Search Results

Search found 241 results on 10 pages for 'passphrase'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/10 | < Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >

  • Best practices for encrytping continuous/small UDP data

    - by temp
    Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (on waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

    Read the article

  • PGP Command Line Decryption --- How to decrypt file?

    - by whitman6732
    I was sent a public key in order to decrypt a pgp-encrypted file. I imported the key with: gpg --import publickey.asc And verified it with gpg --list-keys Now, I'm trying to decrypt the file. I put the passphrase in a file called pass.txt and ran this at the command line: gpg --passphrase-fd ../../pass.txt --decrypt encryptedfile.txt.pgp --output encryptedfile.txt All it says is: Reading passphrase from file descriptor 0 ... And doesn't seem to be doing anything else. I can't tell if it's hanging or not. Is it a relatively quick process? The file is large ( about 2 GB ). Is the syntax for it correct?

    Read the article

  • What is an s2k algorithm?

    - by WilliamKF
    What is the definition of an s2k algorithm? For example, "PBKDF2(SHA-1)" is an s2k algorithm. Here is some Botan code that refers to s2k: AutoSeeded_RNG rng; std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)")); s2k->set_iterations(8192); s2k->new_random_salt(rng, 8); SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase); InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase); SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase); Also, what is a 'salt' in s2k?

    Read the article

  • GnuPG Shell Script - Refuses to read password

    - by OopsForgotMyOtherUserName
    The script below used to work on Mac OS X, but, since moving it to Ubuntu, it doesn't seem to read from the password file at all. Even when I run it from the command line, no matter what I do, I get a popup prompt asking me for the password. As this will run via cron, I don't want this to happen... I want it to read the password from the file with no prompt. To note, I did try using passphrase-fd and passphrase-file, neither of which worked... #!/bin/sh p=$(<pass.txt) set -- $p pass_phrase=$1 destination="/var/www/decrypted" cd /var/sl_bin/ for FILE in *.pgp; do FILENAME=${FILE%.pgp} gpg --passphrase "$pass_phrase" --output "$destination/$FILENAME" --decrypt "$FILE" rm -f $FILE done

    Read the article

  • How to automate rsync without asking for password prompt

    - by Rijosh K
    i would like to automate the rsync task as a cron job.. since it needs the passphrase i am not able to do the cronjob. i need to specify the passphrase along with the rsync command or i will store the passphrase in a file and i will read from it. my command will look like this.. rsync -aPe "ssh -i ' . $server-{'ssh_key'} . '" ' . $server_lock_dir; so where do i put the password .. pls help

    Read the article

  • Preseed Ubuntu installation with full disk encryption

    - by user249264
    I am trying to set up Ubuntu full disk encryption using preseeding. I was able to set things up correctly following the preseed file presented here. But I do not want to provide the default password in the preseed file. Is there a way to let ubiquity fall to the screen that asks for the encryption passphrase just like it does when the username is not provided in the preseed file? When I try to leave the passphrase option empty in the preseed file, I get an error in the installer saying "An error occured while creating the keyfile".

    Read the article

  • I am trying to deploy my first rails app using Capistrano and am getting an error.

