Just finished up with RubyDES, my DES implementation in Ruby. The reason for building RubyDES was two fold: To better push my ruby fu and to allow other Ruby programmers who are interested in cryptography to better understand the worlds most influential cryptographic algorithm.
The best way to read the RubyDES source code if you are new to the DES, is to first familiarize yourself with the algorithm. The best way to do so is read the DES wikipedia page and FIPS 46. You will also notice that the variable and constant names are quite terse (e.g. IP, E, PC_2, r, k). This was on purpose, as I wanted to stay true to the technical specs of the DES so that reading through a DES explanation with the RubyDES source code will allow you to follow along.
To checkout RubyDES, go on over to the github page. Also, feel free to send over any comments or suggestions (or even better, fork it and let me know when to pull).
Some pretty bad news from the Debian team. Apparently, a change made to the bundled version of OpenSSL has made key generation predictable. The issue is severe enough that the Debian team recommends you consider all affected keys compromised and regenerate them ASAP.
If you have been using any Debian distro (which includes Ubuntu) to generate SSL or SSH key material, check your version of OpenSSL. If you have 0.9.8c-1 or later, then you are affected.
Also keep in mind, any signatures made by compromised keys should be considered untrusted. As such, once you generate your new keys, you should notify anyone who you have acted as a signatory, and resign with your new material.
Read the official announcement from the Debian team here. There is also a Slashdot discussion you can take part in here too.
I am now superseding the following DSA/ELG key pair.
pub 1024D/338E2A73 2008-02-13 [expires: 2008-05-13]
Key fingerprint = 72F8 3AD5 3991 B39B BD83 6090 B92D 78F6 338E 2A73
sub 2048g/55484828 2008-02-13 [expires: 2008-05-13]If you wish to continue communicating with me securely, please use the following DSA/ELG public key, which you can fetch from publickey.robertsosinski.com or receive from pgp.mit.edu.
pub 1024D/03EE59A3 2008-05-05 [expires: 2011-05-05]
Key fingerprint = CEFC D32D A0F0 8F02 3EE4 AD55 2B31 0C88 03EE 59A3
sub 4096g/720D8A7D 2008-05-05 [expires: 2011-05-05]You can then verify this and all subsequent keys with my RSA signature key, which you can fetch from signaturekey.robertsosinski.com or receive from pgp.mit.edu.
pub 4096R/9BAE307E 2008-05-05
Key fingerprint = A098 B838 28C1 F021 4984 E6B4 7397 56A7 9BAE 307EFrom now on, I will supersede my DSA/ELG public key every 3 years, as well as whenever I deem necessary. In order to maintain continuity between any keys I make (for either professional or personal use), I will sign them with my RSA signature key.
I will only sign keys, not message data, with my RSA signature key in order to limit the amount of text associated with it. If you would like me to sign your key with my RSA signature key, please call or email me to setup a face-to-face meeting to do so.
Continuing on with building a simple and restful user authentication system is allowing your users to recover their accounts. Account recovery is necessary as user’s have a knack for forgetting their passwords. Often, I come across account recovery methods that are crufty or insecure. Such does not need to be the case, especially with Ruby on Rails.
In this tutorial, you will use symmetric encryption to make secure forgotten password links that stop functioning after use. You will also use ActionMailer to email the link to the user’s address of record. Read the rest of this entry »
PGP, or Pretty Good Privacy, is a commonly used and very secure encryption program using public key cryptography. Through PGP, you can encrypt information such as messages, documents and files in a manner so that only the recipient can decrypt and open them.
The goal of this tutorial is to get you up and running with PGP through terminal and familiar with its operation. Read the rest of this entry »