|
|
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.0.0">Jekyll</generator><link href="http://localhost:4000/feed.xml" rel="self" type="application/atom+xml" /><link href="http://localhost:4000/" rel="alternate" type="text/html" /><updated>2020-06-25T18:47:21+00:00</updated><id>http://localhost:4000/feed.xml</id><entry><title type="html">How to use tmux to send and receive things from your Minecraft server</title><link href="http://localhost:4000/2020/06/25/tmux-minecraft.html" rel="alternate" type="text/html" title="How to use tmux to send and receive things from your Minecraft server" /><published>2020-06-25T00:00:00+00:00</published><updated>2020-06-25T00:00:00+00:00</updated><id>http://localhost:4000/2020/06/25/tmux-minecraft</id><content type="html" xml:base="http://localhost:4000/2020/06/25/tmux-minecraft.html"><p>So recently I had problem.
|
|
|
I run a Minecraft server on a big Linux computer I have running in my room.
|
|
|
Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc.
|
|
|
It is, frankly, a lot of work.
|
|
|
Especially when I really just want to be playing games but I just need to check something quickly.</p>
|
|
|
|
|
|
<p>So for simple things like finding out of the network, CPU, memory or disk usage is my bottleneck, I wrote this really nifty script to connect the world of Minecraft and the Linux shell.</p>
|
|
|
|
|
|
<p>My completed solution for what I needed can be found at <a href="https://github.com/TTWNO/termcraft/">https://github.com/TTWNO/termcraft</a>.</p>
|
|
|
|
|
|
<p>If you want some of the implementation details, stick around.</p>
|
|
|
|
|
|
<h2 id="solution">Solution</h2>
|
|
|
|
|
|
<p>So to solve this interesting problem, I decided to use <code class="highlighter-rouge">tmux</code>.
|
|
|
<code class="highlighter-rouge">tmux</code> is a <strong>t</strong>terminal <strong>mu</strong>ltiple<strong>x</strong>er.
|
|
|
This allows you to run a terminal session, then detach fromc it while it still runs in the background.</p>
|
|
|
|
|
|
<p>This is very valuable when running command line applications that need to have an active console connection, like a Minecraft server.</p>
|
|
|
|
|
|
<p>So first I looked at the <code class="highlighter-rouge">tmux</code> command <code class="highlighter-rouge">send-keys</code>.</p>
|
|
|
|
|
|
<h4 id="send-keys"><code class="highlighter-rouge">send-keys</code></h4>
|
|
|
|
|
|
<p><code class="highlighter-rouge">send-keys</code> allows you to send text, and key presses to a <code class="highlighter-rouge">tmux</code> session.
|
|
|
Now assuming this <code class="highlighter-rouge">tmux</code> session is attached to a Minecraft server,
|
|
|
there is no reason you could not run a command like this:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ tmux send-keys "tell @a This is a Test" Enter
|
|
|
</pre>
|
|
|
|
|
|
<p>This will send the text “tell @a This is a Test” to the Minecraft server.
|
|
|
Then, it will hit the newline character, this will execute the command.</p>
|
|
|
|
|
|
<p>So now we can send information to the server and have it tell the users something.</p>
|
|
|
|
|
|
<p>But how do we get information about who is typing what in the Minecraft chat?</p>
|
|
|
|
|
|
<h3 id="tmuxs-capture-pane-is-painful"><code class="highlighter-rouge">tmux</code>’s <code class="highlighter-rouge">capture-pane</code> is painful</h3>
|
|
|
|
|
|
<p>So in the manual page for <code class="highlighter-rouge">tmux</code> I can see a section recorded below for options I can give to the <code class="highlighter-rouge">capture-pane</code> subcommand.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
-S and -E specify the starting and ending line numbers,
|
|
|
zero is the first line of the visible pane and negative
|
|
|
numbers are lines in the history. ‘-’ to -S is the start
|
|
|
of the history and to -E the end of the visible pane. The
|
|
|
default is to capture only the visible contents of the pane.
|
|
|
</pre>
|
|
|
|
|
|
<p>What it seems to be saying is I can start at line <code class="highlighter-rouge">-S n</code> and end at line <code class="highlighter-rouge">-E n</code>.
|
|
|
Negative numbers start from the bottom, so <em>in theory</em> I can do the following: <code class="highlighter-rouge">tmux capture-pane -S -1</code> should capture only the last line, because I’m starting from the last line. Right?</p>
|
|
|
|
|
|
<p>No. It just doesn’t work. Negative numbers do <em>not</em> work with the <code class="highlighter-rouge">tmux capture-pane</code> subcommand.</p>
|
|
|
|
|
|
<p>So I did some simple UNIX piping, like so, to get just the last thing in the chat.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ tmux capture-pane -p -t steve | tail -n1
|
|
|
[SERVER] [ExtraDebuggingInfoHere]: &lt;TaterTheTot&gt; MY_MESSAGE
|
|
|
</pre>
|
|
|
<p>TaterTheTot is my Minecraft username :)</p>
|
|
|
|
|
|
<p><code class="highlighter-rouge">-p</code> prints the result to the terminal/stdout.</p>
|
|
|
|
|
|
<p><code class="highlighter-rouge">steve</code> is the name of the tmux session I’m trying to pull form.</p>
|
|
|
|
|
|
<p>So that’s done! Beauty!</p>
|
|
|
|
|
|
<p>Now that we have that, how can we extract the username and the message from the latest line?</p>
|
|
|
|
|
|
<h3 id="grep"><code class="highlighter-rouge">grep</code></h3>
|
|
|
|
|
|
<p><code class="highlighter-rouge">grep</code> is a command to find patterns of text.
|
|
|
<code class="highlighter-rouge">grep</code> has an option to only show a matching pattern of text.
|
|
|
This option is <code class="highlighter-rouge">-o</code>.</p>
|
|
|
|
|
|
<p>Let’s see how we can use this in conjunction with our latest line of server output to get our results.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&lt;.&ast;&gt;"
|
|
|
&lt;TaterTheTot&gt;
|
|
|
</pre>
|
|
|
|
|
|
<p>Now, that’s my name with the &lt; and &gt; attached. Not bad!
|
|
|
We can use the <code class="highlighter-rouge">sed</code> command to clean it up a bit.</p>
|
|
|
|
|
|
<p>The syntax is like so: <code class="highlighter-rouge">select/somepattern/replacewith/global</code></p>
|
|
|
|
|
|
<p>So the following command is: <code class="highlighter-rouge">s/[&lt;&gt;]//g</code></p>
|
|
|
|
|
|
<p>Select any characters that are either &lt; or &gt;.
|
|
|
Replace with nothing.
|
|
|
Do so globally (as in, don’t stop after you replace only one character).</p>
|
|
|
|
|
|
<p>Take two!</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&lt;.&ast;&gt;" | sed 's/[&lt;&gt;]//g'
|
|
|
TaterTheTot
|
|
|
</pre>
|
|
|
|
|
|
<p>Beautiful!</p>
|
|
|
|
|
|
<p>Now what about that pesky message?</p>
|
|
|
|
|
|
<h3 id="more-grep-more-sed">more <code class="highlighter-rouge">grep</code>; more <code class="highlighter-rouge">sed</code></h3>
|
|
|
|
|
|
<p>Simple: capture everything after the &gt;. Leaving the user’s message entirely in tact.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&gt;.&ast;$" | sed 's/&gt; //'
|
|
|
MY_MESSAGE
|
|
|
</pre>
|
|
|
|
|
|
<p>So now we have a way to get the username of someone typing in the Minecraft server chat.
|
|
|
We have a way to find out what they said.
