Comments for Aaron Toponce Linux. GNU. Freedom. Tue, 17 Jul 2018 15:53:18 +0000 hourly 1 Comment on CPU Jitter Entropy for the Linux Kernel by Alexander Tue, 17 Jul 2018 15:53:18 +0000 Although the code is in the kernel looks like jitterentropy does *not* feed into /dev/hwrng. Or am I missing something? But still jitterentropy-rngd [1] is useful as a pure user-space daemon.


Comment on Use A Good Password Generator by Peter Sun, 15 Jul 2018 15:00:40 +0000 Thanks for the very interesting page about password generation!

I'm chasing online for a pw generator to put in the hands of our users, but all I found so far is missing something. Gets the feeling that you would be the man to create the dream generator based on Stanford password policy and Diceware wordlists, generating four passwords to choose from:

9-11 characters containing mixed case letters, numbers and symbols.
12-15 characters (3 words) with mixed case letters and numbers.
16-19 characters (words) with mixed case letters.
20+ characters with just lowercase words.

Think many happily would pay to get it on their intranet. Right?

Comment on Use A Good Password Generator by Bo Kersey Wed, 13 Jun 2018 20:15:45 +0000 Aaron, as always your articles are informative, fairly concise and you do a great job of making the complex easier to understand.

one typo that I found..... s/eded/ed/ over the page and you'll fix it 🙂


Comment on Newsbeuter, Mutt and Google by sherrily6 Lane Wed, 13 Jun 2018 06:18:41 +0000 Formatting a hard drive allows you to use it on your computer to store files and install programs on. The format you choose for the drive determines the drive's compatibility. Formatting a drive will erase all of the data currently on the drive, so ensure you have everything you need backed up.

Comment on Use A Good Password Generator by Alexander Boese Wed, 13 Jun 2018 03:09:12 +0000 I created a password generator tool that uses cryptographically secure hashes for generation. Would you mind looking at it, and giving me feedback. If you think it's any good, I can share the generation code, though I'm trying to get more reviews prior to releasing as open source.

DyfynderX on iOS

Thank you.

-Alex Boese

Comment on ZFS Administration, Part III- The ZFS Intent Log by Michel Erb Wed, 30 May 2018 17:08:57 +0000 To confirm an assumption, if this statement is true "ZFS will wear the SSD correctly. The partition will move across the chips evenly, and every chip will get the same amount of wear as the rest.", that means a larger disk, with more chips, takes more time to wear out or the smallest disk, is not always the best option considering longevity.

Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by Poul-Henning Kamp Mon, 28 May 2018 07:16:20 +0000 A few factual corrections and deeper background:

MD5crypt() did not replace the traditional DES-derived UNIX crypt(), but rather an even worse stand-in which only existed because DES was under export-control from the USA at the time. We had the DEScrypt() source, we just could not distribute it without a DoD license.

I knew at the time that hardware implementations of DES were available, and from personal experience that you didn't really need them if you took the time to hand-tweak your assembly code, so DEScrypt was not particular desirable, even if we obtained an export-license.

The choice of MD5 was driven entirely by the source-distribution issue, MD5 was published in an RFC and licensed for any use (whereas the slower, and therefore more desirable MD2 was only licensed for email.) and there were no export-control on one-way algorithms.

The things I focused most on with MD5crypt increasing the runtime in a way which could not be trivially pipelined (ie: data dependence) and on improving the environment for crypt() implementations (ie: longer salt, longer passwords, longer stored results.)

The fact that the runtime depended on the length of the password was considered and ignored: I would be more than happy with the increased security if I could get people to use 8 or 10 char passwords, never mind 17 and up, instead of just eight.

The most important thing I did was the $1$ prefix, which allowed multiple password algorithms to coexist. I pointed out at the time, that allowed you to change the algorithm at any time, as long as you also supported the old algorithms until old passwords were changed (Best practice at the time was 3-6 month between forced password changes).

...and then people did the exact opposite, they all copied & pasted MD5crypt all through the dot-com madness until a researcher told me that he estimated most passwords in eCommerce and half of all passwords in the world were protected by MD5crypt.

As for the OpenBSD people trash-talking MD5crypt:

I never aspired to be or claimed to be a cryptographer, and the **only** reason I have ended up writing some rather consequential cryptographic source code, is that the real card-carrying cryptographers seldom do so and never in a timely fashion.