    - by Andrew Bucknell
    My deployment of a rails app with capistrano is failing and I hoping someone can provide me with pointers to troubleshoot. The following is the command output andrew@melb-web:~/projects/rails/guestbook2$ cap deploy:setup * executing `deploy:setup' * executing "mkdir -p /var/www/dev/guestbook2 /var/www/dev/guestbook2/releases /var/www/dev/guestbook2/shared /var/www/dev/guestbook2/shared/system /var/www/dev/guestbook2/shared/log /var/www/dev/guestbook2/shared/pids && chmod g+w /var/www/dev/guestbook2 /var/www/dev/guestbook2/releases /var/www/dev/guestbook2/shared /var/www/dev/guestbook2/shared/system /var/www/dev/guestbook2/shared/log /var/www/dev/guestbook2/shared/pids" servers: ["dev.andrewbucknell.com"] Enter passphrase for /home/andrew/.ssh/id_dsa: Enter passphrase for /home/andrew/.ssh/id_dsa: [dev.andrewbucknell.com] executing command command finished andrew@melb-web:~/projects/rails/guestbook2$ cap deploy:check * executing `deploy:check' * executing "test -d /var/www/dev/guestbook2/releases" servers: ["dev.andrewbucknell.com"] Enter passphrase for /home/andrew/.ssh/id_dsa: [dev.andrewbucknell.com] executing command command finished * executing "test -w /var/www/dev/guestbook2" servers: ["dev.andrewbucknell.com"] [dev.andrewbucknell.com] executing command command finished * executing "test -w /var/www/dev/guestbook2/releases" servers: ["dev.andrewbucknell.com"] [dev.andrewbucknell.com] executing command command finished * executing "which git" servers: ["dev.andrewbucknell.com"] [dev.andrewbucknell.com] executing command command finished * executing "test -w /var/www/dev/guestbook2/shared" servers: ["dev.andrewbucknell.com"] [dev.andrewbucknell.com] executing command command finished You appear to have all necessary dependencies installed andrew@melb-web:~/projects/rails/guestbook2$ cap deploy:migrations * executing `deploy:migrations' * executing `deploy:update_code' updating the cached checkout on all servers executing locally: "git ls-remote [email protected]:/home/andrew/git/guestbook2.git master" Enter passphrase for key '/home/andrew/.ssh/id_dsa': * executing "if [ -d /var/www/dev/guestbook2/shared/cached-copy ]; then cd /var/www/dev/guestbook2/shared/cached-copy && git fetch origin && git reset --hard 369c5e04aaf83ad77efbfba0141001ac90915029 && git clean -d -x -f; else git clone [email protected]:/home/andrew/git/guestbook2.git /var/www/dev/guestbook2/shared/cached-copy && cd /var/www/dev/guestbook2/shared/cached-copy && git checkout -b deploy 369c5e04aaf83ad77efbfba0141001ac90915029; fi" servers: ["dev.andrewbucknell.com"] Enter passphrase for /home/andrew/.ssh/id_dsa: [dev.andrewbucknell.com] executing command ** [dev.andrewbucknell.com :: err] Permission denied, please try again. ** Permission denied, please try again. ** Permission denied (publickey,password). ** [dev.andrewbucknell.com :: err] fatal: The remote end hung up unexpectedly ** [dev.andrewbucknell.com :: out] Initialized empty Git repository in /var/www/dev/guestbook2/shared/cached-copy/.git/ command finished failed: "sh -c 'if [ -d /var/www/dev/guestbook2/shared/cached-copy ]; then cd /var/www/dev/guestbook2/shared/cached-copy && git fetch origin && git reset --hard 369c5e04aaf83ad77efbfba0141001ac90915029 && git clean -d -x -f; else git clone [email protected]:/home/andrew/git/guestbook2.git /var/www/dev/guestbook2/shared/cached-copy && cd /var/www/dev/guestbook2/shared/cached-copy && git checkout -b deploy 369c5e04aaf83ad77efbfba0141001ac90915029; fi'" on dev.andrewbucknell.com andrew@melb-web:~/projects/rails/guestbook2$ The following fragment is from cap -d deploy:migrations Preparing to execute command: "find /var/www/dev/guestbook2/releases/20100305124415/public/images /var/www/dev/guestbook2/releases/20100305124415/public/stylesheets /var/www/dev/guestbook2/releases/20100305124415/public/javascripts -exec touch -t 201003051244.22 {} ';'; true" Execute ([Yes], No, Abort) ? |y| yes * executing `deploy:migrate' * executing "ls -x /var/www/dev/guestbook2/releases" Preparing to execute command: "ls -x /var/www/dev/guestbook2/releases" Execute ([Yes], No, Abort) ? |y| yes /usr/lib/ruby/gems/1.8/gems/capistrano-2.5.17/lib/capistrano/recipes/deploy.rb:55:in `join': can't convert nil into String (TypeError) from /usr/lib/ruby/gems/1.8/gems/capistrano-2.5.17/lib/capistrano/recipes/deploy.rb:55:in `load'

    Read the article

  • How can I get the root account to generate an acceptable ssh key?

