Programming :: Libgrypt And Symmetric Block Cipher?
May 1, 2011
i have a program which have to encrypt data by using a symmetric block cipher with cbc encryption mode . it seems, that the IN data length must be a multiple of the cipher block length. is there a possibility to advice libgrypt to do the padding of the IN buffer automatically or must i do this manually? in case of manual padding: what is the recommended strategy to perform high security? fill with zeros or random numbers
I am having difficulties setting up Symmetric NAT through iptables.
First things first: "A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host."
Need: I am working on a SIP application and SIP apps face a problem with NATed networks. STUN is a solution to such a problem and my SIP application has an embedded STUN client functionality.
Scenario and Technical Details: 192.168.0.200 +-----------------+ | ClientA - My IP | +-----------------+ | |GW: | eth0 eth1 (example public IP address) | 192.168.0.1 | 123.123.123.123 +-------------|-------------+ | NAT1 | +-------------|-------------+ | | | stun.1und1.de | +---------------------------+ | STUN Server | +---------------------------+
I am using WinSTUN, which requires a STUN Server address (such as the one I specified above) to return my type of NAT. What I need to achieve is Symmetric NAT through iptables, on the GW server, only on my IP address (192.168.0.200). I don't want it to affect the whole network. I am running CentOS release 5.4 (Final), and iptables v1.4.10
I am having difficulties setting up Symmetric NAT through iptables and I hope you can help me with this issue. First things first: "A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port.If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host."
Need: I am working on a SIP application and SIP apps face a problem with NATed networks. STUN is a solution to such a problem and my SIP application has an embedded STUN client functionality. Scenario and Technical Details:
I just upgraded to Fedora 13, with emacs 23.1. Now when I edit a .gpg (encrypted) file, emacs doesn't cache the passphrase, so when I save the file emacs demands that I repeat the passphrase twice.Previously, the following line in .emacs made it cache the passphrase:
Code:
(setq epa-file-cache-passphrase-for-symmetric-encryption t) This is supposed to work, according to the documentation [URL], but in Fedora 13 emacs it seems to have stopped working.
I'm trying to figure out why Apache is ignoring SSL Cipher statements when placed inside a Virtual Host. Specifically I'm trying to disable SSLv2 and only allow SSLv3 or TLSv1
In httpd-ssl.conf I have the following
Code:
And when I try and connect, I get the expected results.
Quote:
In my virtual host statement I have
Code:
The only difference between the two is the httpd-ssl.conf has -ALL in the CIPHER, and the virtual host entry has ALL. However if I try and change the ALL statement in the virtual host entry to -ALL I get the following error in my logs & get no content.
Quote:
Why it's not working in the virtual host statement? Unfortunately as many of you are probably aware it's impossible to gain PCI certification with SSLv2 enabled.
How do you find what typs of crypto ciphers are supported.? I've dumped out /proc/crypto, which lists out a bunch of types, but none of the names listed seem to work. So far I have only got a couple types to work, the default(when I don't supply cryptsetup any cipher type) aes-cbc-plain and aes-ecb.
Since I don't even see aes-cbc-plain in /proc/crypto
I have had for a test installed Feodora but was so silly checking the box for encryption the HD. Now I tested all for removing Feodora (no data anymore on the disc) but even the test unlocking this from my ubuntu system failed with the following error:Error unlocking device: cryptsetup exited with exit code 251: Command failed: Failed to setup dm-crypt key mapping.Check kernel for support for the aes-xts-plain64 cipher spec and verify that /dev/sdb2 contains at least 508 sectorsI installed some encryption packages in the meantime - but non was helpful.Would some kind person - who understands this better than I - please provide the detailed steps needed to mount and unlock the encrypted Feodora installed hard disc. Maybe one of you know which packege I have to install.
I've been using pdfTk to encrypt PDFs for distribution to unsophisticated users (that is, users without PGP keys or the will to get one). RC4 encryption, although reasonably adequate for my use, is relatively insecure. I would be more comfortable with AES. Have any gnu tools emerged that implement AES within a PDF container?
I had a pretty much standard installation according to some tutorial (I don't remember, which one) for courier, including ssl. After upgrading from Wheezy (7) to Jessie (8) everything continued working fine, excep ssl connections to pop or imap.
In the log I get this error message while connecting to imapd-ssl:
--- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 341 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
TLS over STARTTLS is also not working and does not invoke a log-entry. So I want to solve the ssl-problem first. I guess the STARTTLS-problem is automatically solved then.
My update procedure was:
Editing /etc/apt/sources.listapt-get updateapt-get upgradeapt-get dist-upgradeKeep all configuration files regarding courier.
I tried to get a block of lines in awk, but unfortunately it returns output of one line only. I don't state the code here, because it's too short and too poor. What exactly I wanted to do: from file "/boot/grub/menu.lst" get blocks of lines, starting by title and ending by Now I have just
I have one password text file: username<tab>password, I want to wrote any bash script to check if certain user exist at this file, if did exist print out the password. I get stocked at password value to AWK if block:
#!/bin/bash FILE="$1" if [ ! -e "$FILE" ] then
[code]....
it not work , but if I change toassword=$(awk < $FILE -F\t '{ if (test $1=="JIMMY2") print $2;}') it works, anything wrong $1==$user_name? $FILE is the password file, -F\t is use tab as delimiter.
How do you go about getting the raw size of a block device under Linux from within a C program? And I mean the raw size of the block device itself, not a file system that may or may not be installed on it. And I'd like to be able to get the raw size of any block device, from hard drives (e.g., /dev/sda) to LVM partitions (/dev/mapper/vg0-home) to loop devices to anything else that is a Linux block device.