|
|
|
And, we have a way to respond.</p>
|
|
|
|
|
|
<p>You can imagine how these might go together for your own use case.</p>
|
|
|
|
|
|
<h3 id="conclusion">Conclusion</h3>
|
|
|
|
|
|
<p>This shows some pretty fun stuff you can do with a few simple Linux commands and a Minecraft server.</p>
|
|
|
|
|
|
<p>I hope you learned something and found my explanations not horrific haha!</p>
|
|
|
|
|
|
<p>Remember to checkout the git repository to see what I did with it: <a href="https://github.com/TTWNO/termcraft">https://github.com/TTWNO/termcraft</a>.</p>
|
|
|
|
|
|
<p>Happy hacking!</p></content><author><name></name></author><summary type="html">So recently I had problem. I run a Minecraft server on a big Linux computer I have running in my room. Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc. It is, frankly, a lot of work. Especially when I really just want to be playing games but I just need to check something quickly.</summary></entry><entry><title type="html">Site Update</title><link href="http://localhost:4000/2020/06/04/site-update.html" rel="alternate" type="text/html" title="Site Update" /><published>2020-06-04T00:00:00+00:00</published><updated>2020-06-04T00:00:00+00:00</updated><id>http://localhost:4000/2020/06/04/site-update</id><content type="html" xml:base="http://localhost:4000/2020/06/04/site-update.html"><p>I updated the site with some easier to identify information about me and my projects :)</p>
|
|
|
|
|
|
<p>Also, Clue has been delayed due to my partner in crime on the project wokring too many hours.</p>
|
|
|
|
|
|
<p>I also posted a new project called <em><a href="https://github.com/TTWNO/caesar-cipher">Caesar Cipher</a></em> in C. It will be an intermediate example of how to use build systems like <code class="highlighter-rouge">make</code>.</p></content><author><name></name></author><summary type="html">I updated the site with some easier to identify information about me and my projects :)</summary></entry><entry><title type="html">New Game: Clue (coming soon)</title><link href="http://localhost:4000/2020/05/19/clue-announcement.html" rel="alternate" type="text/html" title="New Game: Clue (coming soon)" /><published>2020-05-19T00:00:00+00:00</published><updated>2020-05-19T00:00:00+00:00</updated><id>http://localhost:4000/2020/05/19/clue-announcement</id><content type="html" xml:base="http://localhost:4000/2020/05/19/clue-announcement.html"><p>Ooo! Exciting!
|
|
|
Today I want to announce a new project I’ll be working on which should be live within the month of May:
|
|
|
Clue.</p>
|
|
|
|
|
|
<p>The original board game, implemented in an accessible format via the web.</p>
|
|
|
|
|
|
<p>It uses a Node.js backend and standard Javascript/HTML frontend.
|
|
|
Nothing fancy.</p>
|
|
|
|
|
|
<p>All the code will be hosted here: <a href="https://github.com/TTWNO/clue">https://github.com/TTWNO/clue</a></p>
|
|
|
|
|
|
<p>It will be licensed under the BSD-3 license, meaning it can be used for any reason—even commercially and without source-code disclosure—without prior authorization, but it <em>must</em> acknowledge that I helped build the end product.</p>
|
|
|
|
|
|
<p>Once the project is live, it will be located at: <a href="">Lame Games</a> (currently a dead link).</p></content><author><name></name></author><summary type="html">Ooo! Exciting! Today I want to announce a new project I’ll be working on which should be live within the month of May: Clue.</summary></entry><entry><title type="html">How to use NGINX as a reverse-proxy server for a Node.js application using socket.io</title><link href="http://localhost:4000/2020/05/01/nginx-socket-io-projects.html" rel="alternate" type="text/html" title="How to use NGINX as a reverse-proxy server for a Node.js application using socket.io" /><published>2020-05-01T00:00:00+00:00</published><updated>2020-05-01T00:00:00+00:00</updated><id>http://localhost:4000/2020/05/01/nginx-socket-io-projects</id><content type="html" xml:base="http://localhost:4000/2020/05/01/nginx-socket-io-projects.html"><p>Despite the long name of the article, I have a feeling this may apply to more people than I might think.
|
|
|
If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s <code class="highlighter-rouge">reverse_proxy</code> directive then this is the article for you!</p>
|
|
|
|
|
|
<p>You <em>must</em> seperate the socket.io sockets and the static resources.</p>
|
|
|
|
|
|
<ul>
|
|
|
<li>The socket connections can be routed through the default <code class="highlighter-rouge">$host/socket.io</code> if you want to ease modifications to the source code.</li>
|
|
|
<li>The connections to your main npm Node.js application can be routed through the relevant directory.</li>
|
|
|
</ul>
|
|
|
|
|
|
<p>Here is the relevant part of my <code class="highlighter-rouge">projects.tait.tech.conf</code> file:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
location /socket.io {
|
|
|
proxy_pass http://localhost:8080/socket.io/;
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
proxy_http_version 1.1;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
proxy_set_header Host $host;
|
|
|
}
|
|
|
|
|
|
location /ttrpg {
|
|
|
proxy_pass http://localhost:8080/;
|
|
|
proxy_set_header Host $host;
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
}
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="explaination">Explaination:</h3>
|
|
|
|
|
|
<p>For this application,
|
|
|
I needed the <code class="highlighter-rouge">/ttrpg</code> directory to connect to my main Node.js instance. This was going to be the root of a ttrpg project.
|
|
|
It was to have static files served form my Node.js application.</p>
|
|
|
|
|
|
<p>I also needed <code class="highlighter-rouge">/socket.io</code> to conenct to my running <code class="highlighter-rouge">npm</code> instance.
|
|
|
When I tried to route all the traffic through the <code class="highlighter-rouge">/trrpg</code> location directive
|
|
|
I had no luck whatsoever;
|
|
|
<code class="highlighter-rouge">$host/ttrpg/socket.io/*</code> calls <em>always</em> failed with a 404.</p>
|
|
|
|
|
|
<p>Having two seperate blocks forwarding in different ways seems to fix this.
|
|
|
I am not knowledgable enough to understand how.</p>
|
|
|
|
|
|
<p>For now, the project is alive!!!</p>
|
|
|
|
|
|
<p>Happy hacking!</p>
|
|
|
|
|
|
<p><em>P.S. I forgot to mention I also symbolically linked the <code class="highlighter-rouge">socket.io.js</code> file (that node is supposed to serve automatically) to the static client dir.
|
|
|
For some reson the node instance would not serve this file without that.</em></p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ pwd
|
|
|
/home/user/ttrpg.co/client
|
|
|
$ ln -s ../server/node_modules/socket.io-client/dist/socket.io.js .
|
|
|
</pre>
|
|
|
|
|
|
<p><em>Happy hacking 2.0!</em></p></content><author><name></name></author><summary type="html">Despite the long name of the article, I have a feeling this may apply to more people than I might think. If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!</summary></entry><entry><title type="html">What is XSS?</title><link href="http://localhost:4000/2020/04/25/xss.html" rel="alternate" type="text/html" title="What is XSS?" /><published>2020-04-25T00:00:00+00:00</published><updated>2020-04-25T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/25/xss</id><content type="html" xml:base="http://localhost:4000/2020/04/25/xss.html"><p>I found a cross-site scripting (XSS) attack
|
|
|
in a well-known quiz hosting website.
|
|
|
I disclosed the vulnerability to them years ago, so I thought
|
|
|
now might be a good time to write about it.</p>
|
|
|
|
|
|
<p>In this first article I will explain what XSS is.</p>
|
|
|
|
|
|
<p>In the next article I will explain how I found this attack.</p>
|
|
|
|
|
|
<h2 id="what-is-cross-site-scripting-xss">What is cross-site scripting (XSS)</h2>
|
|
|
|
|
|
<p>Cross-site scripting, XSS for short,
|
|
|
is a technique to execute arbitrary Javascript code on a user visiting a website
|
|
|
by linking to Javascript code stored on another server.</p>
|
|
|
|
|
|
<p>So for example:</p>
|
|
|
|
|
|
<p>I have a file on my website called <a href="/assets/js/hacked.js">hacked.js</a>.
|
|
|
If I was able to run this javascript file on anybody visiting a certain website <em>that is not mine</em>, this would be called cross-site scripting.</p>
|
|
|
|
|
|
<p>Click the above <code class="highlighter-rouge">hacked.js</code> link to view the code I use to “hack” this website.