    - by Jamie
    On an ubuntu machine I did the following: ~$ sudo su - [sudo] password for jamie: root@mydomain:~# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 12:34:56:78:9a:bc:de:f0:12:34:56:78:9a:bc:de:f0 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | | | | | | | | | | | | +-----------------+ root@mydomain:~# cat /root/.ssh/id_rsa.pub | ssh -p 443 [email protected] 'cat > authorized_keys' [email protected]'s password: root@mydomain:~# ssh -p 443 [email protected] [email protected]'s password: It's asking me for a password. However, using a regular account, the following works: $ cd ; ssh-keygen -t rsa ; cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat >> ~/.ssh/authorized_keys' $ ssh [email protected] Last login: Thu Oct 24 14:48:41 2013 from 173.45.232.105 [[email protected] ~]$ Which leads me to believe it's not an issue of authorized_keys versus authorized_keys2 or permissions. Why does the 'root' account accessing the remote 'jamie' account not work? The remote machine is CentOS if that's relevant.

    Read the article

  • How to make ssh connection between servers using public-key authentication

    - by Rafael
    I am setting up a continuos integration(CI) server and a test web server. I would like that CI server would access web server with public key authentication. In the web server I have created an user and generated the keys sudo useradd -d /var/www/user -m user sudo passwd user sudo su user ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/www/user/.ssh/id_rsa): Created directory '/var/www/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/www/user/.ssh/id_rsa. Your public key has been saved in /var/www/user/.ssh/id_rsa.pub. However othe side, CI server copies the key to the host but still asks password ssh-copy-id -i ~/.ssh/id_rsa.pub user@webserver-address user@webserver-address's password: Now try logging into the machine, with "ssh 'user@webserver-address'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. I checked on the web server and the CI server public key has been copied to web server authorized_keys but when I connect, It asks password. ssh 'user@webserver-address' user@webserver-address's password: If I try use root user rather than my created user (both users are with copied public keys). It connects with the public key ssh 'root@webserver-address' Welcome to Ubuntu 11.04 (GNU/Linux 2.6.18-274.7.1.el5.028stab095.1 x86_64) * Documentation: https://help.ubuntu.com/ Last login: Wed Apr 11 10:21:13 2012 from ******* root@webserver-address:~#

    Read the article

  • OpenSSL error while running punjab

    - by Hunt
    i ran punjab - BOSH connection manager - using twistd -y punjab.tac command in my centos but i am getting following error Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 652, in run runApp(config) File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 386, in run self.application = self.createOrGetApplication() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 451, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 462, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "punjab.tac", line 39, in <module> '/etc/pki/tls/cert.pem', File "/usr/local/lib/python2.7/site-packages/twisted/internet/ssl.py", line 68, in __init__ self.cacheContext() File "/usr/local/lib/python2.7/site-packages/twisted/internet/ssl.py", line 78, in cacheContext ctx.use_privatekey_file(self.privateKeyFileName) OpenSSL.SSL.Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')] Failed to load application: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')] my configuration file of punjab is sslContext = ssl.DefaultOpenSSLContextFactory( '/etc/pki/tls/private/ca.key', '/etc/pki/tls/cert.pem', ) How can i resolve above error

    Read the article

  • Trying to install datastax opscenter - Failed to load application: cannot import name _parse

