The Archives

  • 04.Aug.10
    The Sibyl security | rafacas | (1)
    The Sibyl is a project invented and implemented by Pedro (pfortuny) and me (rafacas). Although I have to admit that it was Pedro's idea. It started with the goal of secure storage of the shadow file and, in general, of any database of secret authentication tokens (think of passwords -actually hashes of passwords- of users of a Web-based service, for example). We consider it addresses the main concern on those databases: dictionary attacks and rainbow tables, which have become available at negligible cost: there is a cloud-based service for doing dictionary attacks on a WPA key. Our approach for storing shadow files ...
  • 11.Jun.10
    hex2bin preserving endianness in C automated | pfortuny | (0)
    I cannot help copying this snippet. Assume f is a (char *) of length L, containing an hex string like '0aabdda' (without the leading "0x", like something coming from a sha function ---or like the sha1 stored by Leopard in the password files, which is the origin of this problem). You want to transform it into the corresponding sequence of bytes (that is, assuming the string is of even length, otherwise, we add a trailing, yes, trailing, at the end, '0'). We shall store the result in t, which points to a (char *) of length L/2. The following C code ...
  • 06.Sep.09
    How to verify MD5 or SHA-1 digests security | rafacas | (2)
    MD5 and SHA-1 are cryptographic hash functions. They are deterministic procedures that take an arbitrary block of data as input and return a fixed-size bit string, the hash value (called message digest or fingerprint as well). Verifying MD5 or SHA-1 digest is highly recommended when you download new software for your system. In most of Linux distros the md5sum and sha1sum commands are available: $ md5sum ubuntu-9.04-desktop-i386.iso 66fa77789c7b8ff63130e5d5a272d67b ubuntu-9.04-desktop-i386.iso $ sha1sum ubuntu-9.04-desktop-i386.iso 19aabf327fdbde9e66db54dc04e3a83b92f70280 ubuntu-9.04-desktop-i386.iso Solaris (even version 10) doesn’t ship either with md5sum or sha1sum installed. However you can use digest: % /usr/bin/digest -a md5 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz 498c344fe2839631bb7cf4b869b7b830 % /usr/bin/digest -a sha1 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz a8da8247900dd06a7000fd0e6d41f834d6ab3e40 And in Mac OS X, ...