Bcrypt, scrypt and Aragon2 are without dispute superior to MD5crypt() on all metrics except the most important one: MD5crypt() were there in 1994, as open source and a readily usable software component, they were not.

So yes, I felt the OpenBSD people were a little bit too snotty when they came walzing in five years later, and pissing down on me from my own shoulders felt particular unfair: I paved the road they drove on.

Otherwise: A nice writeup, and sound advice for this day and time.

PS: Here is my own write-up of md5crypts history:

Comment on Use A Good Password Generator by guest Sun, 27 May 2018 17:52:36 +0000 I'd definitely suggest looking at 's idea of Readable Passphrases, which generates a syntactially valid (nonsense) sentence. It's my personal favorite that I've seen -- I find them EXTREMELY memorable, and I'd like to see more people use that.

Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by Aaron Toponce Fri, 25 May 2018 22:29:05 +0000 Polynomial functions are defined as a function that is quadratic, cubic, quartic, quintic, etc. that involve non-negative factors of x. In other words:

f(x) = anxn + an-1xn-1 + ... + a2x2 + a1x + a0

The sha256crypt and sha512crypt functions are polynomial, because it is quadratic function.

Exponential functions are defined as a function whose variable x appears as an exponent. In other words:

g(x) = bx
Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by Raphael M Fri, 25 May 2018 20:13:30 +0000 Great post but i have a question. Big-O's sha512 is polynomial, why is polynomial?

Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by Aaron Toponce Fri, 25 May 2018 03:28:18 +0000 PBKDF2 is not exactly "10k iterations of SHA-256". First, PBKDF2 is an arbitrary length output function. A user may request any arbitrary amount of data. The typical usecase is to request key material, so 16 bytes, 32 bytes, and 64 bytes are most common. However, you could request 50 bytes of data, or 33 bytes, or 400 kilobytes if you wanted. SHA-256 is a fixed length digest function, that always outputs 256-bits or 32-bytes of data.

Second, PBKDF2 has a pluggable architecture. Any cryptographic hashing primitive may be used. Common functions are MD5, SHA-1, SHA-256, and SHA-512. PBKDF2 is typically used with HMAC, although if the cryptographic hashing function supports keying, like BLAKE2, then HMAC is unnecessary. SHA-256 is a static function, without any ability to plug something else into it. It's a foundational cryptographic primitive. Bruce Schneier called hashing functions the work horse of cryptography.

Thirdly, PBKDF2 requires salts to prevent rainbow table attacks on the generated output. SHA-256 does not. This doesn't prevent you from prepending or appending salts to your input, but this is something that you have to manually add as part of your application, as SHA-256 doesn't support it natively.

Finally, PBKDF2 is a complex "belt-and-suspenders" construction. The "H" in that diagram is your plugged-in hashing function (could be SHA-256, could be BLAKE2). However, SHA-256 uses the Merkle-Damgaard construction, which is a very different construction from PBKDF2.

And Chris C was correct- PBKDF2 is a sound cryptographic primitive. A homebrew design, such as "10k iterations of salted SHA-256", is not a sound cryptographic design.

Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by Chris C Thu, 24 May 2018 23:54:25 +0000 @David, I think the keyword here is "homebrew". PBKDF2 does specific things between each iteration... a homebrew may not do the right thing, or anything at all.

Comment on Do Not Use sha256crypt / sha512crypt - They're Dangerous by David Thu, 24 May 2018 20:02:56 +0000 It's funny that you're recommending PBKDF2, but also warn against "10k iterations of salted SHA-256 etc.". PBKDF2 is exactly that - iterative hashing with a salt - and most implementations do in fact employ SHA-256.

Comment on Digest Algorithms in Google Spreadsheets by Hubert Wed, 23 May 2018 15:29:21 +0000 Hi, I want to use your script to mask personal data in my spreadsheets. But how can I force UTF-8 character set of the input string?

Comment on New Email Signature by Atwora Sun, 13 May 2018 18:21:35 +0000 Just Watch out for common problem with too many links in footer. It is commonly forbid by mailboxes robots to accept messages with too many links. And many companies stil try to place as many links to their offers / social media / etc. in footer messages as possible. Resulting in landing into a spam folder...obviously 😀

Comment on Adblockers Aren't Part Of The Problem- People Are by Trochetutrochetam Sun, 13 May 2018 16:56:10 +0000 Yep, totally agree with you. On my websites / portals / blogs I deliver ads that are not aggressive or dont follow users screen. If someone counts on generating income from such huge attack of advertising just after someone enters their website are far from earning anything.
Yet, most of webmasters doesn't seem to understand it. Needles to say, that many of suspicious ads like "congratz you won XXXX billion dollars" may have malicious software uploaded alongside page load. such website is right after marked as insecure and a webmaster goes even lower on search results.

