recentpopularlog in

rdark : crypto   42

firstlookmedia/gpgsync: GPG Sync is designed to let users always have up-to-date public keys for other members of their organization
GPG Sync is designed to let users always have up-to-date OpenPGP public keys for other members of their organization.

If you're part of an organization that uses GPG internally you might notice that it doesn't scale well. New people join and create new keys and existing people revoke their old keys and transition to new ones. It quickly becomes unwieldy to ensure that everyone has a copy of everyone else's current key, and that old revoked keys get refreshed to prevent users from accidentally using them.

GPG Sync solves this problem by offloading the complexity of GPG to a single trusted person in your organization. As a member of an organization, you install GPG Sync on your computer, configure it with a few settings, and then you forget about it. GPG Sync takes care of everything else.
crypto  gpg  pgp  python  github 
november 2018 by rdark
Nitrokey | Secure your digital life
Nitrokey is an USB key to enable highly secure encryption and signing of emails and data, as well as login to the Web, networks and computers. Other than ordinary software solutions, the secret keys are always stored securely inside the Nitrokey. Their extraction is impossible which makes Nitrokey immune to computer viruses and Trojan horses. The user-chosen PIN and the tamper-proof smart card protect in case of loss and theft. Hardware and software are both available as Open Source to allow verifying the security and integration with other applications.
gpg  pgp  smart_cards  hardware  security  HSM  yubikey  u2f  crypto  open_source 
may 2018 by rdark
Lock Up Your Customer Accounts, Give Away the Key - TADevelops
Overview of Cryptex - a Node.js library and CLI tool to effortlessly manage secure envelope encryption in your services. Use it in any kind of project by simply firing off the executable and capturing the output. Node.js projects gain additional simplicity from the module integrating directly with the app and providing a clear and simple API.
crypto  encryption  KMS  nodejs 
april 2016 by rdark
AWS CloudTrail Update – SSE-KMS Encryption & Log File Integrity Verification | AWS Official Blog
Today, we are announcing two new features for CloudTrail:

Support for Encryption using SSE-KMS – You can add an additional layer of security for the CloudTrail log files stored in your S3 bucket by encrypting them with your AWS Key Management Service (KMS) key. CloudTrail will encrypt the log files using the KMS key you specify.
Log File Integrity Validation – You can validate the integrity of the CloudTrail log files stored in your S3 bucket and detect whether they were deleted or modified after CloudTrail delivered them to your S3 bucket. You can use the log file integrity (LFI) validation as a part of your security and auditing discipline.
kms  aws  encryption  crypto  cloudtrail 
february 2016 by rdark
New – Encrypted EBS Boot Volumes | AWS Official Blog
Today we are launching encryption for EBS boot volumes. This feature builds on a recent release that allowed you to copy an EBS snapshot while also applying encryption.
aws  storage  ebs  crypto  encryption 
february 2016 by rdark
skskeyserver / sks-keyserver / wiki / Home — Bitbucket
SKS is an OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system.
pgp  gpg  security  keyserver  development  crypto 
february 2016 by rdark
A Git Horror Story: Repository Integrity With Signed Commits
Recently updated with comparison/trade-offs of various git signing methodologies
crypto  security  gpg  pgp  git 
february 2016 by rdark
docker/notary: Notary is a Docker project that allows anyone to have trust over arbitrary collections of data
The Notary project comprises a server and a client for running and interacting with trusted collections.

Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS to secure our communications with a web server which is inherently flawed, as any compromise of the server enables malicious content to be substituted for the legitimate content.
github  docker  security  crypto 
february 2016 by rdark
The trust machine | The Economist
Good easy to understand explanation of blockchain tech
bitcoin  blockchain  crypto 
november 2015 by rdark
isislovecruft/scripts
Small scripts and utilities, often for using other programs with Tor, routing traffic safely, removing fingerprintable system traits, and deploying/securing remote systems.
github  security  tor  gpg  pgp  crypto  sysadmin  scripts  networking 
october 2015 by rdark
scripts/check-commit-signature at master · isislovecruft/scripts
A server-side update git hook for checking the GPG signature of a pushed commit.
security  git  pgp  gpg  crypto  hooks 
october 2015 by rdark
cloudflare/redoctober
Red October is a software-based two-man rule style encryption and decryption server.

