Image of the glider from the Game of Life by John Conway
Skip to content

{ Category Archives } Security

OpenSSH Best Practices

This post comes from Matt Taggart, who put together a document about the best practices for using OpenSSH. A lot of the points brought up in that document rang the bells of common sense, and are so good, it's worth blogging about in hopes that the points mentioned therein reach as many as possible. I've […]

Convert Text To Base-64 By Hand

When I was a kid, I had this fascination with cryptography. I learned and used, as most kids to, the Caesar cipher first (using my trusty Captain Crunch Decoder Ring), then later learned and used the Affine cipher. It was great for passing notes in class when I was in elementary and secondary education. I […]

Verifying Hashcash Tokens With Mutt

Just five days ago, I blogged about minting Hashcash tokens in Mutt using a Python script (make sure you check that page for any updates to the source if you're using it). Well today, I finished writing my verification script. It takes some additional changes to your ~/.muttrc, which I'll outline here, and it requires […]

Hashcash and Mutt

Introduction I wanted to used Hashcash with Mutt, for nothing more than a curiosity to see if it generates any discussion, and to see if people notice. Further, I'm a big crypto advocate, and while Hashcash isn't exactly crypto, it's highly related to it, and uses it. Regardless, I wanted to see if I could […]

Various Ways To Shred A Drive

I've been tasked at work with shredding drives. Not physically, mind you, but digitally. Usually, I grab a copy of the latest version of Knoppix, boot up, pull up a terminal, and grab GNU Shred. Something like: shred -n 3 -v /dev/sda It works well enough. However, it doesn't display a real useful progress meter, […]

Bitlbee and OTR

I'm actually surprised that I haven't blogged about this before, seeing as though I use it daily. Further, seeing as though I seem to be on a security blogging trip, it only seems fitting to discuss OTR support in Bitlbee now. OTR, or Off-The-Record messaging is the ability to have encrypted and authenticated communication with […]

Strong Passwords NEED Entropy

I just finished reading an article on Ars Technica titled "Ask Ars: Where should I store my passwords?". There was a specific paragraph that I took issue with, which in turn prompted me to write this post. It is: "Still, it would take thousands of years to crack an 8-character password when checking both small […]

The Sad State of Hashcash

So today, I received an email from one of the readers of this blog. He wanted to get into OpenPGP with his email, and asked if I could help him get started with some tutorials, how-tos, etc. I was flattered that he valued my opinion. So, I responded to each of his questions and discussion […]

Created A PGP Key Signing Policy

I just created a PGP/GPG key signing policy. I've never set one before, so there it is. The motivation is three-fold: I want raise awareness for encrypted email, I want to expand the Web of Trust and I want to sign keys. I believe we've gotten too anal retentive about the rituals of signing each […]

OpenPGP, Android and RFC 3676

Now that I own an HTC Evo 4g, I've noticed that email is less than optimal. I blame the screen size, and the lack of good fonts and font sizes, but nonetheless, I've found some annoyances in my life with my Android device, and I'm guessing others are experiencing the same annoyances, be it on […]

Elliptic Curve Cryptography in OpenSSH

I've been meaning to add this as a post, as it's light and quick, but as the release of OpenSSH 5.7, Elliptic Curve Cryptography has been implemented. Why should you care? The generated keys are substantially smaller, the algorithm is faster and lighter, giving a break to slower CPUs and the cryptanalysis hasn't shown any […]

Image Puzzle - 2

In keeping with my previous post almost 4 years ago, these images will circumvent Digital Restrictions Management on Sony PS3 consoles. I have also licensed them under the Creative Commons Attribution 3.0 United States license. Enjoy!

SSH Known Hosts Fingerprints and Hostnames

i just came across this today, so I thought I'd share. It's been more than a month since my last post (which is really out of my element), so I'm definitely due. However, I make no promises about making more frequent posts in the future. Today, someone came into the #unix channel on Freenode asking […]

Password Cards

I'm actually surprised that I haven't blogged this already. This is a topic that is right up my alley, so it definitely belongs here. How many times have you been told that you need to use secure passwords? This includes using uppercase and lowercase letters, numbers and symbols. You're told to make your password hard […]

Create Your Own Graphical Web of Trust

I created my GnuPG key back in 2004, and I've been very active with it since (thank you Glen). I have also seen graphical representations of the Web of Trust for a specific public keyring, and I've always been curious how I could create my own. Well, last night I finally buckled down and figured […]

Switch to our mobile site