    - by gansbrest
    I'm not familiar with python, maybe someone could explain what's going on here? ec2-user@prod-opscenter-01:~ % java -version java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode) ec2-user@prod-opscenter-01:~ % python -V Python 2.6.8 ec2-user@prod-opscenter-01:~ % openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 And now the error ec2-user@prod-opscenter-01:~ % sudo /etc/init.d/opscenterd start Starting Cassandra cluster manager opscenterd Starting opscenterdUnhandled Error Traceback (most recent call last): File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 652, in run runApp(config) File "/usr/lib64/python2.6/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 386, in run self.application = self.createOrGetApplication() File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 451, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 462, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/lib64/python2.6/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/lib64/python2.6/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "bin/start_opscenter.py", line 1, in <module> from opscenterd import opscenterd_tap File "/usr/lib/python2.6/site-packages/opscenterd/opscenterd_tap.py", line 37, in <module> File "/usr/lib/python2.6/site-packages/opscenterd/OpsCenterdService.py", line 13, in <module> File "/usr/lib/python2.6/site-packages/opscenterd/ClusterServices.py", line 22, in <module> File "/usr/lib/python2.6/site-packages/opscenterd/WebServer.py", line 40, in <module> File "/usr/lib/python2.6/site-packages/opscenterd/Agents.py", line 18, in <module> exceptions.ImportError: cannot import name _parse Failed to load application: cannot import name _parse Maybe there are open source alternatives to monitoring cassandra I should look at? Thanks a lot

    Read the article

  • Can SSH into remote server but can't SCP?

    - by ArtfulDodger2012
    I can SSH into remote server just fine using private key authentication with prompt for passphrase. However I'm getting permission denied when I try to SCP a file using the same passphrase. Here's my output: $ scp -v [file] [user]@[remoteserver.com]:/home/[my dir] Executing: program /usr/bin/ssh host [remoteserver.com], user [user], command scp -v -t /home/[my dir] OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/[my dir].ssh/config debug1: Applying options for [remoteserver.com] debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to [remoteserver.com] [[remoteserver.com]] port 22. debug1: Connection established. debug1: identity file /home/[user]/.ssh/aws_corp type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '[remoteserver.com]' is known and matches the RSA host key. debug1: Found key in /home/[my dir]/.ssh/known_hosts:12 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/[my dir]/.ssh/aws_corp debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/[my dir]/.ssh/aws_corp': debug1: read PEM private key done: type RSA Connection closed by [remote server] lost connection I've searched for answers but can't find quite the same problem or am just being thick. Either way any help is much appreciated. Cheers!

    Read the article

  • Wont Let Me Type In My Pass Phrase

    - by Tapha
    Not real information: $ ssh-keygen -t rsa -C "[email protected]" Generating public/private rsa key pair. Enter file in which to save the key (/c/Users/Tekkub/.ssh/id_rsa): ssh.txt I entered a file name here. Not sure if i should have, Enter passphrase (empty for no passphrase): I am stuck here. I type and it doesnt work

