General January 2014

general@lists.hackerspace.pl

25 participants
27 discussions

Fwd: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)
by rysiek 10 Jan '14

10 Jan '14

---------- Treść przekazywanej wiadomości ---------- Temat: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) Data: piątek, 10 stycznia 2014, 04:13:29 Od: gwen hastings Do: cypherpunks(a)cpunks.org <cypherpunks(a)cpunks.org> >From the README... DESCRIPTION Pretty Curved Privacy (pcp1) is a commandline utility which can be used to encrypt files. pcp1 uses eliptc curve cryptography for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide accepted standard it hasn't been compromised by the NSA - which might be better, depending on your point of view. Caution: since CURVE25519 is no accepted standard, pcp1 has to be considered as experimental software. In fact, I wrote it just to learn about the curve and see how it works. Beside some differences it works like GNUPG. So, if you already know how to use gpg, you'll feel almost home. QUICKSTART Lets say, Alicia and Bobby want to exchange encrypted messages. Here's what the've got to do. First, both have create a secret key: Alicia Bobby pcp1 -k pcp1 -k After entering their name, email address and a passphrase to protect the key, it will be stored in their vault file (by default ~/.pcpvault). Now, both of them have to export the public key, which has to be imported by the other one. With pcp you can export the public part of your primary key, but the better solution is to export a derived public key especially for the recipient: Alicia Bobby pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they have to import it: Alicia Bobby pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub They will see a response as this when done: key 0x29A323A2C295D391 added to .pcpvault. Now, Alicia finally writes the secret message, encrypts it and sends it to Bobby, who in turn decrypts it: Alicia Bobby echo "Love you, honey" > letter pcp1 -e -i 0x29A323A2C295D391 -I letter -O letter.z85 cat letter.z85 | mail bobby(a)foo.bar pcp1 -d -I letter.z85 | less And that's it. Please note the big difference to GPG though: both Alicia AND Bobby have to enter the passphrase for their secret key! That's the way CURVE25519 works: you encrypt a message using your secret key and the recipients public key and the recipient does the opposite, he uses his secret key and your public key to actually decrypt the message. Oh - and if you're wondering why I named them Alicia and Bobby: I was just sick of Alice and Bob. We're running NSA-free, so we're using other sample names as well. INSTALLATION There are currently no packages available, so pcp has to be compiled from source. Follow these steps: First, you will need libsodium: git clone git://github.com/jedisct1/libsodium.git cd libsodium ./autogen.sh ./configure && make check sudo make install sudo ldconfig cd .. Next, pcp: git clone git://github.com/tlinden/pcp.git cd pcp ./configure sudo make install cd .. Optionally, you might run the unit tests: make test DOCUMENTATION To learn how to use pcp, read the manpage: man pcp1 7. Licensed under the GNU GENERAL PUBLIC LICENSE version 3. HOME The homepage of Pretty Curved Privacy can be found on http://www.daemon.de/PrettyCurvedPrivacy. The source is on Github: https://github.com/TLINDEN/pcp -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) ----------------------------------------- -- Pozdr rysiek

1 0

neuromorficzne procesory w tym roku
by spin 09 Jan '14

09 Jan '14

http://bgr.com/2013/12/30/qualcomm-brain-like-processor-2014/ gdzieś z gazety wyrwałem. Na początku będzie pewnie wkurwiające po maksie. Ciekawe czy taką niepewną zmienną ktoś zdecyduje się wprowadzić do superkomputerów albo serwerów, czy na razie będzie tylko research i małpofony.