A bit like vault.

CFSSL should work with this but support is beta apparently.
github  crypto  security  cloudflare  x509  tls  ssl 
june 2015 by rdark
cloudflare/cfssl
CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.4 to build.

Note that certain linux distributions have certain algorithms removed (RHEL-based distributions in particular), so the golang from the official repositories will not work. Users of these distributions should install go manually to install CFSSL.
tls  ssl  golang  crypto  PKI  x509 
june 2015 by rdark
DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S
In the past year, a conflict has erupted between technology companies, privacy advocates, and members of the U.S. law enforcement and intelligence communities over the right to use and distribute products that contain strong encryption technology. This debate between government actors seeking ways to preserve access to encrypted communications and a coalition of pro-encryption groups is reminiscent of an old battle that played out in the 1990s: a period that has come to be known as the “Crypto Wars.” This paper tells the story of that debate and the lessons that are relevant to today. It is a story not only about policy responses to new technology, but also a sustained, coordinated effort among industry groups, privacy advocates, and technology experts from across the political spectrum to push back against government policies that threatened online innovation and fundamental human rights.
pdf  crypto  articles  history  internet  security 
june 2015 by rdark
Ruby AES Encryption using OpenSSL
example walkthrough of symmetric encryption using OpenSSL bindings in ruby
ruby  openssl  AES  security  crypto  reference  github 
may 2015 by rdark
dm-crypt/Drive preparation - ArchWiki
Before encrypting a drive, you should perform a secure erase of the disk by overwriting the entire drive with random data. To prevent cryptographic attacks or unwanted file recovery, this data is ideally indistinguishable from data later written by dm-crypt.
LUKS  crypto  security  fde  archlinux  storage 
may 2015 by rdark
openssl - Heartbleed: What is it and what are options to mitigate it? - Server Fault
What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are vulnerable, what are the symptoms, are any methods to detect a successful exploit?
openSSL  security  crypto  vulnerability  heartbleed  serverFault 
april 2014 by rdark
Keybase
Keybase will be a public directory of publicly auditable public keys. All paired, for convenience, with unique usernames.

...and a pretty sweet reference client.
crypto  gpg  security  pgp  twitter  github  nodejs 
march 2014 by rdark
substack/cipherhub
It can be frustrating and annoying to communicate with somebody using public key cryptography since setting up PGP/GPG is a hassle, particularly managing keyrings and webs of trust.

Luckily, you can fetch the public ssh keys of anybody on github by going to:

https://github.com/$USERNAME.keys

If you just want to send somebody an encrypted message out of the blue and they already have a github account with RSA keys uploaded to it, you can just do:

cipherhub $USERNAME < secret_message.txt

and it will fetch their public keys from github, storing the key locally for next time.
github  crypto  ssh  security 
march 2014 by rdark
Features/SharedSystemCertificates - FedoraProject
docs for shared system certificates (installation of certs which are then trusted by multiple crypto libraries on the system), which has been released in RHEL/CentOS 6.5 but not yet documented there apart from a couple of lines in the release notes (https://bugzilla.redhat.com/show_bug.cgi?id=1035864).