|
|
|
It’s safe, I promise ;)</p>
|
|
|
|
|
|
<p>Now, how can we get this code to execute when a user visits this site?
|
|
|
To explain, I will start with some of the underlying technologies.</p>
|
|
|
|
|
|
<h3 id="escape-characters">Escape Characters!</h3>
|
|
|
|
|
|
<p>No, this is not a Sherlock Holmes novel!</p>
|
|
|
|
|
|
<p>If we suppose that a website is built with sequences like these (called “tags”):
|
|
|
<code class="highlighter-rouge">&lt;body&gt;</code>, <code class="highlighter-rouge">&lt;p&gt;</code> (for paragraph), <code class="highlighter-rouge">&lt;link&gt;</code> and <code class="highlighter-rouge">&lt;b&gt;</code> for bold,
|
|
|
then why can you <em>see</em> the left and right angle bracket characters?
|
|
|
Don’t they mean something? Shouldn’t they be telling the browser:
|
|
|
<em>“Hey! Make me bold!”?</em>
|
|
|
Why <em>doesn’t</em> everything after me typing <code class="highlighter-rouge">&lt;b&gt;</code> turn bold?</p>
|
|
|
|
|
|
<p>The answer is:</p>
|
|
|
|
|
|
<p>There are special characters in HTML to type a visible left (&lt;)
|
|
|
and visible right angle bracket (&gt;) in a website.
|
|
|
If I use the left and right brackets on my keyboard however,
|
|
|
things will indeed <b>show up bold</b>.</p>
|
|
|
|
|
|
<p>This is the code for the sentence I wrote above:</p>
|
|
|
<pre class="terminal">
|
|
|
There are special characters in HTML to type a visible left (&amp;lt;)
|
|
|
and visible right angle bracket (&amp;gt;) in a website.
|
|
|
If I use the left and right brackets on my keyboard however,
|
|
|
things will indeed &lt;b&gt;show up bold&lt;/b&gt;.
|
|
|
</pre>
|
|
|
|
|
|
<p>Notice how all visible left angle brackets use an <code class="highlighter-rouge">&amp;lt;</code> to show them?</p>
|
|
|
|
|
|
<p>These are called <a href="https://en.wikipedia.org/wiki/Escape_character">escape characters</a>.
|
|
|
They tell a system, in this case your web browser:
|
|
|
<em>“Hello! Please show me off! I don’t want to be hidden.”</em></p>
|
|
|
|
|
|
<h4 id="sanitization">Sanitization</h4>
|
|
|
|
|
|
<p>Most of the time XSS attacks are done using poorly sanitized HTML <code class="highlighter-rouge">&lt;input&gt;</code> elements.</p>
|
|
|
|
|
|
<p>Sanitization is when a program (usually on the server side),
|
|
|
will remove characters like <code class="highlighter-rouge">&lt;</code> and replace them with the aforementioned “escape characters”.
|
|
|
Internally this would be something like <code class="highlighter-rouge">&amp;lt;</code>,
|
|
|
but they would show up to a user as <code class="highlighter-rouge">&lt;</code>.</p>
|
|
|
|
|
|
<p>When inputs are not properly sanitized <em>and</em> the input is shown to the user in another part of the website,
|
|
|
then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
|
|
|
For example: a name for a quiz website (input) and the leaderboard for said quiz (display).</p>
|
|
|
|
|
|
<p>HTML, by itself is not very dangerous.
|
|
|
The worst thing you could do is probably put a link on your name,
|
|
|
and then point it to a porn site.
|
|
|
Make your name bold, italic. Maybe make the background a funny color.
|
|
|
Although this may annoy your victim it is not dangerous security wise.</p>
|
|
|
|
|
|
<p>There is one tag however, that <em>is</em> scary…</p>
|
|
|
|
|
|
<h2 id="script"><code class="highlighter-rouge">&lt;script&gt;</code></h2>
|
|
|
|
|
|
<p>The <code class="highlighter-rouge">&lt;script&gt;</code> tag allows you to write code that can:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Change the page contents.</li>
|
|
|
<li>Redirect the user to a new page automatically.</li>
|
|
|
<li>Get a user’s location.</li>
|
|
|
<li>Open a user’s microphone/webcam.</li>
|
|
|
<li>With the <code class="highlighter-rouge">src</code> <a href="https://www.w3schools.com/htmL/html_attributes.asp">attribute</a> you can also load a script from another site. (This is XSS)</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>Those last two will ask for permission from the user (if their browser isn’t insanely insecure).</p>
|
|
|
|
|
|
<p>In my next article I’ll talk about a website I found which is vulnerable to this attack.
|
|
|
And, show you how you can run your own XSS attack.</p></content><author><name></name></author><summary type="html">I found a cross-site scripting (XSS) attack in a well-known quiz hosting website. I disclosed the vulnerability to them years ago, so I thought now might be a good time to write about it.</summary></entry><entry><title type="html">rfi: A Simple Linux utility to get a random file from a directory</title><link href="http://localhost:4000/2020/04/21/rfi.html" rel="alternate" type="text/html" title="rfi: A Simple Linux utility to get a random file from a directory" /><published>2020-04-21T00:00:00+00:00</published><updated>2020-04-21T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/21/rfi</id><content type="html" xml:base="http://localhost:4000/2020/04/21/rfi.html"><p>I made a <a href="https://lbry.tv/@tait:7/rfi:5">little video</a> about this script I wrote:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ rfi
|
|
|
</pre>
|
|
|
|
|
|
<p>This program gets a random file from your current directory
|
|
|
if you do not specify one;
|
|
|
it gets a random file from the specified directory if you give it one like so:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
# rfi /etc/wireguard
|
|
|
</pre>
|
|
|
|
|
|
<p>Which is very useful if you want to start a random VPN configuration :)</p>
|
|
|
|
|
|
<p>The code, comments, etc. are on the <a href="https://github.com/TTWNO/scripts">Github</a>.</p></content><author><name></name></author><summary type="html">I made a little video about this script I wrote:</summary></entry><entry><title type="html">NAS Part 1: Theorize</title><link href="http://localhost:4000/2020/04/12/nas1.html" rel="alternate" type="text/html" title="NAS Part 1: Theorize" /><published>2020-04-12T00:00:00+00:00</published><updated>2020-04-12T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/12/nas1</id><content type="html" xml:base="http://localhost:4000/2020/04/12/nas1.html"><p>New Project, phase one:
|
|
|
Theorize.</p>
|
|
|
|
|
|
<p>I want to build a NAS server to store a bunch of data on. Current problem is lack of a computer to accept multiple SATA connections.</p>
|
|
|
|
|
|
<h3 id="problem-1-sata-connectors">Problem 1: SATA connectors</h3>
|
|
|
|
|
|
<p>This can be solved by an HBE card. Although they tend to be quite expensive (250+).
|
|
|
One decent model that isn’t that much is the <a href="https://www.amazon.ca/SAS9211-8I-8PORT-Int-Sata-Pcie/dp/B002RL8I7M/ref=sr_1_2?keywords=9211-8i&amp;qid=1586699707&amp;sr=8-2">LSI 9211-8I</a>.
|
|
|
This is ideal for future expansion.</p>
|
|
|
|
|
|
<p>A cheaper option is a PCIe multi-SATA connector <a href="https://www.amazon.ca/Rivo-Controller-Expansion-Profile-Non-Raid/dp/B0836MKFCR?ref_=ast_slp_dp">like this</a>.</p>
|
|
|
|
|
|
<p>Either work, but one is cheaper and the other is more expandable.
|
|
|
The 9211-8I uses two SAS ports, which can be expanded indefinetely. SAS supports splitting.
|
|
|
SATA can be connected in a 4:1 ratio to SAS connectors with some <a href="https://www.amazon.com/Cable-Matters-Internal-SFF-8087-Breakout/dp/B012BPLYJC">cheap cables</a>.</p>
|
|
|
|
|
|
<h3 id="problem-2-drives">Problem 2: Drives</h3>
|
|
|
<p>I do not have enough drives to make this work right now.