Comment on Bitcoin Mining Rate and Waste by Dozwiedzenia Sun, 13 May 2018 16:51:19 +0000 There was a time where mining bitcoins was a good choice. So probably having a good hardware and a good source of electricity (cheap I mean) it would be still possible to get some good source of coins in averade period of time.
The problem is with the banks, that are reluctant to accepting bitcoins

Comment on Use A Good Password Generator by Michal from Sun, 13 May 2018 16:47:02 +0000 To be honest never thought about it this way. Reffering to WordPress sites, I used brute-force protection provided by premium extensions and a key weification tool, that forbid using weak passwords. Whats more I blocked countries known from their source of common attacks and developed a policy of auto-ban repeating offenders.

I'm programist but need to escalate the topic. Thanks!

Comment on What About Interoperability? by Hotelepremium Thu, 10 May 2018 22:53:36 +0000 Each day they develop better drives for save disk space. Have you tried SSD? Maybe you should also consider better compression for files?

Comment on Cocytus by VisitON Thu, 10 May 2018 22:41:43 +0000 Greek mythology is fascinating. Especially, that nowadays we quite miss the great and interesting stories from the past. It influences tourist and makes them come more often to greece.

Comment on Use A Good Password Generator by Michael Thu, 03 May 2018 14:49:41 +0000 How about adding keepass to your chart

Comment on Linux Kernel CSPRNG Performance by Craig Sun, 29 Apr 2018 20:35:51 +0000 I suggest GPG add a user settable variable to adjust calculation of entropy depletion per byte read from /dev/random. Instead of

ee = ee - #bytes_read


ee = ee - #bytes_read / k

-- k is a settable ratio (secure_bytes_out / bytes_in)
-- bytes_in is the number of bytes used to initialize the CSPRNG
-- secure_bytes_out is the number of (consecutive) output bytes which can be leaked before security is compromised.

Currently k is implicitly one (1), which is the smallest possible value. Safe if enforced, but impractical and unsafe as it leads to admins bypassing the entropy estimate throttle using rnd-tools and reading from /dev/urandom or /dev/hwrnd. It leaves an opening for Java malware to call "SecureRandom" (which reads /dev/random) in a tight loop. Much better to have k set to 1024 which would (1) throttle the tight snoop loop (2) prevent use of /dev/random while it was in an unsafe externally known state (3) allow most normal usage cases without hanging or resorting to rnd-tools (4) if hanging did occur, it would be unusual and alert admin to possibility of snooping.

"The boy who cried wolf" springs to mind.

Comment on Why A Dark Blog Theme? by IT Sat, 28 Apr 2018 07:42:13 +0000 How the time is changing, Before 10 years Dark theme now Soft and white,

Comment on Use A Good Password Generator by xeni Wed, 25 Apr 2018 07:08:14 +0000 The more random and mixed-up you make it, the harder it is for others to crack. Mind you, if your password is compromised, the password crackers will even take over your identity.

I wrote an article on Best Passwords to use

Comment on Use A Good Password Generator by Conor Mon, 23 Apr 2018 20:48:39 +0000 Thanks for taking the time to conduct this research and then share it with the community!

I see LastPass and Dashlane in the spreadsheet, but not 1Password or Keeper. Any chance you'd consider reviewing them and adding them to the spreadsheet?

Comment on Use A Good Password Generator by Adrien Mon, 23 Apr 2018 18:53:44 +0000 For Server vs. Client Generation, you can use something like uMatrix for Firefox, and disallow any XHR for the page. In this case, the JavaScript can do a lot, but not communicate with a remote server.
Unless there is some unknown avoidance method I'm not aware of.

