Security

Poor Man's SSH

A poor man's alternative to using SSH is to combine socat with spiped.

Setup spiped, then

On the server:

let spiped execute

socat tcp-l:2023,reuseaddr,fork exec:/bin/tcsh,pty,setsid,setpgid,stderr,ctty

On the client:

let spiped execute

socat -,raw,echo=0 tcp:localhost:2023

Sisyphus

For those who do not allow their mails being read by a large cloud provider, fighting junk mail is an endless task. And, many people developed various -- sometimes really clever -- techniques to mitigate it. Though, current spam filters are typically time-consuming to configure, consume immense resources (or deliberately do not use all available information), and are complex in maintenance.

This text is about Sisyphus, a novel filter that automatically learns all (!) your mails' content to effectively fight off junk, is easy to deploy (one binary), and just needs one line of config, the location of your mail directory.

more...

Child PGP Keys

This is a tutorial to set up child PGP keys from a master key.


Preliminary

For security reasons, many people want to store a master PGP keys at a safe location, for example a separate computer, and generate signed child keys for every day's usage. This has the advantage that revocations are easier, that expiration dates can be shorter than on the master key, that the fingerprint of the master key is still the only one that needs to be remembered, some kind of perfect forward secrecy can be constructed, or more.

The idea is to create a subkey from the master key that will later be split away and exported as a new master key of its own -- to be imported wherever you need it.


Requirements

Install GnuPG from your favorite installer, e.g. in FreeBSD do:

# pkg install gnupg1


Master Key

Create a master key (follow the respective instructions):

> gpg --gen-key

You should have something like:

> gpg --list-secret-keys

/home/cs/.gnupg/secring.gpg

---------------------------

sec 2048R/9B3161D9 2017-04-26 [expires: 2017-05-06]

uid Test Name <test.name@test.tt>

ssb 2048R/A3DE176C 2017-04-26


Create Child Subkey

Now, we create a child subkey by entering the edit mode (make sure you use the key id of your newly generated master key):

> gpg --edit-key 9B3161D9

Add the subkey:

gpg> addkey

and select for example `RSA (sign only)`. The result should look like:

pub 2048R/9B3161D9 created: 2017-04-26 expires: 2017-05-06 usage: SC

trust: ultimate validity: ultimate

sub 2048R/A3DE176C created: 2017-04-26 expires: 2017-05-06 usage: E

sub 2048R/9115E8C4 created: 2017-04-26 expires: 2017-04-28 usage: S

[ultimate] (1). Test Name <test.name@test.tt>

Checksum a DVD

Sometimes you get a DVD that you would like to checksum. For example one to install a new operating system.

A constant question is whether the content on this DVD is legitimate or not. Luckily, check-summing a DVD or CDROM is not so hard.

Get size of DVD image:

> ftp ftp.freebsd.org

> cd pub/FreeBSD/ISO-IMAGES-amd64/10.0

> ls

We observe that the size of the DVD image is:

2484742144

Copy entire DVD content to harddisk:

> dd if=/dev/cd0 bs=2k count=`dc -e "2484742144 2048 / p"` of=/tmp/dvdcopy

Checksum the create file and compare with pubilshed hashes:

> sha256 /tmp/dvdcopy

Byte-by-byte comparison:

> cmp /dev/cd0 FreeBSD-9.1-RELEASE-amd64-dvd1.iso