|
|
|
For the setup I want it would require 5 or 6 drives.
|
|
|
I will get 4-5 drives worth of space as one drive worth of space is dedicated to “parity”, making you able to:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Verify data integrity. If anything goes wrong with a write, it will be fixed automatically.</li>
|
|
|
<li>If <em>one</em> drive dies, the system can stay online with no problem. Two drives and I’m eff-you-see-kay-ed-dee.</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>My other option is to use two drives worth of space for partiy.
|
|
|
This would only have me 3-4 drives of space, but
|
|
|
this system can withstand the failure of <em>two</em> drives.</p>
|
|
|
|
|
|
<h3 id="problem-3-computer-system">Problem 3: Computer System</h3>
|
|
|
|
|
|
<p>I currently have 5 computers.</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Celery Stick. An old grey HP laptop with a Braille stickered keyboard. <em>Does not work right now; bad thermal paste job.</em></li>
|
|
|
<li>A Dell laptop lent to me by my school during my studies.</li>
|
|
|
<li>Houston. A 21-inch 2011 iMac for which the screen does not work under Linux (excep with the <code class="highlighter-rouge">nomodeset</code> kernel option enabled).</li>
|
|
|
<li>An Old Toshiba laptop (circa 2010) that I got for $50 to test with OpenBSD (works….sometimes).</li>
|
|
|
<li>Main Rig. My main laptop is an ASUS-705 TUF gaming laptop.</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>None of these have PCIe expansion slots with a case that can handle the new drives.</p>
|
|
|
|
|
|
<p>I think it’s reasonable to say that for hard-drives and low-end tower PCs,
|
|
|
I will likely have luck on a place like <a href="https://kijiji.ca">Kijiji</a> (Canadian Craigslist).</p>
|
|
|
|
|
|
<p>The search continues :)</p>
|
|
|
|
|
|
<p>I’m in for a fun ride…. and a few monnies.</p></content><author><name></name></author><summary type="html">New Project, phase one: Theorize.</summary></entry><entry><title type="html">How To Encrypt Your Own Documents Using gpg</title><link href="http://localhost:4000/2020/04/06/rsa4.html" rel="alternate" type="text/html" title="How To Encrypt Your Own Documents Using gpg" /><published>2020-04-06T00:00:00+00:00</published><updated>2020-04-06T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/06/rsa4</id><content type="html" xml:base="http://localhost:4000/2020/04/06/rsa4.html"><p>If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
|
|
|
It should be noted that in some circles the tools used are more common than in others.
|
|
|
These are the everyday tools of many privacy advocates and computer nerds.</p>
|
|
|
|
|
|
<p>If you have never used Linux however, then the method of doing this will be rather unfamiliar.
|
|
|
This tutorial will be done on an <a href="https://archlinux.org/">Arch Linux</a> machine,
|
|
|
but it should be the same on Ubuntu, Fedora, CentOS, Debian,
|
|
|
OpenBSD, FreeBSD, MacOSX, etc.
|
|
|
The only operating system that does not include these tools by default (or easily accessible) is Windows.</p>
|
|
|
|
|
|
<p>This tutorial makes heavy use of the terminal.
|
|
|
You have been warned.</p>
|
|
|
|
|
|
<p><em>Let us…begin!</em></p>
|
|
|
|
|
|
<h2 id="glossary">Glossary</h2>
|
|
|
|
|
|
<ul>
|
|
|
<li><a href="https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor"><strong>ASCII armour</strong></a> — A way to encode <strong>OpenPGP</strong> documents so they are readable by humans. These files end in .asc</li>
|
|
|
<li><strong>(Open)PGP</strong> — An open standard for encoding pulbic keys and encrypted documents.</li>
|
|
|
<li><strong>GPG</strong> — GNUPrivacyGaurd is an implementation of <strong>OpenPGP</strong>. It is installed by default on most Linux distrobutions.</li>
|
|
|
</ul>
|
|
|
|
|
|
<h2 id="step-0-setup">Step 0: Setup</h2>
|
|
|
|
|
|
<p>We will be using the utility <code class="highlighter-rouge">gpg</code> for this tutorial.</p>
|
|
|
|
|
|
<p>The other thing to note: The character ‘$’ (dollar sign) is usually not typed when shown in a command.
|
|
|
It simply indicates that you do not need administrative privilages to run these commands.</p>
|
|
|
|
|
|
<p>Test to see if you get this output in your terminal.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --version
|
|
|
|
|
|
gpg (GnuPG) 2.2.20
|
|
|
libgcrypt 1.8.5
|
|
|
Copyright (C) 2020 Free Software Foundation, Inc.
|
|
|
License GPLv3+: GNU GPL version 3 or later &lt;https://gnu.org/licenses/gpl.html&gt;
|
|
|
|
|
|
...
|
|
|
</pre>
|
|
|
|
|
|
<p>If this is not successful look into how to install these tools on your system.</p>
|
|
|
|
|
|
<h2 id="step-1-getcreate-a-public-key">Step 1: Get/Create A Public Key!</h2>
|
|
|
|
|
|
<h3 id="get-somebody-elses">Get Somebody Else’s</h3>
|
|
|
<p>Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.</p>
|
|
|
|
|
|
<p>To encrypt a document with somebody’s public key, you need to first obtain it.
|
|
|
My public key is available <a href="/public-key.asc">at this link</a>, and you can use it to send me encrypted stuff.</p>
|
|
|
|
|
|
<p>If you are on a linux terminal, you can use the <code class="highlighter-rouge">curl</code> or <code class="highlighter-rouge">wget</code> command to download it.</p>
|
|
|
|
|
|
<p>wget:</p>
|
|
|
<pre class="terminal">
|
|
|
$ wget https://tait.tech/public-key.asc
|
|
|
</pre>
|
|
|
|
|
|
<p>Curl:</p>
|
|
|
<pre class="terminal">
|
|
|
$ curl https://tait.tech/public-key.asc -o public-key.asc
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="make-your-own-optional">Make Your Own (optional)</h3>
|
|
|
|
|
|
<p>The following section is quite long,
|
|
|
so if you don’t want to create your own keypair,
|
|
|
then feel free to skip to <a href="#step-2-import-public-key">Step #2</a>.</p>
|
|
|
|
|
|
<p>If you want to encrypt your own documents,
|
|
|
or you want others to be able to send you encrypted messages,
|
|
|
then you can create your own public/private key pair.
|
|
|
You can use these to encrypt your documents,
|
|
|
and you can send our public key to others so that they can securely communicate with yourself.</p>
|
|
|
|
|
|
<p>Run the following command in your terminal, and follow the steps I outline to get you started.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --full-gen-key
|
|
|
</pre>
|
|
|
|
|
|
<p>This will produce the following dialog:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
|
|
|
This is free software: you are free to change and redistribute it.
|
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
|
|
Please select what kind of key you want:
|
|
|
(1) RSA and RSA (default)
|
|
|
(2) DSA and Elgamal
|
|
|
(3) DSA (sign only)
|
|
|
(4) RSA (sign only)
|
|
|
(14) Existing key from card
|
|
|
Your selection?
|
|
|
</pre>
|
|
|
|
|
|
<p>Select the option <code class="highlighter-rouge">1</code>. You want two keys, both RSA.</p>
|
|
|
|
|
|
<p>Next we will select the key size:</p>
|
|
|
<pre class="terminal">
|
|
|
RSA keys may be between 1024 and 4096 bits long.
|
|
|
What keysize do you want? (2048)
|
|
|
</pre>
|
|
|
|
|
|
<p>Type the number 2048.</p>
|
|
|
|
|
|
<p>Next it will ask you how long you want the key to be valid.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
Requested keysize is 2048 bits
|
|
|
Please specify how long the key should be valid.