    Read the article

  • Solaris 11.1: Encrypted Immutable Zones on (ZFS) Shared Storage

    - by darrenm
    Solaris 11 brought both ZFS encryption and the Immutable Zones feature and I've talked about the combination in the past.  Solaris 11.1 adds a fully supported method of storing zones in their own ZFS using shared storage so lets update things a little and put all three parts together. When using an iSCSI (or other supported shared storage target) for a Zone we can either let the Zones framework setup the ZFS pool or we can do it manually before hand and tell the Zones framework to use the one we made earlier.  To enable encryption we have to take the second path so that we can setup the pool with encryption before we start to install the zones on it. We start by configuring the zone and specifying an rootzpool resource: # zonecfg -z eizoss Use 'create' to begin configuring a new zone. zonecfg:eizoss> create create: Using system default template 'SYSdefault' zonecfg:eizoss> set zonepath=/zones/eizoss zonecfg:eizoss> set file-mac-profile=fixed-configuration zonecfg:eizoss> add rootzpool zonecfg:eizoss:rootzpool> add storage \ iscsi://zs7120-tvp540-c.uk.oracle.com/luname.naa.600144f09acaacd20000508e64a70001 zonecfg:eizoss:rootzpool> end zonecfg:eizoss> verify zonecfg:eizoss> commit zonecfg:eizoss> Now lets create the pool and specify encryption: # suriadm map \ iscsi://zs7120-tvp540-c.uk.oracle.com/luname.naa.600144f09acaacd20000508e64a70001 PROPERTY VALUE mapped-dev /dev/dsk/c10t600144F09ACAACD20000508E64A70001d0 # echo "zfscrypto" > /zones/p # zpool create -O encryption=on -O keysource=passphrase,file:///zones/p eizoss \ /dev/dsk/c10t600144F09ACAACD20000508E64A70001d0 # zpool export eizoss Note that the keysource example above is just for this example, realistically you should probably use an Oracle Key Manager or some other better keystorage, but that isn't the purpose of this example.  Note however that it does need to be one of file:// https:// pkcs11: and not prompt for the key location.  Also note that we exported the newly created pool.  The name we used here doesn't actually mater because it will get set properly on import anyway. So lets go ahead and do our install: zoneadm -z eizoss install -x force-zpool-import Configured zone storage resource(s) from: iscsi://zs7120-tvp540-c.uk.oracle.com/luname.naa.600144f09acaacd20000508e64a70001 Imported zone zpool: eizoss_rpool Progress being logged to /var/log/zones/zoneadm.20121029T115231Z.eizoss.install Image: Preparing at /zones/eizoss/root. AI Manifest: /tmp/manifest.xml.ujaq54 SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: eizoss Installation: Starting ... Creating IPS image Startup linked: 1/1 done Installing packages from: solaris origin: http://pkg.us.oracle.com/solaris/release/ Please review the licenses for the following packages post-install: consolidation/osnet/osnet-incorporation (automatically accepted, not displayed) Package licenses may be viewed using the command: pkg info --license <pkg_fmri> DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 187/187 33575/33575 227.0/227.0 384k/s PHASE ITEMS Installing new actions 47449/47449 Updating package state database Done Updating image state Done Creating fast lookup database Done Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 929.606 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /zones/eizoss/root/var/log/zones/zoneadm.20121029T115231Z.eizoss.install That was really all we had to do, when the install is done boot it up as normal. The zone administrator has no direct access to the ZFS wrapping keys used for the encrypted pool zone is stored on.  Due to how inheritance works in ZFS he can still create new encrypted datasets that use those wrapping keys (without them ever being inside a process in the zone) or he can create encrypted datasets inside the zone that use keys of his own choosing, the output below shows the two cases: rpool is inheriting the key material from the global zone (note we can see the value of the keysource property but we don't use it inside the zone nor does that path need to be (or is) accessible inside the zone). Whereas rpool/export/home/bob has set keysource locally. # zfs get encryption,keysource rpool rpool/export/home/bob NAME PROPERTY VALUE SOURCE rpool encryption on inherited from $globalzone rpool keysource passphrase,file:///zones/p inherited from $globalzone rpool/export/home/bob encryption on local rpool/export/home/bob keysource passphrase,prompt local  

    Read the article

  • How Can I: Generate 40/64 Bit WEP Key In Python?

    - by Aktariel
    So, I've been beating my head against the wall of this issue for several months now, partly because it's a side interest and partly because I suck at programming. I've searched and researched all across the web, but have not had any luck (except one small bit of success; see below), so I thought I might try asking the experts. What I am trying to do is, as the title suggests, generate a 40/64 bit WEP key from a passphrase, according to the "de facto" standard. (A site such as [http://www.powerdog.com/wepkey.cgi] produces the expected outputs.) I have already written portions of the script that take inputs and write them to a file; one of the inputs would be the passphrase, sanitized to lower case. For the longest time I had no idea what the defacto standard was, much less how to even go about implementing it. I finally stumbled across a paper (http://www.lava.net/~newsham/wlan/WEP_password_cracker.pdf) that sheds as much light as I've had yet on the issue (page 18 has the relevant bits). Apparently, the passphrase is "mapped to a 32-bit value with XOR," the result of which is then used as the seed for a "linear congruential PRNG (which one of the several PRNGs Python has would fit this description, I don't know), and then from that result several bits of the result are taken. I have no idea how to go about implementing this, since the description is rather vague. What I need is help in writing the generator in Python, and also in understanding how exactly the key is generated. I'm not much of a programmer, so explanations are appreciated as well. (Yes, I know that WEP isn't secure.)

