Security
Poor Man's SSH
Sisyphus
For those who do not allow their mails being read by a large cloud provider, fighting junk mail is an endless task. And, many people developed various -- sometimes really clever -- techniques to mitigate it. Though, current spam filters are typically time-consuming to configure, consume immense resources (or deliberately do not use all available information), and are complex in maintenance.
This text is about Sisyphus, a novel filter that automatically learns all (!) your mails' content to effectively fight off junk, is easy to deploy (one binary), and just needs one line of config, the location of your mail directory.
Child PGP Keys
This is a tutorial to set up child PGP keys from a master key.
Preliminary
For security reasons, many people want to store a master PGP keys at a safe location, for example a separate computer, and generate signed child keys for every day's usage. This has the advantage that revocations are easier, that expiration dates can be shorter than on the master key, that the fingerprint of the master key is still the only one that needs to be remembered, some kind of perfect forward secrecy can be constructed, or more.
The idea is to create a subkey from the master key that will later be split away and exported as a new master key of its own -- to be imported wherever you need it.
Requirements
Install GnuPG from your favorite installer, e.g. in FreeBSD do:
# pkg install gnupg1
Master Key
Create a master key (follow the respective instructions):
> gpg --gen-key
You should have something like:
> gpg --list-secret-keys
/home/cs/.gnupg/secring.gpg
---------------------------
sec 2048R/9B3161D9 2017-04-26 [expires: 2017-05-06]
uid Test Name <test.name@test.tt>
ssb 2048R/A3DE176C 2017-04-26
Create Child Subkey
Now, we create a child subkey by entering the edit mode (make sure you use the key id of your newly generated master key):
> gpg --edit-key 9B3161D9
Add the subkey:
gpg> addkey
and select for example `RSA (sign only)`. The result should look like:
pub 2048R/9B3161D9 created: 2017-04-26 expires: 2017-05-06 usage: SC
trust: ultimate validity: ultimate
sub 2048R/A3DE176C created: 2017-04-26 expires: 2017-05-06 usage: E
sub 2048R/9115E8C4 created: 2017-04-26 expires: 2017-04-28 usage: S
[ultimate] (1). Test Name <test.name@test.tt>
Checksum a DVD
Sometimes you get a DVD that you would like to checksum. For example one to install a new operating system.
A constant question is whether the content on this DVD is legitimate or not. Luckily, check-summing a DVD or CDROM is not so hard.
Get size of DVD image:
> ftp ftp.freebsd.org
> cd pub/FreeBSD/ISO-IMAGES-amd64/10.0
> ls
We observe that the size of the DVD image is:
2484742144
Copy entire DVD content to harddisk:
> dd if=/dev/cd0 bs=2k count=`dc -e "2484742144 2048 / p"` of=/tmp/dvdcopy
Checksum the create file and compare with pubilshed hashes:
> sha256 /tmp/dvdcopy
Byte-by-byte comparison:
> cmp /dev/cd0 FreeBSD-9.1-RELEASE-amd64-dvd1.iso