Comment on Use A Good Password Generator by guest Mon, 23 Apr 2018 16:28:00 +0000 1. Block range not used IP and system processes with firewall.
2. Track own internet connection, for example from with own router.
And from own computer.
You will see tightness firewall and which process use your internet.
3. If you can, use gpg key, this is password but longer.
GPG key can be stolen, but password also. You can enable the system notification if the key is used. But to make sense, you need to protect the system from editing system files.
4. If you can, keep track of when your password is used. Because password and key does not give safety. Security gives only the address when it can only be yours and when nobody can use your computer for use your address.
For example:
When you write in chat,
someone may impersonate a friend.
When you call to friend on the phone,
even if someone else takes over the phone you will recognize him, in a voice. Because usually you know his voice very good and often also from real life. From chat, if this is not with video and sound, what you will see ? Tahoma or other font, which use 1 billion people or more ?

Comment on Let's Talk Password Hashing by mGalli Thu, 15 Feb 2018 18:04:15 +0000 There is an error on the description of Argon2 algorithms. The Argon2i is more suitable for key derivations AND password hashing.

Page 3, Our Solution section of Argon2: the memory-hard function for password hashing and other applications. Please check the documentation here

"Argon2i uses data-independent memory access, which is preferred for password hashing and-based key derivation"

Comment on ZFS Administration, Appendix C- Why You Should Use ECC RAM by Marvin Glenn Tue, 30 Jan 2018 06:20:48 +0000 Please see comment #4 by Ivar and let me echo his sentiment. When the extra bit is only taken as a parity bit for a byte, you can only detect a single bit error, but not correct it. ECC looks at a piece of data larger than a byte and considers it against more than one extra bit. From that, it can detect and often properly correct errors in memory. But calling it 'parity' should be avoided as 'parity' is only really an "error detection code", not an "error correction code".

Comment on Convert Text To Base-64 By Hand by Benjamin Danek Wed, 24 Jan 2018 05:45:19 +0000 Awesome post, I can't help but wonder. During step 3 what's the theory behind adding the padding zeros to the end of the binary string? How does this not change the value of the binary?

Comment on Weechat Relay With Let's Encrypt Certificates by Kevin Otte Mon, 22 Jan 2018 17:13:24 +0000 Leave just the copying commands in a script and specify that as the --post-hook in certbot when obtaining the cert. It will only be run when a renewal happens. I have a call to prosodyctl to copy certs in mine. I'll probably be adding weechat into this now as well.

Comment on Ivy League Theme For Mutt by Madelinelorene Fri, 19 Jan 2018 11:30:46 +0000 hello..!
Cma is a professional credential that can be earned in the advanced management accounting and financial . Become a cma and explore better accounting career opportunities cma classes in dubai read more
Thaank you.

Comment on Setting Up A Global Tor Proxy on Android with Orbot by Reggy Thu, 18 Jan 2018 15:07:14 +0000 PLEASE!! PLEASE!!.....

Comment on Setting Up A Global Tor Proxy on Android with Orbot by Reggy Thu, 18 Jan 2018 15:05:57 +0000 Why did I connect the Orbot network, then "Congratulations you connected to Tor network", But yellow is not green, is it the same? or not fully anonymous and still need additional settings? PLEASE HELP !! 🙁

Comment on ZFS Administration, Part I- VDEVs by Abdollah Thu, 11 Jan 2018 12:06:15 +0000 Is possible to mirror two raidz(1-3) together?
for example 4 drive raidz1 with name of pool1 mirrored with another 4 drive raidz1 with name of pool2?

Comment on Setting Up A Global SSH Proxy on Android with ConnectBot and ProxyDroid by Aaron Wed, 13 Dec 2017 19:29:15 +0000 Thanks for this, ProxyDroid is what I needed. That Firefox plugin approach was giving me trouble.

Comment on Appropriate Use Of "kill -9 " by dubailife Fri, 01 Dec 2017 15:29:07 +0000 VIP UAE Girls Find VIP Dubai escorts online today at bunnies listing. Enjoy the elite hot girls company

Comment on Let's Talk Password Hashing by RB Fri, 01 Dec 2017 08:13:03 +0000 I would love to hear the thoughts on using HMAC v/s these hash functions of a cost factor leading to .5 seconds for password verification. Sure there is a risk of HMAC key compromise, but those risks can be mitigated by rotating the HMAC key often. Also as this operations will be totally CPU bound, what is the cost for password hash creation and verification and computation power needed. There are other attack scenarios where an adversary can DOS the systems by sending multiple bad passwords. So many more compensatory controls need be thought through and built if we an organization decides to use high cost factor hash functions.

Comment on Weechat Relay With Let's Encrypt Certificates by K1NZ Tue, 31 Oct 2017 18:00:46 +0000 Thanks for this guide! Also, I did nick:nick (using a colon instead of a period) in the chown command.