    Read the article

  • What’s the password for my FileVault 2 boot volume?

    - by cbowns
    Apple’s support document for FileVault 2 (a.k.a. “full disk encryption” or “FDE”) has lots of information about enabling FDE and what it means for booting the machine. However, it doesn’t cover one very important thing I’m trying to do: mount the drive in the Recovery HD environment to reinstall OS X on it. The Recovery HD environment asks me for the volume passphrase so it can mount my drive and try to install OS X onto it. If this were an external drive which I’d manually enabled FDE on with diskutil, or an external Time Machine volume, I’d know it because it makes you pick one (just like a regular login password), but FileVault 2 never asked me for a volume passphrase (I assume it selects one behind the scenes). I’ve tried my main user’s password, but that doesn’t work, and neither does the recovery key set for the volume. Keychain Access doesn’t have anything that I could find. How do I unlock this volume?

    Read the article

  • LUKS with LVM, mount is not persistent after reboot

    - by linxsaga
    I have created a Logical vol and used luks to encrypt it. But while rebooting the server. I get a error message (below), therefore I would have to enter the root pass and disable the /etc/fstab entry. So mount of the LUKS partition is not persistent during reboot using LUKS. I have this setup on RHEL6 and wondering what i could be missing. I want to the LV to get be mount on reboot. Later I would want to replace it with UUID instead of the device name. Error message on reboot: "Give root password for maintenance (or type Control-D to continue):" Here are the steps from the beginning: [root@rhel6 ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created [root@rhel6 ~]# vgcreate vg01 /dev/sdb Volume group "vg01" successfully created [root@rhel6 ~]# lvcreate --size 500M -n lvol1 vg01 Logical volume "lvol1" created [root@rhel6 ~]# lvdisplay --- Logical volume --- LV Name /dev/vg01/lvol1 VG Name vg01 LV UUID nX9DDe-ctqG-XCgO-2wcx-ddy4-i91Y-rZ5u91 LV Write Access read/write LV Status available # open 0 LV Size 500.00 MiB Current LE 125 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 [root@rhel6 ~]# cryptsetup luksFormat /dev/vg01/lvol1 WARNING! ======== This will overwrite data on /dev/vg01/lvol1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: [root@rhel6 ~]# mkdir /house [root@rhel6 ~]# cryptsetup luksOpen /dev/vg01/lvol1 house Enter passphrase for /dev/vg01/lvol1: [root@rhel6 ~]# mkfs.ext4 /dev/mapper/house mke2fs 1.41.12 (17-May-2010) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) Stride=0 blocks, Stripe width=0 blocks 127512 inodes, 509952 blocks 25497 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67633152 63 block groups 8192 blocks per group, 8192 fragments per group 2024 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 21 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. [root@rhel6 ~]# mount -t ext4 /dev/mapper/house /house PS: HERE I have successfully mounted: [root@rhel6 ~]# ls /house/ lost+found [root@rhel6 ~]# vim /etc/fstab -> as follow /dev/mapper/house /house ext4 defaults 1 2 [root@rhel6 ~]# vim /etc/crypttab -> entry as follows house /dev/vg01/lvol1 password [root@rhel6 ~]# mount -o remount /house [root@rhel6 ~]# ls /house/ lost+found [root@rhel6 ~]# umount /house/ [root@rhel6 ~]# mount -a -> SUCCESSFUL AGAIN [root@rhel6 ~]# ls /house/ lost+found Please let me know if I am missing anything here. Thanks in advance.

