‘dropbox’ and noexec home directories
A quick note – I’ve been having problems with dropbox not working on my Ubuntu systems. It would try to re-install the software every time I restarted the system, get to around 97% unpacked, and then...
View ArticleIntroduction to Digital Certificates, Part 1
This is the first entry in a series on the how, what and why of digital certificates. Especially the ‘what’ and ‘why’ since we developers tend to focus too much on the ‘how’. The tentative topics...
View ArticleIntroduction to Digital Certificates, Part 2: IDs
This is part of a series on Digital Certificates. Introduction IDs X.509v3 Certificates Creating Certs with Bouncy Castle RA, CA and repository Before we get into the details of digital certificates we...
View ArticleIntroduction to Digital Certificates, Part 3: X509v3
This is part of a series on Digital Certificates. Introduction IDs X.509v3 Certificates Creating Certs with Bouncy Castle RA, CA and repository Now that we know what an “ID” is we can quickly...
View ArticleIntroduction to Digital Certificates, Part 4: Creating Certs with Bouncy Castle
This is part of a series on Digital Certificates. Introduction IDs X.509v3 Certificates Creating Certs with Bouncy Castle RA, CA and repository Time for some code! This implementation uses deprecated...
View ArticleIntroduction to Digital Certificates, Part 5: CA, RA and Repository
This is part of a series on Digital Certificates. Introduction IDs X.509v3 Certificates Creating Certs with Bouncy Castle CA, RA and Repository I’ve casually mentioned a “Certificate Authority”...
View ArticleAdding native encryption to ‘dump’, part 1: Fast File System and DUMP format
This is the first of a two articles on adding native encryption to the Unix ‘dump’ application. We begin with an overview of the Fast File System (FFS) and the format of DUMP tapes/files. Fast File...
View ArticleAdding Native Encryption to ‘dump’, part 2: Cryptanalysis
This is the second of a two articles on adding native encryption to the Unix ‘dump’ application. We conclude with a cryptanalysis of our options. N.B., this is an overview and not a formal paper....
View ArticleWhat’s On My Desk
A few people have asked what’s on my desk since I’m posting (irregularly) on unusual topics. The answer is actually pretty boring. My posts are mostly the result of some lateral thinking and being...
View ArticleNot Responsible For Broken Windshields
My wife says I get grouchy when I’m studying or doing security. I have no idea why…. Today’s beef is with the open-bed truck companies that have “not responsible for broken windshield” stickers on the...
View ArticleMore on Password Encryption
I was recently reading Spring Security 3 and it made an interesting point about some LDAP servers. The servers never provide the (hashed) password. That raises the immediate question of how you can...
View ArticleUsing Sequences as Encryption IVs
Anyone using low-level encryption libraries should know that you need both a SecretKey and a “random” IV. The easiest way to get a good IV is to use a SecureRandom instance to generate the necessary...
View ArticleDatabase Encryption Using JPA Listeners
I recently had to add database encryption to a few fields and discovered a lot of bad advice out there. Update I recently learned how to handle spring injection into JPA listeners. Details at...
View ArticleCreating Password-Based Encryption Keys
This article discusses creating password-based encryption PBE keys. First a reminder of earlier points – as a rule you should, when practical, use the PBE key as a master key that is used solely to...
View ArticleCreating Vulnerability Assessment Artifacts Using Maven Assembly
This article will discuss using Maven Assembly to create artifacts that can be provided to third-party vulnerability assessment sites (e.g., Veracode) for review. Static Analysis for Bugs vs....
View ArticleWhat I’m Reading: November 2013
What I’m “reading,” November 2013: Coursera class: Principals of Reactive Programming (second course in Scala). I also need to finish Programming in Scala. Scala in Depth and Scala in Action will...
View ArticleFokirtor You Too
There’s a Linux backdoor in the wild. It isn’t widespread but it’s conceptually simple and copycats are a real possibility. Do not be complacent because you run Linux. See Fokirtor [Schneier on...
View ArticleClik here to view.
Check your REST parameters!
I was doing research related to my ongoing “project student” series and realized that I had made one of the most common – and most easily remedied – mistakes. I wasn’t using everything I know about the...
View ArticleGetting A List of Available Cryptographic Algorithms
How do you learn what cryptographic algorithms are available to you? The Java spec names several required ciphers, digests, etc., but a provider often offers more than that. Fortunately this is easy to...
View Article