The best way to read the RubyDES source code if you are new to the DES, is to first familiarize yourself with the algorithm. The best way to do so is read the DES wikipedia page and FIPS 46. You will also notice that the variable and constant names are quite terse (e.g. IP, E, PC_2, r, k). This was on purpose, as I wanted to stay true to the technical specs of the DES so that reading through a DES explanation with the RubyDES source code will allow you to follow along.

To checkout RubyDES, go on over to the github page. Also, feel free to send over any comments or suggestions (or even better, fork it and let me know when to pull).

If you have been using any Debian distro (which includes Ubuntu) to generate SSL or SSH key material, check your version of OpenSSL. If you have 0.9.8c-1 or later, then you are affected.

Also keep in mind, any signatures made by compromised keys should be considered untrusted. As such, once you generate your new keys, you should notify anyone who you have acted as a signatory, and resign with your new material.

Read the official announcement from the Debian team here. There is also a Slashdot discussion you can take part in here too.

pub   1024D/338E2A73 2008-02-13 [expires: 2008-05-13]
      Key fingerprint = 72F8 3AD5 3991 B39B BD83  6090 B92D 78F6 338E 2A73
sub   2048g/55484828 2008-02-13 [expires: 2008-05-13]

If you wish to continue communicating with me securely, please use the following DSA/ELG public key, which you can fetch from publickey.robertsosinski.com or receive from pgp.mit.edu.

pub   1024D/03EE59A3 2008-05-05 [expires: 2011-05-05]
      Key fingerprint = CEFC D32D A0F0 8F02 3EE4  AD55 2B31 0C88 03EE 59A3
sub   4096g/720D8A7D 2008-05-05 [expires: 2011-05-05]

You can then verify this and all subsequent keys with my RSA signature key, which you can fetch from signaturekey.robertsosinski.com or receive from pgp.mit.edu.

pub   4096R/9BAE307E 2008-05-05
      Key fingerprint = A098 B838 28C1 F021 4984  E6B4 7397 56A7 9BAE 307E

From now on, I will supersede my DSA/ELG public key every 3 years, as well as whenever I deem necessary. In order to maintain continuity between any keys I make (for either professional or personal use), I will sign them with my RSA signature key.

I will only sign keys, not message data, with my RSA signature key in order to limit the amount of text associated with it. If you would like me to sign your key with my RSA signature key, please call or email me to setup a face-to-face meeting to do so.

In this tutorial, you will use symmetric encryption to make secure forgotten password links that stop functioning after use. You will also use ActionMailer to email the link to the user’s address of record. (more…)

The result was creating a very simple, flexible and RESTful system. By seeing how I made it, you will also learn more about RESTful programming, understand how to use it within Rails and experience how it keeps your code base lean and clean. (more…)

The goal of this tutorial is to get you up and running with PGP through terminal and familiar with its operation. (more…)

EC2 works on the idea of server instances. You start with building one instance, which only costs 10 cents per hour of operation. An instance acts just like a dedicated machine, with full root access and the ability to install any software you choose. Each instance also comes with some pretty competitive system specs including:

• 1.7 Ghz Xeon CPU
• 1.75 GB of RAM
• 160 GB of local storage
• 250 MB/s network interface

If your first instance gets some heavy traffic, EC2 can build another one automatically for another 10 cents an hour. Turnkey infrastructure has never been better. (more…)