OpenPGP Standard RFC 4880, not really a Linux Question, but as may be using GnuPG on Linux I thought I would ask here
The Modification Detection Code Packet is defined to use SHA-1, even though it does state in section 13.11. that this can be altered, and gives example methods. However this would cause interoperability, (q1)so I assume there is no standard method of doing this??
- How much of a threat do you believe this to be? Even though the SHA-1 hash is encrypted within the symmetrically encrypted integrity protected data packet.
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
I've made OpenPGP keys using gpg 1.4.9.I have a public key and a sub key.And a passphrase.I can distribute the pub key. What is sub key? Can I distribute sub key?I think the phasephrase is the private key. Right ? (in the RSA Algorithm)?Where to use the Secure Shell Key? And why to distribute it?
I've just started learning how to use kismet and aircrack. I'm sniffing my own network to see how vulnerable it is. I'm using aireplay to inject packets, but the number of packets per second in airodump is only about 30 to 50. Is there something that can speed this up a little more? Shouldn't it be able to go faster than this? It's going to take forever to collect at least 300,000 IVs for a 64 WEP key let alone the amount needed for 128 WEP.
wireless card intel iwl3945. Everything works great except for the extremely slow speed of gathering IVs. Also, how can I monitor my network? If someone was using aircrack on me and sending packets, how could I observe that? What should I Google?
So, the NSA puts out some handy documentation on locking down a RHEL server (running centos 5.6 x64 myself) here, [url]. Under "Ensure System is Not Acting as a Network Sniffer" on page 63, it says that if any numbers below the first line in /proc/net/packet, that it is acting as a network sniffer.
I get the following output:
Code:
Unless I've been pwned, I don't know exactly what could be causing this. Besides samba, nmap (compiled from source, not from yum), screen, and rtorrent, there's nothing I've installed beyond the fresh install I did a few days ago. I was not running nmap when looking at /proc/net/packet.
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com (20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received. (20:27:14) oscar: unable to connect to FLAP server of type 0x0002 (20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
I am trying to add a OpenPGP key for launchpad. It said to use this command.
Code: gpg --fingerprint When I use that command nothing shows.
Next I clicked on the the How to get the fingerprint. It said to go into Passwords and Encryption Keys. Then the My Personal Keys tab. I have nothing there. What should I do to get something there?
To import your OpenPGP key into Launchpad, you first need the key's fingerprint.
Note: You must ensure your key is in the Ubuntu keyserver before you try to add it to Launchpad.
Retrieving the key in Ubuntu
The easiest way to generate a new OpenPGP key in Ubuntu is to use the Passwords and Encryption Keys tool. If you are using Ubuntu 10.04 or an earlier version, it is located at Applications > Accessories > Passwords and Encryption Keys. In Ubuntu 10.10 and later versions, it is located at System > Preferences > Passwords and Encryption Keys.
Step 1 Open Passwords and Encryption Keys.
Step 2 Select the My Personal Keys tab, select your key and open the property window by pressing Space Bar or double clicking with your pointer. Select the Details tab of the property window.
Step 3 Select the Fingerprint text (the ten blocks of numbers and letter). Copy the text by pressing the Ctrl+c keys together.
Highlight and copy only the numeric fingerprint: 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72 in the example above.
so i followed these instructions, and there was nothing in my "personal keys", same for the command. so my question is how do i get the fingerprint to be able to register my key in launchpad?
I'm having a problem installing Tor. I've installed it successfully a few times before thanks the excellent guide at: [URL] The error I'm having is when I request the gpg key:
Code:
ocean@ubuntu:~$ gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg: requesting key 886DDD89 from hkp server keys.gnupg.net
Then after quite a delay all I get now (instead of "OK") is:
Code:
gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
I was just having some trouble getting an OpenPHP Key on Ubuntu Server. The link from Launchpad said, "go to applications..." but I'm not using a desktop environment, so I had to go to [URL] to learn how. Basically it boiled down to this:
I am looking to be able to encrypt using OpenPGP certain outgoing emails on my linux server. Currently I have GPG setup with a public key, however encryption outgoing emails prooved to be harded.After a bit of research I have found GNU Anubis which acts as a middlemad between the MUA and the MTA, by encrypting emails before they reach my MTA (Sendmail)However I am having a bit of problem with the configuration of bind and remote-mta, as specified by anubis.I have the sendmail service running on port 25 and I want to leave it there, but I have configured my php.ini SMTP port to 24. So it runs through port 24 first and anubis then forwards the emails via remote-mta to port 25Here are my anubis configs:
With all those set, I can't seem to get the basic modication of emails to work. (trying to change a certain subject to something else, just to see that anubis is working). However emails are still working with port 24 as the SMTP port.
is there anyone who checked your downloaded file against the provided key? i have successfully downloaded the Fedora-12-i386-DVD.iso several times, but the SHA1 is not the one in Fedora-12-i386-CHECKSUM is there anyone who has the same problem? the SHA1 i calculated is: 0dc8ed436f0b44874454a379e8de5ad057c0115d
also, performance is an issue for me, since i need to get the info out of 10m files (approx 6TB), so commands like find are preferred and less iterations among commands would be great too.
