Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Previous Page

Wildcarddnsd is in production again

December 8th, 2013

After a long pause of more than a year, I've enabled wildcarddnsd on americas.centroid.eu. It is master to a bind9 (moon.virgostar.net) and an nsd3 (io.solarscale.de) nameserver. I was able to do this change due to wildcarddnsd's shared memory which didn't work on a freebsd jail.

Anyhow I only did a few mistakes moving the zones over and perhaps I should write a bind9 zones convert tool to wildcarddnsd zones.


Merkle's puzzles not to defeat

December 4th, 2013

But to stall/delay/cost the adversary..

On chapter 2, page 34 of Applied Cryptography by Bruce Schneier, which is a rather old text I found the gem of Merkle's puzzles. Ralph Merkle is renowned in the cryptography scene for finding out about these puzzles. While I don't want to go into explaining the puzzle, I do think that they can offer some protection when RSA assymetric encryption fails. Pretend there is a quantum computer able to break assymetric encryption. What I have done is implemented a Merkle's puzzle server that I'll be using to connect to my vps. The server creates a tunnel that is SHA1 HMAC'ed and AES-256-CBC encrypted. While this may seem enough, it's not. I still ssh within this tunnel but it does require some effort to get to the assymetric encryption.

jupiter$ ls -1 *.c
mps.c			- creates the gigabytefile of encrypted messages
mpsclient.c		- uses a cracked message to talk to the server
mpscrack.c		- cracks a message in the gigabyte file
mpsd.c			- talks to the client to set up the encrypted tunnel
I'll be setting up a system to distribute over ssh the gigabytefile so that I can crack a message at home with it and from there use mpsclient to connect to the server.

I'm debating whether I should open source this. Give it time perhaps I will.


Americas is now OpenBSD

December 3rd, 2013

I have taken the new americas into "production" so to speak. It is serving all kinds of things and I'm currently developing software to make it even "safer" :-).


Wildcarddnsd BETA 8 has been released

November 19th, 2013

This is a small release for wildcarddnsd. We have new debug feature and support for Raspberry Pi. It is a small release because I have dwindling time this year due to my job and there is little to no help coming from the outside. I welcome each and every person who wants to program on this daemon.


Sent Brad Smith 10 Euros

November 18th, 2013

A call on the undeadly openbsd journal was answered by me. I sent Brad Smith 10 euros for his new laptop. If 100 people do similar he'll be able to buy his new beast. Of course this is for the greater good! Brad lives in Toronto where I used to live for 7 years once, so this is from one (ex-)Torontonian to the next.


My first OpenBSD vps

November 17th, 2013

I have decided to switch plans on my Panama VPS americas.centroid.eu. I now have the option to run OpenBSD on it and I'm going to go for it.

I'm looking forward to IPSEC encrypting from io.solarscale.de and moon.virgostar.net to americas.centroid.eu. I have already set up strongswan on io and moon and americas was lacking this functionality but now it'll work. This should keep me busy until new years :-).


Ordered a new book

November 15th, 2013

I have ordered...

  • Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends - Jan-Piet Mens
I do hope this is worth having. This brings my orders for this year to 15 which I hoped to achieve, perhaps I'll order one or two more books but then that's it. I gotta read these too!


Slow Communication (ttldaemon.c)

November 11th, 2013

I have written a small daemon that changes the outgoing TTL on a FreeBSD host. It's a covert steganographic channel. When a bit is set the TTL is 65 and when it's 0 the TTL is 64. On the receiving end of a ping then perhaps you can make out the bits of a message:

jupiter$ ping -i 10 io.solarscale.de
PING io.solarscale.de ( 56 data bytes
64 bytes from icmp_seq=0 ttl=53 time=15.691 ms
64 bytes from icmp_seq=1 ttl=53 time=16.608 ms
64 bytes from icmp_seq=2 ttl=54 time=14.907 ms
64 bytes from icmp_seq=3 ttl=54 time=15.247 ms
64 bytes from icmp_seq=4 ttl=53 time=15.183 ms
64 bytes from icmp_seq=5 ttl=53 time=16.017 ms
64 bytes from icmp_seq=6 ttl=53 time=16.465 ms
64 bytes from icmp_seq=7 ttl=54 time=15.134 ms
64 bytes from icmp_seq=8 ttl=53 time=18.659 ms
64 bytes from icmp_seq=9 ttl=53 time=15.542 ms
64 bytes from icmp_seq=10 ttl=54 time=15.176 ms
64 bytes from icmp_seq=11 ttl=54 time=16.411 ms
64 bytes from icmp_seq=12 ttl=53 time=15.418 ms
64 bytes from icmp_seq=13 ttl=54 time=15.438 ms
64 bytes from icmp_seq=14 ttl=53 time=15.388 ms
64 bytes from icmp_seq=15 ttl=53 time=15.918 ms
64 bytes from icmp_seq=16 ttl=53 time=15.306 ms
64 bytes from icmp_seq=17 ttl=53 time=15.347 ms
Notice how the TTL changes here. If it's 54 then the original TTL was 65, so 1 bit. So what was gathered here was 001100010011010000. Eventually I'd like to write a client to record this. But I'm gonna cheat for now and give you the source code.

I just give greetings and peace wishes but with a bit of coding it could be changed to something very creative!


What's happening here?

November 11th, 2013

I think the medias need to step back a bit. We all know that the US is spying on us but we don't need to be spoon-fed the paranoia. It's causing illogical decisions (firewalled europe anyone?) on parts of big powerful corporations who see opportunity to take away everyones freedom. Let's get off this paranoid horses back! I love freedom personally.


talk(1) patch to display timestamps

November 9th, 2013

I have written a small patch to talk(1) as found in FreeBSD (yes for a change!) to display timestamps when someone wrote a line. It's a little buggy but it works.

Thanks goes to Dylan who I've been talk(1)ing with and gave me the idea.


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS