The Debian SSL fubar farrago - some light perspective
If you have a Debian or Ubuntu box and used it to generate an SSH key in the last couple of years, due to a rather heinous bug, there’s a high chance you have one of roughly 260,000 keys.
To put this in perspective, if your account was protected by a 4 lower-case-character password, it would be harder to brute-force access (264 = 456,976).
For the sake of the internet, follow the instructions to update the keys on your servers forthwith.
The excellent TrueCrypt now runs on OS X, as well as Windows and Linux. I’ll definitely be shunting some of my files onto an encrypted thumbdrive later.
If any of you bastards *dare* to post “12 6F 5A CF BD 5F 55 00 B8 60 C8 42 49 59 FC AB” elsewhere on the web, I’ll sue you, you hear?
Firefox extension to enable GPG encryption/verification in GMail. Need to give this a shot.
Just publishing these so I can point to them later for verification purposes. If you IM with me, I encourage you to use a client that supports OTR encryption.
It appears that someone has found a way to extract the encryption keys for HD-DVD discs, then rip them. This doesn’t render the whole of AACS broken (it was designed to work around broken software), but until the movie industry makes its move, all HD-DVD discs out there today can be ripped.
Rebuttal of the theory that the government are mass-cracking encrypted data. “If you want to brute-force a key, it literally takes a planet-ful of computers… Now of course, there are other ways to break the system.”
An overview of how the AACS encryption system that’ll be baked into Bluray and HD-DVD works. It’s very well-crafted, but ultimately doomed-to-fail — either through cracking, or through speedy product-obsolescence.
Neat hack for the upcoming (I’m sure) day when I’m behind a firewall that blocks port 22.
Tor + Firefox that you can run on a USB keychain to enable anonymized web browsing anywhere. Fantastic stuff.
My OpenPGP smartcard
Now I can pretend to be Jack Bauer with my GPG encryption keys stored on a smartcard. If you encrypt something to 0xC84C962B, you can be certain that it will be seen by my eyes only. Unless a rather bad man has managed to subtly convinced me to give up my PIN, using little more that the art of persuasion, and a length of rubber hose.
I'm not entirely sure what the legalities are of my importing this card into the US, but for now it's nestled snugly in my wallet between my Green Card and my ACLU membership card.
To be tried-out: Cross-platform app that creates VPNs between computers — even if they’re behind firewalls. Downside: Requires connecting to a centrally-run server to initiate connection, which will soon be charging $$$.
Open-source whole-disk encryption package for Windows. Perfect for keeping your USB keychain drive safe from prying eyes.
This isn’t a bad deal at all: $15 for an SSL certificate recognized as valid by any moderately-recent webbrowser. Perfect for your home-run webmail server.
I'm 