    Read the article

  • Securing data sent to an unencrypted WiFi AP

    - by David Parunakian
    The business plan of a project I'm involved in assumes selling certain WiFi-enabled devices to end users. All these devices originally have an unencrypted connection and a standard SSID. The problem is that although the user can connect to it and set both a new SSID and a WPA passphrase, these are being sent to the AP in plain text and thus can be intercepted by anyone nearby with a sniffer. What's the best solution to this problem, and why? Initially set up an encrypted wireless network at the device and supply the user with a printed passphrase Buy an SSL certificate for the AP's default IP address or local domain name (the APs aren't supposed to work as a router and have a captive portal & dnsmasq installed, so all of them can pretend to be myunit.example.com, as far as I understand) Something different Thank you.

    Read the article

  • Using a script that uses Duplicity + S3 excluding large files

    - by Jason
    I'm trying to write an backup script that will exclude files over a certain size. If i run the script duplicity gives an error. However if I copy and paste the same command generated by the script everything works... Here is the script #!/bin/bash # Export some ENV variables so you don't have to type anything export AWS_ACCESS_KEY_ID="accesskey" export AWS_SECRET_ACCESS_KEY="secretaccesskey" export PASSPHRASE="password" SOURCE=/home/ DEST=s3+http://s3bucket GPG_KEY="gpgkey" # exclude files over 100MB exclude () { find /home/jason -size +100M \ | while read FILE; do echo -n " --exclude " echo -n \'**${FILE##/*/}\' | sed 's/\ /\\ /g' #Replace whitespace with "\ " done } echo "Using Command" echo "duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST" duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST # Reset the ENV variables. export AWS_ACCESS_KEY_ID= export AWS_SECRET_ACCESS_KEY= export PASSPHRASE= When the script is run I get the error; Command line error: Expected 2 args, got 6 Where am i going wrong??

    Read the article

  • Backup script that excludes large files using Duplicity and Amazon S3

    - by Jason
    I'm trying to write an backup script that will exclude files over a certain size. My script gives the proper command, but when run within the script it outputs an an error. However if the same command is run manually everything works...??? Here is the script based on one easy found with google #!/bin/bash # Export some ENV variables so you don't have to type anything export AWS_ACCESS_KEY_ID="accesskey" export AWS_SECRET_ACCESS_KEY="secretaccesskey" export PASSPHRASE="password" SOURCE=/home/ DEST=s3+http://s3bucket GPG_KEY="7743E14E" # exclude files over 100MB exclude () { find /home/jason -size +100M \ | while read FILE; do echo -n " --exclude " echo -n \'**${FILE##/*/}\' | sed 's/\ /\\ /g' #Replace whitespace with "\ " done } echo "Using Command" echo "duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST" duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST # Reset the ENV variables. export AWS_ACCESS_KEY_ID= export AWS_SECRET_ACCESS_KEY= export PASSPHRASE= If run I recieve the error; Command line error: Expected 2 args, got 6 Enter 'duplicity --help' for help screen. Any help your could offer would be greatly appreciated.

    Read the article

  • Problem with script that excludes large files using Duplicity and Amazon S3

    - by Jason
    I'm trying to write an backup script that will exclude files over a certain size. If i run the script duplicity gives an error. However if i copy and paste the same command generated by the script everything works... Here is the script #!/bin/bash # Export some ENV variables so you don't have to type anything export AWS_ACCESS_KEY_ID="accesskey" export AWS_SECRET_ACCESS_KEY="secretaccesskey" export PASSPHRASE="password" SOURCE=/home/ DEST=s3+http://s3bucket GPG_KEY="gpgkey" # exclude files over 100MB exclude () { find /home/jason -size +100M \ | while read FILE; do echo -n " --exclude " echo -n \'**${FILE##/*/}\' | sed 's/\ /\\ /g' #Replace whitespace with "\ " done } echo "Using Command" echo "duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST" duplicity --encrypt-key=$GPG_KEY --sign-key=$GPG_KEY `exclude` $SOURCE $DEST # Reset the ENV variables. export AWS_ACCESS_KEY_ID= export AWS_SECRET_ACCESS_KEY= export PASSPHRASE= When the script is run I get the error; Command line error: Expected 2 args, got 6 Where am i going wrong??

