Jan 15, 2015 Tag: Security

About Security

Will be updated as needed.

Updated on Jun 12, 2016

Navigate this page:

Known Weaknesses

Passwords

General

  • Famous xkcd strip: http://xkcd.com/936/: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”

Human Factors

➜ kannweg

Randomness

Entropy:

  • haveged - A simple entropy daemon

  • Intel RdRand Instruction

  • Debian or Unbuntu package ‘rng-tools’:

    ➜  ~ dpkg --status rng-tools
    Package: rng-tools
    Status: install ok installed
    Priority: optional
    Section: utils
    Installed-Size: 135
    Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
    Architecture: amd64
    Version: 4-0ubuntu2.1
    Replaces: intel-rng-tools
    Provides: intel-rng-tools
    Depends: libc6 (>= 2.14), libgcrypt11 (>= 1.4.5), udev (>= 0.053) | makedev (>= 2.3.1-77)
    Conflicts: intel-rng-tools
    Conffiles:
     /etc/default/rng-tools 80e82742d3612fbcc5b2fe28d9be198e
     /etc/init.d/rng-tools 364c92343bbad3c2b6c7f080c0abe322
     /etc/logcheck/violations.ignore.d/rng-tools 7c9474cbf0b1317efd82ce1cce1c1648
     /etc/logcheck/ignore.d.server/rng-tools 7c9474cbf0b1317efd82ce1cce1c1648
    Description: Daemon to use a Hardware TRNG
     The rngd daemon acts as a bridge between a Hardware TRNG (true random number
     generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
     PRNG (pseudo-random number generator).
     .
     It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
     tests to verify that it is indeed random, and feeds the random data to the
     kernel entropy pool.
     .
     This increases the bandwidth of the /dev/random device, from a source that
     does not depend on outside activity.  It may also improve the quality
     (entropy) of the randomness of /dev/random.
     .
     A TRNG kernel module such as hw_random, or some other source of true
     entropy that is accessible as a device or fifo, is required to use this
     package.
     .
     This is an unofficial version of rng-tools which has been extensively
     modified to add multithreading and a lot of new functionality.
    Original-Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
    

Story

Openvpn

Data Security, Backups

Keywords: rsync, dirvish, unison, rsnapshot

Safe Systems

  • https://de.wikipedia.org/wiki/OpenBSD

    OpenBSD ist ein Betriebssystem aus der Gruppe der Unix-Derivate, das unter der BSD-Lizenz frei verfügbar ist. Es wurde 1995 durch Theo de Raadt von NetBSD, dem ersten 386BSD-basierten quelloffenen Betriebssystem, abgespalten. OpenBSD ist bekannt für das Beharren seiner Entwickler auf Quelloffenheit, freier Dokumentation, kompromissloser Stellung gegenüber Software-Lizenzen, Fokus auf Sicherheit und Korrektheit von Quelltext. Beim Maskottchen des Projekts handelt es sich um Puffy, einen Kugelfisch.

Comments

comments powered by Disqus

Previous topic

About Sailing

Next topic

About TYPO3 Flexible Content Elements (FCE)

Tags

Archives

Languages

Recent Posts

This Page