Image of the glider from the Game of Life by John Conway
Skip to content

{ Category Archives } Security

Encrypted ZFS Filesystems On Linux

This is just a quick post about getting a fully kernel-space encrypted ZFS filesystem setup with GNU/Linux, while still keeping all the benefits of what ZFS offers. Rather than using dmcrypt and LUKS, which would bypass a lot of the features ZFS brings to the table, encryptfs is our ticket. The reason this is so […]

Hand Ciphers: Solitaire Cipher

This hand cipher was invented by cryptographer Bruce Schneier, and requires nothing more than a full 54-card deck of standard playing cards. Here is the basic idea, then we'll get into the details. First, you need a standard 52-card poker deck of playing cards (4 suits, 13 unique cards per suit), with the two jokers. […]

Another Reminder About Passwords

Two things are prompting this post. First, the recent leak of LinkedIn passwords, and second, family/friends' email accounts getting hacked. It's amazing to me how many posts there have to be on the Internet about password security, and how little attention people pay to them. One could say that many of the weak password demographic […]

Tighten the Security of "Security Questions"

Some of you may remember the email hack of Sarah Palin's email by David Kernell in 2008. The Wikipedia article describes how this was done: The hacker, David Kernell, had obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords. […]

Encrypt Your Irssi Config

Actually, this can work for any config that you want to encrypt. Because I'm such an IRC addict (admittidly), and use Irssi as my client of choice, AND the fact that others have asked me about it after blogging about encrypting your IMAP/SMTP passwords with Mutt, I figured this was an appropriate title. The Problem […]

Randomize First, Then Encrypt Your Block Device

This blog post is in continuation of the previous post, where I showed why you should not use ECB when encrypting your data. Well, when putting down an encrypted filesystem, such as LUKS, you've probably been told that you should put random data down on the partition first BEFORE encrypting the disk. Well, this post […]

ECB vs CBC Encryption

This is something you can do on your computer fairly easily, provided you have OpenSSL installed, which I would be willing to bet you do. Take a bitmap image (any image will work fine, I'm just going to use bitmap headers in this example), such as the Ubuntu logo, and encrypt it with AES in […]

Why I Cryptographically Sign My Email

Yesterday, I received a disturbing phone call. Someone very close to me, call him John, might lose his job, because a slanderous, offensive email was sent with forged headers, claiming to be John. John certainly did not send the mail, and those close to John know that the tone of the mail does not seem […]

Encrypted Mutt IMAP/SMTP Passwords

Rather than storing your IMAP and SMTP passwords in plain text on disk, you can store them encrypted using GnuPG, OpenSSL, the GNOME Keyring, or any other method of password storage encryption. It still requires a "master password" from you to decrypt the file(s) on the fly, and set the appropriate passwords, but then it […]

Making Sense of Hashed Hosts in ~/.ssh/known_hosts

I don't expect you to follow this post completely, but it's so amazingly cool, I have to blog it. Consider the hashed sections of ~/.ssh/known_hosts file for (recent) OpenSSH clients, not including the public key parts: |1|kFJT5z0x3ndyutgZ4E5pRk+ORBA=|hzXvdYUudo+qK9BGlFWtSAUXlXc= |1|8wo1+FO0hkATPgQZoeNHeIlvAjw=|dt/a9jz9CnLKP72j+Jr8MKMjgEE= |1|pvBQEKEGLnH0RCJr+8Dmqqnvlrs=|fJJvjyG/TmHFnuIX57nDThq/C4M= |1|HKV4DzgDkajXoUHf9B82JBu7J10=|c/K+MdJvWaZeJFs/W7iqhqo0wvE= |1|rtvQhRVnNanQZYkLUMbjoBGNhn0=|0U6a1LUQqLL6P1T2Wji3VWw69pw= |1|0ziSYi4c+xBXGEBZcNN1LMhYUc4=|qRSN5GSPyQi+fmaVz2zNwkmKoy8= |1|6nv6Vpk3AYgICHxJGVgVdsYRuq0=|fBNOIz1l3RW+N61jyDPunKX9n7E= |1|+b4uA+Mq7RHRAFW21qv8aO3rIRs=|1eizMri01IxEKrXquBnwTYP61Ow= |1|BkB0PZu2qtsLID/Ibe/D68gANQU=|qW6uAzcpecOOKNI4zEvngyfpGkI= |1|n+QrRn7QXeAJ5hRe2M8v8IspihE=|EqUxXdSeIF1cl1fQjl5zILebkGY= |1|BOKuKnWojy028tJf9Y671lws0d0=|SuBQJmJZp5JNVYG/rP9yb9ZhJcE= |1|WACsxtodOiM89kf4rNPLgF1CXZ4=|UTccVeLDZJF3wlH8V05XJNlsOBw= |1|o6FFoirXYblM7wBMdeJDYGMPI58=|5jJB7T7itY702ZHHByXtSpGk9SE= The column fields are similar to […]


I have been familiar with steganography for a number of years. In fact, back when I was in middle school, I developed a fascination for encryption, and hiding messages, mostly so I could pass notes back and forth to classmates during class. It wasn't long before I found "invisible ink", which is a form of […]

Google Wants To Track Your Physical Location

From We're introducing a method that lets you opt out of having your wireless access point included in the Google Location Server. To opt out, visit your access point's settings and change the wireless network name (or SSID) so that it ends with "_nomap." For example, if your SSID is "Network," you'd need to […]

Use wget(1) To Expand Shortened URLs

I'm a fan of all things microblogging, but let's face it: until URLs become part of the XML, and not part of your character count (which is ridiculous anyway), shortened URLs are going to be a way of life. Unfortunately, those shortened URLs can be problematic. They could host malicious scripts and/or software that could […]


I'm going to try to keep this post short (many of my regular readers will know how long winded I can be). However, with my recent post of setting up Mutt to support both PGP/MIME and S/MIME, based on the account I'm using, I figure a followup post on their similarities and differences might be […]

OpenSSH Best Practices

This post comes from Matt Taggart, who put together a document about the best practices for using OpenSSH. A lot of the points brought up in that document rang the bells of common sense, and are so good, it's worth blogging about in hopes that the points mentioned therein reach as many as possible. I've […]