Open source software security

AxCrypt Encryption Software

I first reviewed AxCrypt encryption software by Axantum way back in 2006. The program has come a long way since then and is definitely still a very commendable addition to any security toolkit. AxCrypt allows Windows users to encrypt files and folders quickly and easily in order to secure their contents.

Appropriate Encryption

I've recently been plowing my way through Crypto, by Steven Levy. Crypto follows the exploits, trials, and tribulations of the researchers, academics, and industry professionals who pioneered the field of cryptography outside of the the government.

GPG Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQGiBEZCaIMRBADnkM3pW2zaX4ug8JE/0wwhOPwswnfV3a0sJrQK7EIi6F8b8b+a
4gv2ebyud/vzCIodjdrG4HjUrYYq6/EAahRRi0Uhv8KjjvngyfJ3KNHdubiQiTOD
H6qBINL63kKhdvhsFBZAnRkR/skLiusqZklTm2UBBMCAAZP4HdQYmOqDWwCg0r0u
1bZyQGOHH5ApXRZc9RE0viED/3nRysNLsaN5a3vMskr2lsg3ZintaERggUy2A45k
s8zB8XJ8KnDL5wi0YghTYx25Cr1EBzMf86De96l7+wcX+r3kFF3dAja0OcecLzqC
AmrrDfyQn0KoJvYzko76KVUqEuaR4OQe/rtKfk8v1JFWE/2Xqqzfuwx1UknMtCQJ
BcXnA/wKxLtD8mthJR+HcqqAFLKrYubSG61jJjwVaFU4ZT/1YGbwsFdliUzP7Zmk

Using SSH PKA on Linux

The Secure SHell (SSH) is an increasingly popular way for linux machines to communicate securely. SSH has become the de facto remote shell access protocol, replacing telnet but also providing alternatives to file transfer protocol (FTP) and in some cases virtual private networking (VPN). SSH can be used to connect security to a remote machine, transfer files, and even tunnel connections to remote locations.

GPG Key

justin@madirish.net GPG key

Installing TrueCrypt 6.2 on CentOS 5.3

TrueCrypt (http://www.truecrypt.org) is a great open source encryption package. Unfortunately installing TrueCrypt on Linux often involves building it from source. This can be quite a hassle due to the many dependencies. I've written up a short list of instructions for successfully installing TrueCrypt 6.2 on CentOS 5.3 (http://www.centos.org) to hopefully save others some of the time and hassle I had to go through to figure this out.

Disturbing Decision by US Courts Regarding Encryption

Sebastien Boucher was arrested at the Canadian/US border crossing for having child pornography on his laptop has been ordered to reveal the password to decrypt an encrypted drive on his laptop for inspection by a grand jury. The laptop was equipped with PGP industry standard encryption software. However, it seems that when agents first inspected the laptop it was simply asleep (only entering hibernation will cause PGP to re-encrypt drives and require a password) and they were able to inspect contents of the hard drive. Agents apparently found thousands of pornographic images (surprise) and a video titled "2yo getting raped during diaper change" and arrested him on child pornography charges. However, after Mr. Boucher's arrest, it seems his laptop was powered off, which caused PGP to re-encrypt the drive containing the images and video in question.

Installing TrueCrypt on Mandriva

TrueCrypt is a great encryption utility that is available for several operating systems and uses. TrueCrypt will let you create encrypted volumes, encrypted devices, or even do whole disk encryption. I use TrueCrypt on Windows and Linux, and it's handy to be able to move encrypted volume files from one operating system to another and be able to mount them. Unfortunately, due to some disputes over licensing, Mandriva has re-branded TrueCrypt as RealCrypt and distributes it with Mandriva. I've had some problems getting the RealCrypt RPM's to work, and for this reason I decided to go ahead and install TrueCrypt 6.0 on my Mandriva 2008.1 system.

Question: When would you use 'sign' over 'encrypt'?

Public key encryption (or asynchronous encryption) is pretty tricky stuff. Encrypting a message provides confidentiality, signing provides assurance. If I sign a message the message is hashed and the hash is encrypted with my private key. This 'signature' can be verified by anyone with my public key - a process that proves the holder of my private key signed the message and that the message (and signature) have not been altered since I sent the message. So I sign all my messages so you can verify that the message came from me and not some impostor. Because e-mail doesn't provide any native verification there's really no way to tell if an e-mail from my address is really from me without digital signatures.

Scripting GPG Encryption on Windows

Often times your Windows machine generates a number of files that you might want to encrypt. While storing these files on an encrypted drive is often a suitable solution, there are times when a file or folder level encryption is more utilitarian. Using GPG file level encryption allows you to distinctly identify files by filename while still protecting their content.

SSL Default Virtual Host Problem on Mandriva

Mandriva 2007 (http://www.mandriva.com) has an interesting implementation of Apache 2. There are a lot of non-standard implementations that will drive you crazy if you don't know where they are or what they do. One instance of this configuration is the handling of SSL if you have apache-mod_ssl installed. Normally your virtual hosts are controlled from within the file /etc/httpd/conf/vhosts.d/Vhosts.conf. This has changed in the latest distribution and Mandriva seems to have moved to a more inetd style of configuration files. Now the virtual hosts file is in /etc/httpd/conf/vhosts.d/00_default_vhosts.conf. The 00 prefix would tend to indicate that this is the first virtual host file to be loaded, but that others could be appended or loaded outside of this one. I actually tested this out and it works. For instance, say you have two virtual hosts and you want to list them separately.