|
|
|
0 = key does not expire
|
|
|
&lt;n&gt; = key expires in n days
|
|
|
&lt;n&gt;w = key expires in n weeks
|
|
|
&lt;n&gt;m = key expires in n months
|
|
|
&lt;n&gt;y = key expires in n years
|
|
|
Key is valid for? (0)
|
|
|
</pre>
|
|
|
|
|
|
<p>Type the number 1. This will enable you time to test it,
|
|
|
but it will make the key expire within 24 hours so that if you accidentally
|
|
|
share your private key, or delete your VM and no longer have access to it, you will be fine.</p>
|
|
|
|
|
|
<p>It will ask your if you are sure about the expiry date.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
Key expires at Tue Apr 7 02:24:23 2020 UTC
|
|
|
Is this correct? (y/N)
|
|
|
</pre>
|
|
|
|
|
|
<p>Type <code class="highlighter-rouge">y</code> to confirm your choice.</p>
|
|
|
|
|
|
<p>Now <code class="highlighter-rouge">gpg</code> is going to ask you to create a user id to indetify this key.
|
|
|
Use some test data for now.
|
|
|
User input is in bold, feel free to follow along or to put your own test data in.</p>
|
|
|
|
|
|
<p>Once you are more comfortable with the tools,
|
|
|
then you can create a public/private keypair that you will keep for some time.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
GnuPG needs to construct a user ID to identify your key.
|
|
|
|
|
|
Real name: <b>Mr. Tester</b>
|
|
|
Email address: <b>test@test.org</b>
|
|
|
Comment: <b>for testing only</b>
|
|
|
You selected this USER-ID:
|
|
|
"Mr. Tester (for testing only) &lt;test@test.org&gt;"
|
|
|
|
|
|
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <b>O</b>
|
|
|
</pre>
|
|
|
|
|
|
<p>It will then ask you for a password.
|
|
|
If you are simply using this for test purposes,
|
|
|
then you can feel free to set it to something like “test”.
|
|
|
When create a long-term use pulbic key make sure to make the password <em>very</em> secure.</p>
|
|
|
|
|
|
<p>During the process of creating your key, <code class="highlighter-rouge">gpg</code> may warn you with this message:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
|
disks) during the prime generation; this gives the random number
|
|
|
generator a better chance to gain enough entropy.
|
|
|
</pre>
|
|
|
|
|
|
<p>If this happens, feel free to smash your keyboard (lightly),
|
|
|
watch a YouTube video on the machine,
|
|
|
browse the web with <a href="http://w3m.sourceforge.net/">w3m</a>,
|
|
|
etc. until the key is generated.</p>
|
|
|
|
|
|
<p>You will know it is done when you see this message (or something similar):</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
gpg: key EACCC490291EA7CE marked as ultimately trusted
|
|
|
gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
|
|
|
public and secret key created and signed.
|
|
|
|
|
|
pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
|
|
|
FFA7D7525C6546983F1152D8EACCC490291EA7CE
|
|
|
uid Mr. Tester (for testing only) &lt;test@test.org&gt;
|
|
|
sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
|
|
|
</pre>
|
|
|
|
|
|
<p>Tada! You have your own public/private keypair!</p>
|
|
|
|
|
|
<p>Sharing a keypair that will expire soon is not a good idea,
|
|
|
however, if you are ready, then you can use this command to generate a public key file to share with others.</p>
|
|
|
|
|
|
<p>Feel free to substitute “Mr. Tester” for any other identifying part of your key.
|
|
|
Remember that to use the email, you must enclose it in &lt; and &gt;.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --export --armour "Mr. Tester" &gt; public-key.asc
|
|
|
</pre>
|
|
|
|
|
|
<p>To use the email as the identifier:</p>
|
|
|
<pre class="terminal">
|
|
|
$ gpg --export --armour "&lt;test@test.org&gt;" &gt; public-key.asc
|
|
|
</pre>
|
|
|
|
|
|
<h2 id="step-2-import-public-key">Step 2: Import Public Key</h2>
|
|
|
|
|
|
<p>This list of keys that <code class="highlighter-rouge">gpg</code> keeps on tap so to speak, is called our “keyring”.
|
|
|
Your will need to import a new public key to encrypt files with <code class="highlighter-rouge">gpg</code>.</p>
|
|
|
|
|
|
<p>If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/keyring.jpg" alt="A keyring holding eight allen keys." />
|
|
|
<figcaption>
|
|
|
A keyring holding eight allen keys.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>To import a public key to use for encrypting files, use the <code class="highlighter-rouge">--import</code> option of <code class="highlighter-rouge">gpg</code>. Like so:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --import public-key.asc
|
|
|
gpg: key 64FB4E386953BEAD: public key "Tait Hoyem &lt;tait.hoyem@protonmail.com&gt;" imported
|
|
|
gpg: Total number processed: 1
|
|
|
gpg: imported: 1
|
|
|
</pre>
|
|
|
|
|
|
<p>Now that we have imported a public key, we can make a message to send!</p>
|
|
|
|
|
|
<h2 id="step-3-have-a-message-to-encrypt">Step 3: Have A Message To Encrypt</h2>
|
|
|
|
|
|
<p>You can make a new file which holds some important, secret data.
|
|
|
Feel free to use a graphical editor if you have one, if not, <code class="highlighter-rouge">nano</code> works alright too.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
Rules Of A Good Life:
|
|
|
|
|
|
1. Wash your hands!
|
|
|
2. Work hard!
|
|
|
3. Be firm.
|
|
|
5. Have good friends!
|
|
|
</pre>
|
|
|
|
|
|
<p>Save this file as something like <code class="highlighter-rouge">test-pgp.txt</code>, and we’ll use that name later.</p>
|
|
|
|
|
|
<h2 id="step-4-encrypt-a-message">Step 4: Encrypt A Message</h2>
|
|
|
|
|
|
<p>Now that we have a message to send and person to send to,
|
|
|
all we have to do is encrypt this message and it’ll be on its merry way!
|
|
|
To do so, we must specify two new options to <code class="highlighter-rouge">gpg</code>.</p>
|
|
|
|
|
|
<p>The first is <code class="highlighter-rouge">--recipient</code>.
|
|
|
This tells <code class="highlighter-rouge">gpg</code> to encrypt using a certin public key that we have in our keyring.
|
|
|
You can use the person’s name, email address, or the key’s uid.</p>
|
|
|
|
|
|
<p>The second is <code class="highlighter-rouge">--encrypt</code>.</p>
|
|
|
|
|
|
<p>You will also specify the <code class="highlighter-rouge">--armour</code> option to use ASCII armoured files. Put this option after <code class="highlighter-rouge">--encrypt</code>, and put the file name after <code class="highlighter-rouge">--armour</code>. See below.</p>
|
|
|
|
|
|
<p>You can either use your own public key name to encrypt a document (allowng only you to decrypt it),
|
|
|
or you can use my public key that we imported earlier (allowing only me to decrypt it).
|
|
|
Either way works fine.</p>
|
|
|
|
|
|
<p>This is the big one!</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --recipient "Tait Hoyem" --encrypt --armour test-gpg.txt
|
|
|
</pre>
|
|
|
|
|
|
<p>“But there is no output!” you might say!
|
|
|
Yes, that is because our new (encrypted) file has already been saved.