    Read the article

  • How can I get ssh-agent working over ssh and in tmux (on OS X)?

    - by Rich
    I have a private key set up for my github account, the passphrase to which is, I believe, stored in OS X's keychain. I certainly don't have to type it in when I open a terminal window and enter ssh [email protected]. However, when I'm running bash over an ssh session, or locally inside a tmux session, I have to type in the passphrase every single time I attempt to ssh to github. This question suggests that a similar problem exists with screen, but I don't really understand the issue well enough to fix it in tmux. There's also this page which includes a fairly complicated solution, but for zsh. EDIT: In response to @Mikel's answer, from a local terminal I get the following output: [~] $ echo $SSH_AUTH_SOCK /tmp/launch-S4HBD6/Listeners [~] $ ssh-add -l 2048 [my key fingerprint] /Users/richie/.ssh/id_rsa (RSA) [~] $ typeset -p SSH_AUTH_SOCK declare -x SSH_AUTH_SOCK="/tmp/launch-S4HBD6/Listeners" Whereas over ssh or in tmux I get: [~] $ echo $SSH_AUTH_SOCK [~] $ ssh-add -l Could not open a connection to your authentication agent. [~] $ typeset -p SSH_AUTH_SOCK bash: typeset: SSH_AUTH_SOCK: not found echo $SSH_AGENT_PID returns nothing whatever shell I run it from.

    Read the article

  • Different configurations for ssh client depending on ip address or hostname

    - by John Smith Optional
    I have this in my ~/.ssh/config directory: Host 12.34.56.78 IdentityFile ~/.ssh/my_identity_file When I ssh to 12.34.56.78, everything works fine. I'm asked for the passphrase for "my_identity_file" and I can connect to the server. However, sometimes I'd also like to ssh to another server. But whatever the server, if I do: ssh [email protected] I'm also asked for the passphrase for "my_identity_file" (even though the server has a different ip address). This is very annoying because I don't have the public key for this file set up on all my servers. I'd like to connect to this other server (an old shared hosting account) with a password, and now I cant. How do I manage to use the key authentication only with one server, and keep using password by default for servers that aren't listed in my ~/.ssh/config ? Thanks for your help.

    Read the article

  • What's the best practice for taking MySQL dump, encrypting it and then pushing to s3?

    - by HalogenCreative
    This current project requires that the DB be dumped, encrypted and pushed to s3. I'm wondering what might be some "best practices" for such a task. As of now I'm using a pretty straight ahead method but would like to have some better ideas where security is concerned. Here is the start of my script: mysqldump -u root --password="lepass" --all-databases --single-transaction > db.backup.sql tar -c db.backup.sql | openssl des3 -salt --passphrase foopass > db.backup.tarfile s3put backup/db.backup.tarfile db.backup.tarfile # Let's pull it down again and untar it for kicks s3get surgeryflow-backup/db/db.backup.tarfile db.backup.tarfile cat db.backup.tarfile | openssl des3 -d -salt --passphrase foopass |tar -xvj Obviously the problem is that this script everything an attacker would need to raise hell. Any thoughts, critiques and suggestions for this task will be appreciated.

    Read the article

  • How do I get openssh to save my ssh identity permanently in Xfce?

    - by Alliswell
    How do I change it to save my identity permanently using Xfce? During my login session after I have entered: $ ssh-add Then identity is saved and I can connect via ssh without getting the dreaded: Enter passphrase for key However, once I logout and login back-in I get the following when running: $ ssh-add -L The agent has no identities. $ ssh <hostname> Enter passphrase for key '/home/user/.ssh/id_rsa': Stackoverflow has the following solution, yet I do not understand the reference to in the config file: IdentityFile ~/.ssh/id_rsa_buhlServer Specifically I do not understand what I would put on the identity file. Would I put the above word for word? Or just add my file: IdentityFile ~/.ssh/id_rsa StackOverflow solution

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >