying high, then falling off. Then, at what appeared to be some arbitrary point, it would fill back up, in a very periodic manner. This is, of course, after running haveged in the background. Curious, I started looking into it. It took a while to find. […]

Haveged - A True Random Number Generator

I admit that my last post sucked. I've been working on a few things that I want to blog about, but it's going to take time to get all my ducks in a row. So, that post was mostly "filler". Read as "I haven't blogged in a while, and should probably put something up". Sorry. […]

The One-Time Pad Hard Drive

I devised a system to use the one-time pad (OTP) using nothing more than a hard drive. It goes something like this: Meet in person with identical size hard drives. Encrypt the hard drive. File the drive with random keys of incrementing size. Devise an alorithm for using the keys. Unmount the drive. Enjoy the […]

Encrypted ZFS Filesystems On Linux

This is just a quick post about getting a fully kernel-space encrypted ZFS filesystem setup with GNU/Linux, while still keeping all the benefits of what ZFS offers. Rather than using dmcrypt and LUKS, which would bypass a lot of the features ZFS brings to the table, encryptfs is our ticket. The reason this is so […]

Hand Ciphers: Solitaire Cipher

This hand cipher was invented by cryptographer Bruce Schneier, and requires nothing more than a full 54-card deck of standard playing cards. Here is the basic idea, then we'll get into the details. First, you need a standard 52-card poker deck of playing cards (4 suits, 13 unique cards per suit), with the two jokers. […]

Another Reminder About Passwords

Two things are prompting this post. First, the recent leak of LinkedIn passwords, and second, family/friends' email accounts getting hacked. It's amazing to me how many posts there have to be on the Internet about password security, and how little attention people pay to them. One could say that many of the weak password demographic […]

Tighten the Security of "Security Questions"

Some of you may remember the email hack of Sarah Palin's email by David Kernell in 2008. The Wikipedia article describes how this was done: The hacker, David Kernell, had obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords. […]

Encrypt Your Irssi Config

Actually, this can work for any config that you want to encrypt. Because I'm such an IRC addict (admittidly), and use Irssi as my client of choice, AND the fact that others have asked me about it after blogging about encrypting your IMAP/SMTP passwords with Mutt, I figured this was an appropriate title. The Problem […]

Randomize First, Then Encrypt Your Block Device

This blog post is in continuation of the previous post, where I showed why you should not use ECB when encrypting your data. Well, when putting down an encrypted filesystem, such as LUKS, you've probably been told that you should put random data down on the partition first BEFORE encrypting the disk. Well, this post […]

ECB vs CBC Encryption

This is something you can do on your computer fairly easily, provided you have OpenSSL installed, which I would be willing to bet you do. Take a bitmap image (any image will work fine, I'm just going to use bitmap headers in this example), such as the Ubuntu logo, and encrypt it with AES in […]

Why I Cryptographically Sign My Email

Yesterday, I received a disturbing phone call. Someone very close to me, call him John, might lose his job, because a slanderous, offensive email was sent with forged headers, claiming to be John. John certainly did not send the mail, and those close to John know that the tone of the mail does not seem […]

Encrypted Mutt IMAP/SMTP Passwords

Rather than storing your IMAP and SMTP passwords in plain text on disk, you can store them encrypted using GnuPG, OpenSSL, the GNOME Keyring, or any other method of password storage encryption. It still requires a "master password" from you to decrypt the file(s) on the fly, and set the appropriate passwords, but then it […]

Making Sense of Hashed Hosts in ~/.ssh/known_hosts

I don't expect you to follow this post completely, but it's so amazingly cool, I have to blog it. Consider the hashed sections of ~/.ssh/known_hosts file for (recent) OpenSSH clients, not including the public key parts: |1|kFJT5z0x3ndyutgZ4E5pRk+ORBA=|hzXvdYUudo+qK9BGlFWtSAUXlXc= |1|8wo1+FO0hkATPgQZoeNHeIlvAjw=|dt/a9jz9CnLKP72j+Jr8MKMjgEE= |1|pvBQEKEGLnH0RCJr+8Dmqqnvlrs=|fJJvjyG/TmHFnuIX57nDThq/C4M= |1|HKV4DzgDkajXoUHf9B82JBu7J10=|c/K+MdJvWaZeJFs/W7iqhqo0wvE= |1|rtvQhRVnNanQZYkLUMbjoBGNhn0=|0U6a1LUQqLL6P1T2Wji3VWw69pw= |1|0ziSYi4c+xBXGEBZcNN1LMhYUc4=|qRSN5GSPyQi+fmaVz2zNwkmKoy8= |1|6nv6Vpk3AYgICHxJGVgVdsYRuq0=|fBNOIz1l3RW+N61jyDPunKX9n7E= |1|+b4uA+Mq7RHRAFW21qv8aO3rIRs=|1eizMri01IxEKrXquBnwTYP61Ow= |1|BkB0PZu2qtsLID/Ibe/D68gANQU=|qW6uAzcpecOOKNI4zEvngyfpGkI= |1|n+QrRn7QXeAJ5hRe2M8v8IspihE=|EqUxXdSeIF1cl1fQjl5zILebkGY= |1|BOKuKnWojy028tJf9Y671lws0d0=|SuBQJmJZp5JNVYG/rP9yb9ZhJcE= |1|WACsxtodOiM89kf4rNPLgF1CXZ4=|UTccVeLDZJF3wlH8V05XJNlsOBw= |1|o6FFoirXYblM7wBMdeJDYGMPI58=|5jJB7T7itY702ZHHByXtSpGk9SE= The column fields are similar to […]