|
|
|
Let’s look at it with cat.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ cat test-gpg.txt.asc
|
|
|
-----BEGIN PGP MESSAGE-----
|
|
|
|
|
|
hQIMA2mJuYb8vkIlAQ/9FDmXJgW2vI7p9sznKvHhQk7uTZvoWC3hCeqHoO3BSElP
|
|
|
XR1BNAkJ+bykB30M+9u+XDyRtTwazjvNPmYfQnIh0Q+BQZigDWbEd1R47jbzm7Tu
|
|
|
0eZKKapgEidfecULtaECX1sR3qPt1m9oZjyUR1rzNd8tezZlCu2pjdNZrkta2Bdm
|
|
|
Hh1xDS43Bw7PMQqraJsHwqr0M1GLDbMzPes2ZU5y4jEmXZ0PZdJ7kgjR8dvhLBfi
|
|
|
MU+4kYnnemQEztXBOjKidhyOntKiLjenvD00tVHrOuQoWuWCHGiqR24qSwVjeb9G
|
|
|
079gqH1VWi3fk2cwFA9f3TLvJqUwatyE0Hcba0U1d2Voz/C9JEQjT6FHuaCqQL6b
|
|
|
p7B7m2DwpywFGJpAn6ksrEYqHaLVWiEGmdMmHYuHxMw8+cqoSwbYymCZTwMBAuJe
|
|
|
Pr1VO9uNo+Vj5r8IX7ACcSsrjf0XkVzfX6ySsPbyOlGXnwzWSOM3Dk2Z9MqDORbj
|
|
|
0/7vJTnDctPuc91Rlp3YnJlZKWMcNfPMKMtvpljd2XuVwub+C4vGWXa9XLbRXmJo
|
|
|
cnEFT6SB11AKjytE2Urt62CCrYjJPBneabxbCztnBs+vQSx7Fj0LK6v4Euik/Xm/
|
|
|
9aKmZZW8306c9Zwgpp9glWjLMCDNxJRGdKRjZsnkt9hOEYsP1irTegystK6u4eHS
|
|
|
mwHX931ENOJsnPfQZCZ9b41Q9doZQ/N/WHstQO8MtA3HIN1sW3wYkGzOLKj4gJfm
|
|
|
bqR/TzQmXyLT1xZa+/yTscaV0P4OlI4vcii/k4DgeSeQVWp9o9DbZFxSCsdYVvPu
|
|
|
jaDMzZnIKoax1GFz/coUAHFQub2rLzaQ5DDbvrkX++UrAjuUtRcSFH0TKhahZmCF
|
|
|
nv117moLfK22Mst/
|
|
|
=bw8T
|
|
|
-----END PGP MESSAGE-----
|
|
|
</pre>
|
|
|
|
|
|
<h2 id="step-5-decryption-optional">Step 5: Decryption (optional)</h2>
|
|
|
|
|
|
<p>If you created your own public/private keypair in step 1,
|
|
|
and you encryped using <code class="highlighter-rouge">--recipient "Your Test Name"</code>,
|
|
|
then you can decrypt your document as well!</p>
|
|
|
|
|
|
<p>You will need to specify <code class="highlighter-rouge">--decrypt</code>, and that’s all folks!</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ gpg --decrypt test-gpg.txt.asc
|
|
|
</pre>
|
|
|
|
|
|
<p>A password dialog will then come up asking for your previously created password.
|
|
|
As long as you remember your password from before and enter it correctly: voila!</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
gpg: encrypted with 4096-bit RSA key, ID 6989B986FCBE4225, created 2020-01-02
|
|
|
"Tait Hoyem &lt;tait.hoyem@protonmail.com&gt;"
|
|
|
Rules Of A Good Life:
|
|
|
|
|
|
1. Wash your hands!
|
|
|
2. Work hard!
|
|
|
3. Be firm.
|
|
|
5. Have good friends!
|
|
|
</pre>
|
|
|
|
|
|
<h2 id="step-6-finale">Step 6: Finale!</h2>
|
|
|
|
|
|
<p>Ladies and gentleman, you have done it!
|
|
|
You have encrypted our very own document.
|
|
|
(And maybe even decrypted it yourself too :)</p>
|
|
|
|
|
|
<p>If you encrypted using my public key,
|
|
|
feel free to send it to <a href="mailto:tait@tait.tech">my email</a>.
|
|
|
I am happy to verify if it worked.</p>
|
|
|
|
|
|
<p>For more information on this subject, check out <a href="https://www.gnupg.org/gph/en/manual/c14.html">gnugp.org’s guide</a> on using GPG.
|
|
|
They are the ones that make these tools available,
|
|
|
and the <a href="https://www.gnu.org/">GNU Project</a> has been instrumental in creating the open-source world as it exists today.
|
|
|
Give ‘em some love, eh!</p>
|
|
|
|
|
|
<p>Thank you so much for sticking through this whole thing!
|
|
|
Let me know if there is anything that doesn’t make sense.
|
|
|
I am happy to improve this guide as time goes on if that is necessary.</p>
|
|
|
|
|
|
<p>Happy hacking :)</p></content><author><name>tait</name></author><summary type="html">If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you! It should be noted that in some circles the tools used are more common than in others. These are the everyday tools of many privacy advocates and computer nerds.</summary></entry><entry><title type="html">How Asymetric Encryption Works</title><link href="http://localhost:4000/2020/04/02/rsa3.html" rel="alternate" type="text/html" title="How Asymetric Encryption Works" /><published>2020-04-02T00:00:00+00:00</published><updated>2020-04-02T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/02/rsa3</id><content type="html" xml:base="http://localhost:4000/2020/04/02/rsa3.html"><p>In a few previous articles I have explained <a href="/2020/01/26/rsa1.html">why encryption may be important to you</a> and <a href="/2020/02/19/rsa2.html">how the theory behind encryption works</a>. I did not yet explain the system of asymetric cryptography, however. That is what this article is for.</p>
|
|
|
|
|
|
<p>Previously, we talked about how <em>symetric</em> encryption works. This is by having a shared key that both parties use to simultaniously encrypt, and decrypt the data. (See Ceasar Cipher for example).</p>
|
|
|
|
|
|
<h2 id="public-key-or-asymetric-encryption">Public-key, or Asymetric Encryption</h2>
|
|
|
|
|
|
<p>Asymetric encryption is based on the idea of having multiple keys instead of only one shared key.
|
|
|
For example: instead of encrypting with one key, and decrypting with that same key (like our ROT ciphers we talked about previously), we can use one key to <em>encrypt</em> the information, and a different key to <em>decrypt</em> the information.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/alice-to-bob.png" alt="Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key." />
|
|
|
<figcaption>
|
|
|
Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>In the picture above, see how Alice uses Bob’s public key to encrypt some data,
|
|
|
then sends it to Bob for him to decrypt with his private key?
|
|
|
That is the essense of public-key encryption.</p>
|
|
|
|
|
|
<p>The great thing about public-key encryption is that your public key is <em>public</em>! There is no need to be afraid of sending this everywhere!
|
|
|
You can attach it at the end of all your emails, the end of your forum posts, <a href="/public-key.asc">a link to it on your low-power webserver</a> (wink).
|
|
|
There are even things called <a href="http://keys.gnupg.net/">keyservers</a> that will save your public key on them for retrival in case somebody wants to verify your public key.</p>
|
|
|
|
|
|
<p>Anything encrypted with your public key can only be decrypted with your private key.
|
|
|
Provided you never, <em>NEVER</em> share your private key with anyone ever, we can assume that all messages sent to you encrypted with your public key will never be read by anyone else.</p>
|
|
|
|
|
|
<p>Asymetric encryption, however, often contains four keys instead of two. Why is this?</p>
|
|
|
|
|
|
<h4 id="verification-of-author">Verification of Author</h4>
|
|
|
|
|
|
<p>One interesting thing about keys pairs is that not only can the private key decrypt anything the public key encrypts,
|
|
|
but the public key can decrypt anything the private key encrypts.</p>
|
|
|
|
|
|
<p>Now why would one want to encrypt a message that can be decrypted by anyone?</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/alice-sign-to-bob.png" alt="Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!" />
|
|
|
<figcaption>
|
|
|
Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!
|
|
|
<br />
|
|
|
<br />
|
|
|
Note: Although the picture shows otherwise, the text is not sent in the plain. It is encrypted with Alice's private key.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>This is how you can verify that the person who says they wrote the message really did indeed write the message!
|
|
|
If their private key was never shared with anyone else, then the message must have come from them!</p>
|
|
|
|
|
|
<p>For maximum security, these methods are often layered.
|
|
|
First, signing with the sender’s private key,
|
|
|
ensuring only they could have sent it—
|
|
|
then encrypted with the recipient’s pulbic key,
|
|
|
making sure only the reciever can read it.</p>
|
|
|
|
|
|
<p>Note that both sides must first have eachother’s public keys to do this.
