I thought I'd give you a short photoblog with a very important message. Okay, it's not that important. The lesson for today is: Never delete anything unless you have to for privacy or safety. The corollary, keep everything encrypted. The corollary to the corollary, remember the password as long as you keep that data encrypted.
Photoblog of Zürich, Switzerland from 2005
Read more »
Dec 21, 2015
A certain game reminded me of a cryptography trick that I learned years ago and haven't had the opportunity to share. First, let's talk substitution ciphers. I'll give two challenges, one with spaces and one without.
GZKH YOQU TKP QY QB BKOB Q OATOPY KOWE BZ TXQBE O AZHF QHBXZUSCBQZH TKEHEWEX QV BXPQHF BZ ENJAOQH YZVEBKQHF YQVJAE COHB JEZJAE GSYB YBOXB XEOUQHF TKEXE VP VQHU YBOXBY TXQBQHF
PKCCAMSVCNSLADUYDUCLQUFDTCAFZSGDPFNTFSCCNXSTFKGDTXADUMM SKLSMPODUCLXSFVKPFFZSJNMPFVKMKXMKVZXNISFZSMSPFDJFZSODMC LKYZKTYSOMNFSKJSOPSTFSTYSPFDLSPYMNQSOZKFADUKMSOMNFNTXKQ DUFJNMPFBDZT
The trick for the first one is to look at the list of possible two-letter words. Here is the top 101 words in order of occurrence in AI3.
of in to is as by on at an In or it he be He It no up On fr As es so St if At do An US By No UK uk To TV we If id Dr go BC Mr Of My my OF Jr We me Me CD us Is am Co So Al AD Up DC al io cm Ed FM PC Be Do hi EP Go kg FC NY yo 3D AM DJ SS LP UN co Op ad os Sr Ma SR EU mg CA Or Wu IP MA Oz Oh Am HD un kW
There are plenty of two letter words in both challenges, so it should be fairly straightforward how to solve those. Once you've tried values for the two letter words, see what substituting the rest of the characters does to other words. You might find obvious words. If you have a dictionary on your system, you can use grep to find a word automatically. If you have the AI3 wordlist, you automatically get the results in order of likeliness which improves the search many times. It also contains words that a normal dictionary doesn't have.
Read more »
Let's Encrypt Nosudo Scripts 0.1 [sig]
Let's Encrypt is a free SSL certificate authority that is designed to let users encrypt their website correctly. This has let me save around $81 creating certificates for all my domains (9 domains with Let's Encrypt, one without). Let's Encrypt was designed for the overly-trusting user who is willing to run code they download off github as root. Experience and paranoia teaches us not to run untrusted code as root or even as a user that isn't fully sandboxed. How do we deal with this? This technical document is for the admin who can read code and find vulnerabilities in Bash, Python, and protocols, not for the faint of heart.
Let's Encrypt Nosudo was designed for that. It takes a few hours to sign 10 certificates, so maybe 30 minutes per cert. But Let's Encrypt only issues certs with duration of 3 months which means that every 2-3 months you have to spend 30 minutes per cert. If you have 9 certs, that's a huge time investment. So like me you want to automate Let's Encrypt so that you don't have to spend 5 hours every 2-3 months. This is what these scripts are for.
Read more »
I have setup TLS for sono.us and www.cell-game.com using Let's Encrypt. Both certificates will expire January 25, 2016.
Instead of running letsencrypt with sudo privileges on my server, I ran letsencrypt-nosudo. According to Issue #5, this can be done using the official client as well. Because letsencrypt-nosudo was very short, I was able to modify it and vet it easily. There are weaknesses in any system, but the options are quite limited in this system. If you'd like my patch, let me know.
Read more »