I am trying to install bugzila on CentOS release 5.5. In that process I have to install perl package Digest::SHA. I did it through yum (Doesnt seems to be recognized by cpan and bugzila)
I am not sure why cpan and bugzila are not recognizing the module and where is the mistake. I am unable to interpret why make file is having problem in cpan Can any one throw some light on what exactly is going wrong with my install
There are md5 and/or sha1 checksum files for the CentOS 5.5 ISO files, e.g. "part 1 of X". However there is no checksum for the combined ISO file. I believe we can check the media at boot time, but it would be nice to have a checksum for the combined ISO's and not just the individual pieces. Any file system should do an error free copy, but there is always the possibility of a copy not happening correctly. Is there any official source for the checksum files I'm looking for? There are sums for CentOS-5.5-x86_64-bin-DVD-1of2.iso and 2of2.iso but nothing for CentOS-5.5-x86_64-bin-DVD.iso.
x86_64 media and their sha1sums are: 0c27f508728f6a96f50e4201cd770fe9e57af3e2 CentOS-5.5-x86_64-bin-1of8.iso ff57db0cf9af9bfc65471f49444ea92cdc238347 CentOS-5.5-x86_64-bin-2of8.iso 0faf38976fbf4053180a25f7535d66b084092059 CentOS-5.5-x86_64-bin-3of8.iso b097bf9b747f2d16da00ff29f1e0d40b523b0a55 CentOS-5.5-x86_64-bin-4of8.iso f1179ec875c0b4792e56f660493e82f0aff5e0f3 CentOS-5.5-x86_64-bin-5of8.iso 009892c8de408dc091e5a96b4a4ab213f2d5fe17 CentOS-5.5-x86_64-bin-6of8.iso 9660e63bd06a68ce94fe98defae1a0806ab834ae CentOS-5.5-x86_64-bin-7of8.iso 80c74ca2622b9aee3621a13a0cf6dbdc7743b4ee CentOS-5.5-x86_64-bin-8of8.iso a85d7cd41f49f2146177dae52163d5dca276efc2 CentOS-5.5-x86_64-bin-DVD-1of2.iso bb9a2c140170f10ed854541004539890ef7c68c8 CentOS-5.5-x86_64-bin-DVD-2of2.iso 3a04aa81ef75f329bf245a8c4f02af8137a84fb8 CentOS-5.5-x86_64-LiveCD.iso 231af7ca726557634a1f4d4f57436aab5a75f3b4 CentOS-5.5-x86_64-netinstall.iso
The MD5 sum I get is: ; SlavaSoft Optimizing Checksum Utility - fsum 2.52.00337 ; Generated on 01/01/11 at 10:54:56 ; 9b0d108cb3a80a9ce1eb9c3bcde0aceb *CentOS-5.5-x86_64-bin-DVD.iso
The SHA1 sum I get is: ; SlavaSoft Optimizing Checksum Utility - fsum 2.52.00337 ; Generated on 01/01/11 at 11:12:17 ; 40d11a8901a6af0c295a284b17dcdb66a83dc070 ?SHA1*CentOS-5.5-x86_64-bin-DVD.iso
I've been trying to find out which jabber/XMPP clients out there automatically sign messages with openpgp you send but documentation on that has been spotty. Could you tell me a. if you know any clients that can easily sign and encrypt all outgoing messages and b. should I worry if a client is only able to sign presence and not messages?
it is about the program sha1sum to create SHA1-hashes. As you probably know, SHA1-Hashes do have the length 20 byte. So when I just type:
Code: sha1sum myfile
it produces an output of
Code: (some20byte) myfile
just as it should. Now I want to store the 20byte hash in another file, I use this command:
Code: sha1sum myfile | awk "{print $1}" >> myhash
Unfortunately I'm not familiar with awk, but this should cut off the end of the sha1sum output, which is the name of the file again. The problem here is: The newly created file myhash has the size 41 bytes, and printing it out I can see that it is not the original hash (I wrote a little program to print it bytewise).
This is installed and I get this error. I am attempting to install razor-agents 2.84 and get this error along with: Warning: prerequisite URI::Escape 0 not found.
Both of these were install in CPAN. When I attempt to install them again, they say they are up to date.
I have recently upgraded a computer from Wheezy to Jessie, and I'm having trouble getting an internet connection shared via Ethernet by another computer (the provider) to work on it.I have activated the interface of the Jessie computer and configured a static IP on it in the same subnetwork as the provider's ethernet interface with the following commands:
Code: Select all# ip addr add 192.168.123.201/24 dev eth0 # ip link set up dev eth0
I now would like to set the address of the provider as the default route with Code: Select all# ip route add default via 192.168.123.100 dev eth0, but I get the following error message: Code: Select allRTNETLINK answers: File exists.
Indeed, when I run Code: Select all# ip route, the following comes up:
Code: Select alldefault dev eth0 scope link
I've tried to remove this default route to replace it with mine with Code: Select all# ip route flush table main and Code: Select all# ip route del default but these commands don't seem to work.
I have to do a .deb packet which will be placed in the repositories of the company.When this packet is installed, it only have to copy a plain text archive i've wrote before, to a path where it's being installed.The other requisite is that it have to watch if there's a program (vim) installed, if it's not installed, then the packet i have created shouldn't install.example:
# ls /home/loopin (as we see, this directory is empty) # apt-get install mypacket ...
I am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command:
The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED.
I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network.
I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed.
My question is about the raw MX reply package structure. I've read the RFC and all relevant pages I could find, but I couldn't figure this one out. Say we do a google.com MX query.
The first answer (just the rdata part) will be: google.com.s9b2.psmtb.com But in the raw package, instead of the .com, you have c0 13. Then for the second answer, google.com.s9b1.psmtb.com, the raw package has, instead of psmtb.com, just c0 3a. So is the part after c0 a pointer towards another part of the message? Or what does it stand for exactly? I am puzzled by it, and don't know exactly where to ask... some of the networking people here might have a good idea.