|
|
|
This is easy if they communicate often, but when first contacting somebody,
|
|
|
people will generally send their encrypted message along with the their own pulbic key attached in a seperate file.</p>
|
|
|
|
|
|
<h3 id="what-this-means">What This Means</h3>
|
|
|
|
|
|
<p>Notice neither Alice nor Bob had to share any comprimsing information over the network?
|
|
|
This is why public-key encryption is so powerful!</p>
|
|
|
|
|
|
<p>Alice and Bob can both safely send their public keys in the open.
|
|
|
They can even send them over the insecure HTTP, or FTP protocols.</p>
|
|
|
|
|
|
<p>Whilst not sending any encryption-breaking messages,
|
|
|
Alice and Bob now have a way to communicate securely.
|
|
|
If you trust nothing and no one, this is your perfered method of security.</p>
|
|
|
|
|
|
<p>Check out this <a href="https://www.youtube.com/watch?v=GSIDS_lvRv4">Computerphile video</a> if you want the simplified explaination.</p>
|
|
|
|
|
|
<h3 id="the-algorithms">The Algorithms</h3>
|
|
|
|
|
|
<p>The two biggest “implementations” of public-key cryptography vary only in the mathamatical equations used to generate the numbers,
|
|
|
and how the numbers are <a href="https://en.wikipedia.org/wiki/Trapdoor_function">“trapdoored”</a> to decrypt if you have the correct key.</p>
|
|
|
|
|
|
<p>I will discuss the differences in approach here.
|
|
|
If you want to skip to the next article where I show you how to encrypt your own documents using RSA, see <a href="/2020/04/06/rsa4.html">this link</a>.</p>
|
|
|
|
|
|
<h3 id="rsa">RSA</h3>
|
|
|
|
|
|
<p>The mathamatic center of the RSA system was developed over the course of a year or so.
|
|
|
Three men were involved. Ron Rivest, Adi Shamir, and Leonard Aldeman.
|
|
|
They worked as a kind of “team”: Each idea by Rivest and Shamir were critisized by the mathamatician on their team: Mr. Aldeman.</p>
|
|
|
|
|
|
<p>One night, after consuming
|
|
|
<a href="https://www.math.uchicago.edu/~may/VIGRE/VIGRE2007/REUPapers/FINALAPP/Calderbank.pdf">“liberal quantities of Manischewitz wine”</a>
|
|
|
Rivest had trouble sleeping.
|
|
|
After taking long gazes into the abyss of his math textbook, he came up with an idea which would change cryptography forever.
|
|
|
By the next morning, an academic mathamatical paper was nearly finished.
|
|
|
He named it after himself and the two others that had been helping him along this whole time. <em>Rivest, Shamir, Aldeman</em>.</p>
|
|
|
|
|
|
<p>Key sizes of RSA range from 1024-bit to 4096-bit.
|
|
|
1024-bit keys are considered somewhat insecure.
|
|
|
However,
|
|
|
it should be noted that every bit doubles the complexity of the key,
|
|
|
so 2048 is <a href="https://www.wolframalpha.com/input/?i=2%5E1024">2^1024</a> times more complex than 1024.</p>
|
|
|
|
|
|
<h3 id="eliptic-curve-ec">Eliptic-Curve (EC)</h3>
|
|
|
|
|
|
<p>Eliptic-Curve (EC) is a family of algorithms that use the <a href="https://en.wikipedia.org/wiki/Elliptic_curve">Eliptic curve</a> mathamatical structure to generate the numbers for the keys.
|
|
|
EC can effectivly provide the security of an RSA key <a href="https://www.youtube.com/watch?v=NF1pwjL9-DE">one order of magnitude larger</a> than an RSA key.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/ec.png" alt="A picture of an eliptic curve." class="small-image" />
|
|
|
<figcaption>
|
|
|
An eliptic curve structure.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>It’s fast; it’s secure! Perfect right?</p>
|
|
|
|
|
|
<p>Of course not!</p>
|
|
|
|
|
|
<p>One problem is that due to the smaller key size,
|
|
|
it can more easily be broken by brute-force.
|
|
|
This is why EC is mostly used for temporary communication (like HTTPS), not permenant communication (like having an encrypted email conversation with a journalist).</p>
|
|
|
|
|
|
<p>The other problem is that a certain EC algrorithm called P-256 is suspected to be introduced with malice to National Institute of Standards and Technology (NIST)
|
|
|
<a href="https://www.schneier.com/essays/archives/2007/11/did_nsa_put_a_secret.html">by the NSA</a>.
|
|
|
Supposedly, the NSA is able to crack anything encrypted with this algorithm.
|
|
|
I will let the experts argure about that.</p>
|
|
|
|
|
|
<p>Other well-known EC algorithms that are more-or-less trusted as secure do exist though.
|
|
|
The premeire one being Curve25519.
|
|
|
The reference implementation of <a href="https://cr.yp.to/ecdh.html">this algrorithm</a> is also <a href="https://fairuse.stanford.edu/overview/public-domain/welcome/">public-domain</a>,
|
|
|
so it is easy for devlopers to work into their own applications without worrying about copywrite.</p>
|
|
|
|
|
|
<h2 id="conslusion">Conslusion</h2>
|
|
|
|
|
|
<p>In this article we went over some basic points:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Public-key encryption enables secure communication over insecure networks.</li>
|
|
|
<li>RSA is considered the standard for extra-seure communication.</li>
|
|
|
<li>EC is a newer, faster, more transient encryption method.</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>To learn how to use RSA keys to encrypt your own communications, check out <a href="/2020/04/06/rsa4.html">this other aritcle I wrote</a>.</p></content><author><name>tait</name></author><summary type="html">In a few previous articles I have explained why encryption may be important to you and how the theory behind encryption works. I did not yet explain the system of asymetric cryptography, however. That is what this article is for.</summary></entry><entry><title type="html">How Does Encryption Work, in Theory?</title><link href="http://localhost:4000/2020/02/19/rsa2.html" rel="alternate" type="text/html" title="How Does Encryption Work, in Theory?" /><published>2020-02-19T00:00:00+00:00</published><updated>2020-02-19T00:00:00+00:00</updated><id>http://localhost:4000/2020/02/19/rsa2</id><content type="html" xml:base="http://localhost:4000/2020/02/19/rsa2.html"><p>There are many kinds of encryption used in our everyday communication. Online and offline, over the internet and in person. In this article, I will explain the basics of how encryption should work in theory. I explain in <a href="/2020/01/26/rsa1.html">this article</a> why encryption is important, and why <em>you</em> should care about it.</p>
|
|
|
|
|
|
<p>We will start by looking at in-person, offline encryption.</p>
|
|
|
|
|
|
<h2 id="cryptography-we-do-everyday">Cryptography We Do Everyday</h2>
|
|
|
<p>We encrypt things all the time without even thinking about it.
|
|
|
If you spend a significant amount of time with the same group of friends, you will tend to develop common codes that may not make sense to others outside the group.
|
|
|
For example: for years, my family called sombody falling from a sitting position “doing a Don”. There is a story of course—We knew a guy named Don who fell from his plastic beach chair in a rather hilarious way; “doing a Don” was born.</p>
|
|
|
|
|
|
<p>These types of minor dialects in speech are cryptographic in their own way. The truth is though, that we use cryptography much more than that!</p>
|
|
|
|
|
|
<blockquote>
|
|
|
<p>“Is cryptography any different than talking?
|
|
|
We say something other than what we mean, and then expect everyone is able to decipher the true meaning behind the words.
|
|
|
Only, I never do…” — Adapted from a scene in <a href="https://www.benedictcumberbatch.co.uk/wordpress/wp-content/uploads/ScreenplayTIG.pdf">The Imitation Game (p. 39-40)</a></p>
|
|
|
</blockquote>
|
|
|
|
|
|
<p>How many times have you hinted, flirted, and innuendoed to try to say “I find you very physically attractive”?
|
|
|
Have you told your friend that always stinks to wear more deodorant?