I'm setting up a machine that's going to be used to test randomly connected tape drives one at a time, and as such, I'm writing the test routine using mt in a bash script, for user-friendliness. The problem is the block device name changes on occasion as tape drives are swapped out and busses are rescanned, so I can't "hard code" a block name into the script.
I know programs like lsscsi and hwinfo will give you block device names as part of their output, but I can't seem to grep anything in such a way as to have the final output be just the block name (ie /dev/st2, or optimally 'st2'), so that I can just have the script read said output, and drop it into the necessary variable.
I have a write call to a ttyACM serial device that blocks after several hundreds bytes are written.I'm writing in ~25 byte chunks, so I have 5-8 successful writes, then the next write blocks forever.I can bypass the blocked call using select, but I can never call write again without closing and re-opening the port.
The serial port is opened correctly because I can read from it just fine. Write permissions are correct, and it's opened RW.The code is likely correct because I tested the same code using the same device on a pure RS-232 serial port, and it worked fine - no block. Is there anything to know about the linux ACM module?It's my understanding that write calls basically shouldn't block.They're supposed to return -1 if there's an error.
What I want to do is from a file having block like
<event> 8 3 0.2685416E-02 2 -1 0 21 -1 0
[code]...
The first line after the "<event>" is its process-id, so I would like to have at the end a summary of how many "event" block I have for each type, ie how many
6 1 0.2685416E-02
or how many
7 2 0.2685416E-02
etc etc
I do not know in advance how many different-kind of block I will have, so it has to be a bit smart to scan the file, and make an new "summary" info for each unique type I was using something like
I want to know how much CPU time spent on CODE_BLOCK. Since the process executing CODE_BLOCK may be preempted during execution, this CPU time may not be equal to the (wall-clock) time elapsed from the beginning of CODE_BLOCK to the end of it.
I have a clump of text that needs to be broke up:gdbm Sat 07 Feb 2009 03:28:18 AM EST libattr Sat 07 Feb 2009 03:28:18 AM EST db4 Sat 07 Feb 2009 03:28:19 AM EST mktemp Sat 07 Feb 2009 03:28:19 AM EST keyutils Sat 07 Feb 2009 03:28:20 AM EST pcre Sat 07 Feb 2009 03:28:21 AM EST setserial Sat 07 Feb 2009 03:28:24 AM EST zlib Sat 07 Feb 2009 03:28:24 AM EST gawk Sat 07 Feb 2009 03:28:25 AM EST readline Sat 07 Feb 2009 03:28:26 AM EST rhpl Sat 07 Feb 2009 03:28:28 AM EST cracklib-dicts Sat 07 Feb 2009 03:28:37 AM EST setools Sat 07 Feb 2009 03:28:37 AM EST hal Sat 07 Feb 2009 03:28:38 AM EST which Sat 07 Feb 2009 03:28:39 AM EST Is there a way to get everything after the EDT in the text to be moved to a new line?
In one of our core dump we have the followings in the core back trace:
#0 0xb77bf947 in raise () from /lib/tls/libc.so.6 #1 0xb77c10c9 in abort () from /lib/tls/libc.so.6 #2 0xb77f56ba in __fsetlocking () from /lib/tls/libc.so.6 #3 0xb77fcf7f in mallopt () from /lib/tls/libc.so.6 #4 0xb77fd022 in free () from /lib/tls/libc.so.6
It occurred in a memory block free operation. From our analysis, there seems no issue relate the the memory block it self. The memory pointer pointed to the right memory block to be freed and the contents of the memory seems right (not corrupted), in one world, there is nothing obviously wrong. Does any one have any ideas what could be wrong when seeing about?
I am going to create a parent process and fork a child process from it. I want to write a code in such a way that whenever my child process end it must indicate that the child process is terminated by a signal or not. This code must be written in the parent process block.
In 10.04 I was using the following commands to mount an encrypted disk image:
Code: sudo losetup -f Which tells what loop back device block is available Then I'd type:
Code: sudo losetup -e aes /dev/loop0 /home/user/crypt.img and then enter the device's password
Code: sudo mount -t ext4 /dev/loop0 /media/crypt I've tried this in 10.10 and it hasn't been working (I can't remember if I did anything in 10.04 to make it work). I've installed the loop-aes-utils package and restarted my machine. Every time I try the 2nd step, after entering the password I get: Code: ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel
Just installed Debian 8 last night and trying to run one a few of my scripts that use easygui (a front-end for python-tk basically) and I keep getting alloc: invalid block any time a file or folder selection dialog is presented. I'm able to select a file/folder with no issues, but once the dialog closes I get a variation of what appears to be a memory error followed by alloc: invalid block.
Here's one of my scripts that does it. This one pops up a file selection dialog pretty early on to ask for a file to check, and as soon as I select any file the dialog closes and that error appears in the terminal. It happens whether I run it with Python 2 or Python 3. You will need to install python3-easygui for this script to run properly if you want to check for yourself what happens. This is a first time encountering this error for me.
algorithm:breada input: file system block number for immediate read file system block number for asynchronous read output:buffer containing data for immediate read { if(first block not in cache) { get buffer for first block if(buffer data not valid) initiate disk read } if(second block not in cache) { get buffer for second block) if(buffer data valid) //line 1 release buffer else initiate disk read //line 2 } if(first block was originally in cache) //line 3 { read first block return buffer } sleep (event first buffer contains valid data) return buffer }
Here is an algorithm for block read algorithm. I have problem in line 1: If buffer data is valid why is it releasing the buffer? line 2: If buffer data valid why is it initiating disk read. It should have read directly from buffer? line 3: It should be the first condition as if it is there in cache then it should return it without delay?
