Fun hacks, WP plugins, photography, and PKI junk. Languishing since 2008.
Archive for January, 2009
AES Encryption Via OpenSSL
Jan 31st
If you have ever wanted to encrypt a blob of data for transmission or archival, OpenSSL provides a simple way to accomplish this task without resorting to platform specific tools. To encrypt1:
openssl enc -e -aes-256-cbc -in filename -out filename.enc
To decrypt:
openssl enc -d -aes-256-cbc -in filename.enc -out filename.dec
The example above uses AES256 in cipher block chaining mode, however there are almost 50 different cipher functions available for encryption. To see a list, just type openssl enc help. I would very seriously recommend staying with well-known and accepted standard ciphers like AES unless you have an explicit need to choose something more esoteric.
- You can also add -a to encode More >
Crossplatform GPU MD5 Cracking
Jan 27th
Today I discovered a crossplatform GPU based MD5 cracker called CUDA Multiforcer. This CUDA-based software works on OS X, Linux, and Windows and allows the user to specify a charset (single byte only at this time, no unicode) as well as n hashes to brute force.
In testing on my unibody Macbook Pro I was able to get stepping rates of 24-25 million per second using the 9400M and 35-36 million per second with the 9600M. Not spectacular, but pretty good for unoptimized software running on a laptop! At the latter rate the 96 char key space for a 6 character More >
Generating a PKCS12 (PFX) Via OpenSSL
Jan 24th
Sometimes there are cases when you have a separate private key/certificate pair (perhaps with an intermediate or two) that need to be combined into a single file. This merge can be performed on the command line using OpenSSL.
openssl pkcs12 -export -in my.cer -inkey my.key -out mycert.pfx
This is the most basic use case and assumes that we have no intermediates, the private key has no password associated, my.cer is a PEM encoded file, and that we wish to supply a password interactively to protect the output file. Great, but what if that’s not true?
Common Optional Flags-passin If your private key has a password, you can More >
New Camera in Hawaii
Jan 22nd
I recently replaced my Canon Rebel XTi with a 5D Mark II, so I thought I’d share a few shots I got with the new camera while on vacation in Hawaii. The higher resolution and (much) lower noise has been the biggest advantage at this point, but it helps that I now have two L glass lenses (70-200 f/4L IS and 24-105 f/4L IS). I’m still on the fence about whether I like the new auto ISO features as I find myself turning it off and controlling ISO manually quite frequently.
Clicking the image will take you to Flickr where you More >
OpenSSL Self-Signed CA
Jan 18th
Setting up a basic CA for development certificate issuance via OpenSSL is fairly simple, but most of the tutorials available online don’t show every step. This guide attempts to be as clear as possible, but if you spot anything that could use more explanation don’t hesitate to leave a comment.
If you don’t have a copy of OpenSSL on your machine, download it now. Linux and OS X users should already have it on their systems, but Windows users can get the latest binaries here. Please note that if you are running a version of OpenSSL prior to 0.9.8 that signing the same More >