Getting GPG Encryption with Evolution

I have to admit I'm loving using Gnome on my Mandriva machine. Mandriva is a popular French distribution of Linux that, like most of it's European counterparts (well, perhaps SUSE can't be considered European now that they belong to Novell), uses KDE as it's default window manager. I used KDE for ages and became quite comfortable with it, but I actually find Gnome to be a lot cleaner and easier to use these days. Gnome integrates quite nicely with Evolution. Despite having Thunderbird available, Sunbird hasn't come along far enough to make calendar integration with Thunderbird feasible quite yet.

Getting TrueCrypt to Work with Mandriva 2007.1

I've been using TrueCrypt for some time now on my Windows machines and I wanted to explore how easy or hard it was to get it working under Mandriva 2007.1 (Spring). It turns out there are quite a few hidden caveats to getting TrueCrypt working. In my case I had a USB drive connected to the machine that was serving as an encrypted volume. When I booted up Mandriva I wanted to be able to mount the drive.

LC-3 Encryption Program

My main motivation for posting this code is the dearth of LC-3 code samples available online. LC-3 (or Little Computer 3) is an architecture used for instructional purposes only. This LC-3 program performs simple encryption and decryption of character strings. The encryption algorithm consists of a numeric key from 1 to 9. This key is used to encrypt or decrypt the input string by toggling the low order bit of each character and then adding the key to encrypt and subtracting the key to decrypt each character (depending on the specification of the input). This program was written as part of a class assignment and is assumed to work on character strings of 10 characters or fewer

Secure PHP Connections to MySQL with SSL

Separating the elements of your LAMP stack makes a lot of security sense. If you host your web server on a different machine than your database server you get a couple of wins. A compromise in your database won't allow an attacker to alter web pages or write files to the web server, and compromise of your web server wouldn't allow attackers to read the text based MySQL data files. By segregating the functionality you effectively sandbox each tier of your web application to prevent the escalation of compromises. The potential downside of separating these elements, however, is that you introduce a new attack vector, namely snooping traffic on the wire as it travels between the database and the web server.

4 Simple Tips for Securing OpenSSH

Securing an SSH server is a simple process that many administrators overlook. The following are four simple steps you can take to help lock down your SSH server. Given the widespread nature of SSH brute force attacks it is well worth the effort to enforce some extra restrictions on your SSH server. Most of the suggestions outlined below rely on configuration changes that can be implemented in your sshd_config file. Note there are two separate configuration files, ssh_config, and sshd_config on most installations. Be sure to edit the sshd_config file (the d is for daemon, or the SSH service).

Microsoft Office Encryption 2003 and 2007

This article was designed to address some nagging questions about utilizing Microsoft Office encryption as well as compatibility issues between Office 2003 and Office 2007. There isn't a lot of good documentation online about the differences between Office 2003 and Office 2007 encryption schemes, but there have been some notable instances of weaknesses being pointed out in Microsoft encryption schemes.

Getting Truecrypt to work with Mandriva 2007

I've been using TrueCrypt for some time now on my Windows machines and I wanted to explore how easy or hard it was to get it working under Mandriva 2007.1 (Spring). It turns out there are quite a few hidden caveats to getting TrueCrypt working. In my case I had a USB drive connected to the machine that was serving as an encrypted volume. When I booted up Mandriva I wanted to be able to mount the drive.

Using Blowfish Encryption Between PHP and Perl

I recently wondered if I could use a common encryption algorithm across both PHP and Perl. In this particular case I wanted to know if PHP and Perl could both utilize the Blowfish encryption algorithm to share encrypted data (with data being encrypted in one language and decrypted in another).

Is Oracle Data Encrypted on the Wire?

This short article answers a question recently posed to me. I set out to determine if queries and responses to and from Oracle databases (which occur over TCP port 1512 by default) were encrypted.

Setting Up Public Key Access using PuTTY

Public keys are a great way to log into a remote machine without having to provide a password. This diminishes your security posture somewhat, but done right this can be mitigated. Using public keys allows you to leverage secure protocols like SSH in scripts and automation. Because the public key means there is no password challenge response, scripts can log in and out of remote hosts without human interaction.

GPG for Encryption and Digital Signing

GPG, the GNU version of PGP, is available for pretty much any platform. This free, open source encryption package can be used in a surprising number of ways. The program's utility and versatility make it a favorite among many security professionals.

GnuPG on Windows

GPG is the free, open source alternative to proprietary PGP encryption. It is easy to use and just as secure. Installing GPG on Windows allows you to encrypt files and emails as well as letting you examine and apply digital signatures.

Open Source USB Key Encryption Techniques

After I bought a new USB key I began to think about possible ways to keep my data safe. Since USB keys are small and easily misplaced, lost, or stolen I wanted to be sure that if my key did go missing that any private data would stay secure. I also wanted to make sure to use open source tools since they are cheaper (free) and more sustainable over time since they use open formats.

Connecting To a Remote MySQL Server Securely Using SSH Port Forwarding

Brief instructions on how to set up local port forwarding to allow for a secure MySQL connection by tunneling through an existing SSH session. This allows for encryption as well as the ability to bypass firewalls that allow remote SSH connections but block remote MySQL connections.

by: Justin
Original: September 23, 2004
Updated: May 1, 2008

Connecting Securely

PGP on Windows Tutorial

How to get started using PGP - Pretty Good Privacy. This encryption software lets you send and recieve secure email, encrypt local files on your system, and decrypt PGP messages from other people.