Alex, thanks for the tip! Only one issue. Weechat doesn't like the ! in your command. I added
echo '*/relay sslcertkey' >~/.weechat/weechat_fifo
to the end of my shell script that does the copying of the certificates so now everything happens automagically!

Nick K1NZ

Comment on Manual Authenticated File Encryption With OpenSSL by Marcus Mon, 09 Oct 2017 10:42:05 +0000 It is much worse!!
I used aes-256-gcm to encrypt offline backups and that worked until after a "yum update" on a CentOS 7 system. Starting today it does not work and I cannot decrypt the offline backups.
The current (not working) openssl version is openssl-1.0.2k-8.el7.x86_64 while the previous (working) version is openssl-1.0.1e-60.el7_3.1.x86_64.

Comment on Time Based One Time Passwords - How It Works by Kevin Irías Mon, 02 Oct 2017 16:36:12 +0000 Thanks for the clear explanation. It is really useful to understand better how we can implement such a great algorythms without need of third party applications.

Comment on ZFS Administration, Part III- The ZFS Intent Log by Nawang Lama Tue, 26 Sep 2017 16:12:27 +0000 Hi Aaron,
We are looking for some kind performance tunning in ZFS. So will you be able to help us to do so. If yes please mail me at or share me your email address.

Comment on More ZSH Prompt Love by Shellcat-Zero Sun, 24 Sep 2017 06:23:22 +0000 The VCS feature appears to be broken, I never get any version control information in the prompt when navigating through repositories.

Comment on Weechat Relay With Let's Encrypt Certificates by Alex Fri, 22 Sep 2017 21:25:57 +0000 Hey! Firstly, thanks a lot of this! I was looking for this exactly and your post was great!

A suggestion for reloading would be to use the weechat fifo with something like:

echo '*/relay sslcertkey!' >~/.weechat/weechat_fifo

Comment on Password Attacks, Part I - The Brute Force Attack by Derrick Wed, 20 Sep 2017 12:29:42 +0000 "NIST approved SHA3 algorithms"

Isn't "NIST approving" the algorithm a blatant red flag?

Comment on Colorful Passphrases by Carlos Melero Sun, 17 Sep 2017 02:25:05 +0000 Hi! I'm the author of UnicornPass, thank you for mentioning my extension!

Time to update my local copy of your generator 😛 I wonder if it will help me remember new passwords

Comment on Encrypted Mutt IMAP/SMTP Passwords by Chris Hilton Fri, 08 Sep 2017 15:34:07 +0000 Oops, that should have read:
cat <<EOF | gpg -r my_gpg_id -e -
set imap_pass="my_password"
set smtp_pass="my_password"

Comment on Encrypted Mutt IMAP/SMTP Passwords by Chris Hilton Fri, 08 Sep 2017 15:32:38 +0000 This keeps your password out of the filesystem:

cat <<EOF | gpg -r -e -
set imap_pass=""
set smtp_pass=""

Have a good day!

Comment on Analysis of RIPEMD-160 by Maxim Tue, 05 Sep 2017 18:14:28 +0000 SHA-1 is broken... ))

Comment on ZFS Administration, Appendix C- Why You Should Use ECC RAM by Klaus Mon, 28 Aug 2017 16:21:18 +0000 @Daryl: The first DDR4 modules on the market had ECC. Non-ECC-DDR4-RAM appeared later on the market. That probably explains the (false) rumor that "DDR4 has better error handling than DDR3". Plus, there are numerous articles on the web which "prove" the increased reliability of DDR4-RAM (with ECC) by comparing it to DDR3-RAM...without ECC. Yep. Very funny.

I do not yet know how DDR4 compares to DDR3 regarding reliability. However, we do know that DDR3 was more reliable than DDR2-RAM. The Google report to which the article refers showed high error rates in DDR2-RAM. Note that at this time Google also did not replace RAM which began to show correctable errors - no wonder you see higher error rates when you decide to keep your failing RAM in use. Also note that Google used non-standard memory modules which were, according to the specs, incompatible with the mainboards (they worked in real life, of course, but possibly less reliably than standard modules).

Back to DDR4: DDR4-RAM can *optionally* have a "Write CRC" feature which can detect errors occurring on the bus when data is written to the RAM (the host could then retry the data transmission). However, this optional feature will, AFAIK, not be present on non-ECC-DDR4-RAM.