|
|
|
Have you ever had someone say the words “I’m fine” when you know <em>for certain</em> that they are indeed not okay?</p>
|
|
|
|
|
|
<table>
|
|
|
<thead>
|
|
|
<tr>
|
|
|
<th>Words Said</th>
|
|
|
<th>Meaning</th>
|
|
|
</tr>
|
|
|
</thead>
|
|
|
<tbody>
|
|
|
<tr>
|
|
|
<td>What can you do?</td>
|
|
|
<td>I don’t want to talk about this anymore.</td>
|
|
|
</tr>
|
|
|
<tr>
|
|
|
<td>I don’t want to overstay my welcome.</td>
|
|
|
<td>I want to go home now.</td>
|
|
|
</tr>
|
|
|
<tr>
|
|
|
<td>I don’t like them and don’t know why.</td>
|
|
|
<td>They threaten my ego.</td>
|
|
|
</tr>
|
|
|
<tr>
|
|
|
<td>Creepy</td>
|
|
|
<td>Unattractive and friendly</td>
|
|
|
</tr>
|
|
|
</tbody>
|
|
|
</table>
|
|
|
|
|
|
<p>All of these scenarios are perfect examples of <del>lies</del> encryption! If we have the key to these codes, we can start to understand what people really mean.
|
|
|
Hopefully I have convinced you that you use <del>deceit</del> cryptography on a regular basis in your life, so let us consider what a basic encryption method might be:</p>
|
|
|
|
|
|
<h2 id="grade-school-encryption">Grade-School Encryption</h2>
|
|
|
<p>Back when I was in middle school I used to pass notes like these:</p>
|
|
|
|
|
|
<figure>
|
|
|
<img alt="A message I would have sent in middle school. ROT5: Xfwfm hx hzy" src="/assets/img/ceasar1.jpg" />
|
|
|
<figcaption>
|
|
|
The kind of message I would have sent in middle school. A ROT5 Ceasar cipher.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
<p>This is a message encrypted using the Caesar cipher. This encryption technique was used by Julius Caesar during the reign of the Roman Empire to “encrypt messages of military significance.”<a class="citation-link" href="https://en.wikipedia.org/wiki/Caesar_chipher/">[1]</a>
|
|
|
This is one of the oldest and simplest methods of encryption known to us today.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img alt="A diagram of a Ceasar Shift algorithm. A &lt;-&gt; N, B &lt;-&gt; O, et cetera." src="/assets/img/ceasar13.png" />
|
|
|
<figcaption>
|
|
|
A diagram of a ROT13 Ceasar shift algorithm. A &lt;-&gt; N, B &lt;-&gt; O, et cetera.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>You can try this out yourself by moving some letters forward in the alphabet.
|
|
|
An ‘A’ turns into a ‘B’, ‘B’ into ‘C’, ‘C’ into ‘D’, et cetera.
|
|
|
In this case, “Hello!” would become “Ifmmp!”
|
|
|
That is just using a shift of one. You can use a shift of seven, for example, and then you would shift letters like so:</p>
|
|
|
|
|
|
<ul>
|
|
|
<li><code class="highlighter-rouge">A -&gt; +7 -&gt; H</code></li>
|
|
|
<li><code class="highlighter-rouge">Q -&gt; +7 -&gt; X</code></li>
|
|
|
<li><code class="highlighter-rouge">T -&gt; +7 -&gt; A</code></li>
|
|
|
</ul>
|
|
|
|
|
|
<p>When you reach the end of the alphabet, wrap around to the beginning to find the encrypted letter.</p>
|
|
|
|
|
|
<h2 id="example-of-a-caesar-cipher">Example of a Caesar Cipher</h2>
|
|
|
<p>Let’s setup a little story to illustrate the problems of encryption. We will have three characters:</p>
|
|
|
|
|
|
<ul>
|
|
|
<li>Alice, young lady with feelings for Bob</li>
|
|
|
<li>Bob, a young lad with an addiction to pancakes</li>
|
|
|
<li>Eve, a wee jealous girl scout who sits between Bob and Alice</li>
|
|
|
</ul>
|
|
|
|
|
|
<p>Alice really likes Bob and wants to tell Bob her feelings, so she writes “I love you, Bob! Please eat healthier!” on a sticky note.
|
|
|
She passes it to Eve, so Eve can pass it to Alice’s love interest.
|
|
|
However, in an unfortunate turn of events Eve reads the note herself, and decides not to give it to Bob.</p>
|
|
|
|
|
|
<p>Oh the horror! Alice is without young love! How could she remedy this so that Bob can read her message, but evil Eve can not?
|
|
|
Let’s use the Caesar cipher to fix this problem.</p>
|
|
|
|
|
|
<p>Let us assume that Alice and Bob already have a shared key, 7 for example. To encrypt this message, she should shift her letters seven letters forward in the alphabet—just like the example above.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img alt="A longer Ceasar cipher encrypted message: ROT2: Wpeng Vgf ku dqqogt ogog]" src="/assets/img/ceasar2.jpg" />
|
|
|
<figcaption>
|
|
|
A longer Ceasar cipher encrypted message using ROT2.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>Now Alice’s message reads “P svcl fvb, Ivi! Wslhzl lha olhsaoply!”</p>
|
|
|
|
|
|
<p>Now, when Alice sends her Romeo a little note, all he has to do is decrypt the text by shifting the letters down by 7.
|
|
|
<a href="https://www.xarg.org/tools/caesar-cipher/">Here is a site</a> which can do longer pieces of text for you instead of doing it manually.</p>
|
|
|
|
|
|
<h2 id="problems">Problems</h2>
|
|
|
|
|
|
<p>Before the two love-birds start smooching on the branch of a big pine tree in the schoolyard, perhaps we should consider some problems with the Ceasar cipher.</p>
|
|
|
|
|
|
<h4 id="it-is-very-easy-to-break">It is Very Easy to Break</h4>
|
|
|
|
|
|
<p>Even Eve with her measly grade 4 math skills could easily start going through this message with pen and paper and figure out any combination in a couple hours at maximum.
|
|
|
Imagine how easy this is for a computer?
|
|
|
This could be broken in a few microseconds even on an older processor like the Intel Core 2 Duo.</p>
|
|
|
|
|
|
<h4 id="no-secure-way-of-sharing-keys">No Secure Way of Sharing Keys</h4>
|
|
|
|
|
|
<p>We assumed in our previous example that Bob and Alice already have a shared key (seven) to encrypt and decrypt all of their messages.
|
|
|
If Bob and Alice did not have a previous friendship and time to share secrets of this sort, there is no way to share their key with eachother without Eve also knowing.
|
|
|
This would defeat the entire purpose of obscuring the message in the first place.</p>
|
|
|
|
|
|
<h4 id="universal-vulnerability-of-messages">Universal Vulnerability of Messages</h4>
|
|
|
|
|
|
<p>Every message sent between the two parties uses the same code to encrypt and decrypt. If someone finds out the code once, all previous communications are comprimised.</p>
|
|
|
|
|
|
<h2 id="better-encryption-methods">Better Encryption Methods</h2>
|
|
|
|
|
|
<p>To combat the issues with easily breakable, shared-key cryptography, we can turn to the beautiful beast that is <a href="https://en.wikipedia.org/wiki/Public-key_cryptography">Asymetric Cryptography</a>.
|
|
|
I will discuss this more in another article, but for the technically inclined:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li><a href="https://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA</a>/<a href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography">EC</a> provides <em>very</em> large cryptographic keys. It would be impossible for a human to encrypt or decrypt a message manually.</li>
|
|
|
<li><a href="https://www.youtube.com/watch?v=GSIDS_lvRv4">Asymetric cryptography</a> provides four keys, instead of just one; stopping evesdroppers from listening in on your secret conversations—even if you do not have the chance to exchange keys in advance.</li>
|
|
|
</ol></content><author><name>tait</name></author><summary type="html">There are many kinds of encryption used in our everyday communication. Online and offline, over the internet and in person. In this article, I will explain the basics of how encryption should work in theory. I explain in this article why encryption is important, and why you should care about it.</summary></entry></feed> |