2 1

Fwd: Re: [cryptography] To Protect and Infect Slides
by rysiek 08 Jan '14

08 Jan '14

Hej, Pod rozwagę, zwłaszcza dla adminów. ---------- Treść przekazywanej wiadomości ---------- Temat: Re: [cryptography] To Protect and Infect Slides Data: poniedziałek, 6 stycznia 2014, 22:48:48 Od: Cathal Garvey Do: cypherpunks(a)cpunks.org > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? I read from this that excessive logging outside of a debugging scenario, coupled with either bad security or wilful sharing of log files, is the culprit. So you're running a server, you want logs. Fine; what do you need to know? Statistical information about access, but not necessarily *who* is accessing. Perhaps you need to see if one person is accessing more than their share, but unless they exceed a certain threshold you don't want to record who they are; hash the IPs with a salt. Sure, yes, I expect you can reverse IP hashes, but at least you're trying. Point being that logs are for debug and performance monitoring, but in this era of A) spying without consent and B) wilful assistance of spies by sysadmins globally, to be a good guy you have to wear blinders and collect only what you need. To resist the urge to hoard that comes with being raised in a marketing-heavy capitalism and with seeing storage volumes growing exponentially and remembering your days of scrimping on poorly encoded mp3s. Store what you need. Ditch the rest before it's even paged. On 06/01/14 16:42, Laurens Vets wrote: > On 2014-01-05 01:01, John Young wrote: >> If your server or ISP generates log files, as all do, you cannot >> be secure. If upstream servers generate log files, as all do, >> you cannot be secure. If local, regional, national and international >> servers generate log files, as all do, you cannot be secure. >> >> So long as log files are ubiquitous on the Internet, no one can >> be secure. >> >> Log files are the fundamental weakness of the Internet >> because system administrators claim the Internet cannot >> be managed and maintained without them. >> >> This is not true, it is merely an urban legend to conceal >> the interests of system administrators and their customers >> to exploit Internet user data. >> >> There is no fundamental need for log files, except to >> perpetuate the other urban legend, privacy policy, which >> conceals the abuse of log files by web site operators >> and their cooperation with "lawful" orders to reveal >> user data, most often by being paid to reveal that >> data to authorities, to sponsors, to funders, to >> advertisers, to scholars, to private investigators, >> to inside and outside lawyers, to serial cohorts, >> cartels and combines, to providers and purchasers >> of web sites, to educators of cyber employees, >> to courts, to cybersecurity firms, to journalists, to >> anybody who has the slightest justification to exploit >> Internet freedom of information by way of phony >> security, privacy and anonymizing schemes. >> >> In this way, the Internet corrupts its advocates by >> inducing the gathering and exploiting user data, . >> It is likely your organizaion is doing this ubiquitous >> shit by pretending to ask for advice on security. >> As if there is any. NSA is us. > > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? > >> At 05:44 PM 1/4/2014, you wrote: > On 31/12/13 21:13, Jacob Appelbaum wrote: >>>>> I'm also happy to answer questions in discussion form about the >>>>> content of the talk and so on. I believe we've now released quite a >>>>> lot of useful information that is deeply in the public interest. >>>>> >>>>> All the best, Jacob > > Hi people: > > As most of the people around the world, I find really troubling all > these revelations. Of course we suspected this kind of shit, we just > didn't know the gory and surprising details. > > I work in a libre-software e-voting project [0] which has been > deployed in some interesting initiatives already [1] and we strive to > make it as secure as possible [2], though our resources are currently > limited. Of course, anyone is welcome to join and help us. > > Do you have any specific recommendation for securing the servers of > the authorities who do the tallying, in light of latest revelations? > it seems really difficult to get away from the NSA if they want to get > inside the servers. > > Kind regards, >>> _______________________________________________ >>> cryptography mailing list >>> cryptography(a)randombit.net >>> http://lists.randombit.net/mailman/listinfo/cryptography ----------------------------------------- -- Pozdr rysiek

4 9

CNC machines locked with gyro and gps mechanisms
by spin 07 Jan '14

07 Jan '14

http://www.practicalmachinist.com/vb/dmg-mori-gildemeister-maho-cnc/mori-el… niezłe jaja

2 1

Shodan search engine
by spin 07 Jan '14

07 Jan '14

http://www.shodanhq.com/ http://money.cnn.com/2013/04/08/technology/security/shodan/

1 0

Fwd: P2P VPN
by rysiek 05 Jan '14

05 Jan '14

---------- Treść przekazywanej wiadomości ---------- Temat: P2P VPN Data: czwartek, 26 grudnia 2013, 16:05:01 Od: Matej Kovacic Hi, this might be of interest to you: https://code.google.com/p/badvpn/ Peer-to-peer VPN The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames), and can be secured with a multitude of mechanisms. Notable features are: * UDP and TCP transport * Converges very quickly after a new peer joins * IGMP snooping to deliver multicasts efficiently (e.g. for IPTV) * Double SSL: if SSL is enabled, not only do peers connect to the server with SSL, but they use an additional layer of SSL when exchanging messages through the server * Features related to the NAT problem: 1. Can work with multiple layers of NAT (needs configuration) 2. Local peers inside a NAT can communicate directly 3. Relaying as a fallback (needs configuration) More info here: https://code.google.com/p/badvpn/wiki/badvpn P. S. It would be nice to see this with easy to use GUI and prepacked binaries for all "main" systems... Regards, M. ----------------------------------------- -- Pozdr rysiek

2 1

300 wpm: stenotyping, machine shorthand: Plover
by spin 05 Jan '14

05 Jan '14

Z nudów i choroby zacząłem się bawić Dvorakiem. Okazało się że da radę nauczyc się touch typingu w circa 2 dni na 10 wpm bez błędów (z pomocą Klavaro - polecam, doskonały soft do touch typingu, FLOSS). No ale potem poczytałem że dvorak nie ma specjalnie magicznych właściwości - w jednych zastosowaniach jest lepszy, w innych mniej. No i wpadłem na stenotyping, czyli tzw. machine shorthand. http://stenoknight.com/wiki/FAQ#How_does_it_work.3F Jakaś kobieta stwierdziła że pieprzy stenografy za $4K + $700/rok upgrade'y, i poszła do znajomego frika od pythona i hardware'u, i narodziło się to. Pytanie, czy są tu jakieś wariaty od stenotypingu, albo czy ktoś chciałby się w to pobawić? Zawsze mi się wydawało że o ile steno jest fajne do pisania fonetycznego, o tyle jeśli chodzi o rzeczy niefonetyczne, typu kod, to steno trochę ssie. natomiast widzę że Plover jest robiony raczej pod tą hakerską część społeczności która stuka raczej kod niż dzieła literackie... Tak więc, co myślicie?

9 14

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

General January 2014