Some pretty bad news from the Debian team. Apparently, a change made to the bundled version of OpenSSL has made key generation predictable. The issue is severe enough that the Debian team recommends you consider all affected keys compromised and regenerate them ASAP.
If you have been using any Debian distro (which includes Ubuntu) to generate SSL or SSH key material, check your version of OpenSSL. If you have 0.9.8c-1 or later, then you are affected.
Also keep in mind, any signatures made by compromised keys should be considered untrusted. As such, once you generate your new keys, you should notify anyone who you have acted as a signatory, and resign with your new material.
Read the official announcement from the Debian team here. There is also a Slashdot discussion you can take part in here too.
Continuing on with building a simple and restful user authentication system is allowing your users to recover their accounts. Account recovery is necessary as user’s have a knack for forgetting their passwords. Often, I come across account recovery methods that are crufty or insecure. Such does not need to be the case, especially with Ruby on Rails.
In this tutorial, you will use symmetric encryption to make secure forgotten password links that stop functioning after use. You will also use ActionMailer to email the link to the user’s address of record. Read the rest of this entry »
Ruby on Rails seems to be driving more and more toward RESTful programming. However, my search for ideas on how to make a truly RESTful authentication system came up pretty dry. I either found systems that were not as RESTful as I wanted or far to complex then I deemed necessary. As such, I gave some thought on how to make my own.
The result was creating a very simple, flexible and RESTful system. By seeing how I made it, you will also learn more about RESTful programming, understand how to use it within Rails and experience how it keeps your code base lean and clean. Read the rest of this entry »
PGP, or Pretty Good Privacy, is a commonly used and very secure encryption program using public key cryptography. Through PGP, you can encrypt information such as messages, documents and files in a manner so that only the recipient can decrypt and open them.
The goal of this tutorial is to get you up and running with PGP through terminal and familiar with its operation. Read the rest of this entry »