p11-kit is the admin tool
fedora  redhat  CentOS  ssl  tls  certificate_authority  crypto 
december 2013 by rdark
SafeCurves: Introduction
SafeCurves:
choosing safe curves for elliptic-curve cryptography
crypto  maths  elliptic-curve  security 
october 2013 by rdark
DNSCrypt by jedisct1
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server, by default OpenDNS who run this on their resolvers.
crypto  dns  encryption  security 
june 2013 by rdark
[cryptography] skype backdoor confirmation
I was disappointed the rumoured skype backdoor is claimed to be real, and
that they have evidence. The method by which they confirmed is kind of odd
- not only is skype eavesdropping but its doing head requests on SSL sites
that have urls pasted in the skype chat!
crypto  privacy  security  skype  microsoft  germany 
may 2013 by rdark
The Matasano Crypto Challenges (Pinboard Blog)
I recently took some time to work through the Matasano crypto challenges, a set of 48 practical programming exercises that Thomas Ptacek and his team at Matasano Security have developed as a kind of teaching tool (and baited hook).

Much of what I know (or think I know) about security has come from reading tptacek's comments on Hacker News, so I was intrigued when I first saw him mention the security challenges a few months ago. At the same time, I worried that I'd be way out of my depth attempting them.
crypto  programming  security  pinboard  blog 
april 2013 by rdark
blake2-ppc/git-remote-gcrypt · GitHub
New and improved way of doing encrypted git repos over using git smudge filters.
crypto  encryption  git  gpg  security 
march 2013 by rdark
SysadminGuide - btrfs Wiki
btrfs being considered more and more production ready.. may check it out as a replacement to current lvm2/ext4 snapshotting (which is a pain..), and also crucially:

As of linux kernel 3.2, it is now considered safe to have btrfs on top of dmcrypt (before that, there are risks of corruption during unclean shutdowns).
btrfs  storage  filesystem  sysadmin  wiki  encryption  crypto  linux 
december 2012 by rdark
OpenXPKI Project - About
The OpenXPKI Project aims at creating an enterprise-grade PKI/Trustcenter software supporting well established infrastructure components like RDBMS and Hardware Security Modules. Flexibility and modularity are the project's key design objectives.

Unlike many other OpenSource PKI projects OpenXPKI offers powerful features necessary for professional environments that are usually only found in commercial grade PKI products. (If you have ever wondered what could be done to provide continuous operation of a PKI without having to struggle with the system every time your CA certificate expires, OpenXPKI is probably the right thing for you.)
perl  PKI  crypto  certificate_authority 
november 2012 by rdark
Bits&Pieces: 802.11 Association and WPA2-PSK
Really good explanation of how Pairwise Master Keys, Pairwise Transient Keys and four-way handshake works in WPA2-PSK
WPA2-PSK  crypto  security  wireless  PMK  PTK 
october 2012 by rdark
A Few Thoughts on Cryptographic Engineering: Attack of the week: Cross-VM side-channel attacks
When we build Web infrastructures at Etsy, we aim to make them resilient. This means designing them carefully so that they can sustain their (increasingly critical) operations in the face of failure. Thankfully, there have been a couple of decades and reams of paper spent on researching how fault tolerance and graceful degradation can be brought to computer systems. That helps the cause.
devops  security  ssl  crypto  timing_attacks 
october 2012 by rdark
Uploading Personal ssh Keys to Amazon EC2 - Alestic.com
You can use your default personal ssh key with brand new EC2 instances, so you no longer have to remember to specify options like -i EC2KEYPAIR in every ssh, scp, rsync command.+1 You can now upload the same public ssh key to all EC2 regions, so you no longer have to keep track of a separate ssh key for each region.
ssh  ec2  amazon  amazonAWS  crypto  security 
december 2010 by rdark
The Shmoo Group
The rainbow tables below are made available to be used with software that implements time-memory tradeoffs[1][2] for brute forcing passwords that are hashed using algorithms that don't include a salt.
security  password  hacking  crypto  tools  rainbowTables 
december 2009 by rdark
Using multiple subkeys in GPG
how to use easily revoke-able subkeys on less secure machines.
gpg  pgp  security  encryption  privacy  howTo  crypto  dead_links 
july 2009 by rdark

Copy this bookmark:





to read