Featured Posts

Apple Mail Encryption with GPGMail and OpenPGP I've dabbled with encryption several times over the past few decades, never really getting serious about it.  It started when, in college, I would see that the faculty...

Read more

1Password on Ubuntu 11.10 (Oneiric) First, I apologize for being off-the-grid for so long.  I recently started working for a new company and am deep in the throes of the start-up life.  I started working...

Read more

BuddyPress -- Pages failing to load (404) I was going insane working on a buddypress install for our intranet's tech-blog because every page I attempted to load into Wordpress following the Buddypress install...

Read more

BuddyPress -- Pages failing to load (404) I was going insane working on a buddypress install for our intranet's tech-blog because every page I attempted to load into Wordpress following the Buddypress install...

Read more

Renaming mongodb Columns Today I was putzing around in the geo-spatial collection when I noticed that I had an unhappy over one of the column names within the collection. In the mySQL world,...

Read more

Subscribe

Upcoming Project…

Posted by : Micheal Shallop Posted on : 25-11-2010
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Category : Announcements, Site, Technical

Tags: , , , , , , ,

No Gravatar

I’ve got a project I’m going to start over the weekend.  I’ll try to document it as thoroughly as possible because I think it’s (a) a cool project and (b) someone else may learn from it.

Here’s what’s happening.  I currently have four desktop systems:

  1. 27″ iMac i7 (main work machine)
  2. Windows Vista Box – fairly powerful – previous work machine – has been “off” for about 6 months.
  3. Windows Vista Box #2 – Sarah’s machine.  Slower box.  HP Mini Desktop.
  4. Linux server custom built but incredibly old.

My plan is:

  1. to retire the Linux server, this being the second such linux box I’ve retired in the last 16 years — so there’s a ton of data on it that needs to be backed-up and migrated over to what will become the new linux server.
  2. Save Sarah’s data on the HP mini-desktop over to my old Vista box via the network.
  3. Wipe Sarah’s box and install centOS hardened.
  4. Transfer my data from the old custom box to the new CentOS box.
  5. Retire the old custom box by reformatting it with Ubuntu.
  6. Configure the Linux box with a dedicated IP.
  7. Get Sarah’s box restored and running on the network.

Start plan 2 of the project:

  1. Install Asterisk on the Linux server and configure it as a VOIP switch.
  2. Install soft SIP clients.
  3. Install kfone over the SIP clients.
  4. Test for proof of concept.

That’s the summary – commentary and encouragement welcomed!

Don't miss a single post! Subscribe to my RSS feed
  • Press My Buttons !
  • Stumble upon
  • Delicious
  • sphinn
  • regit
  • Technorati
  • Twitter
  • Facebook
  • Mixx
  • Google
  • Yahoo
Posted by : Micheal Shallop | Leave a Comment |

Let’s Talk TrueCrypt – Part 3

Posted by : Micheal Shallop Posted on : 14-11-2010
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Category : Technical

Tags: , , , , ,

No Gravatar

This session, we’re going to wrap things up with TrueCrypt.  If you’ve not read the first two posts, you should go back and do so now, just so you’re caught-up with the rest of us.

USB, or key drives, are cheap and prices are always dropping.  One of the things I’ve noticed is that they’re often given away for free as promotional gifts.  Currently, I have a 256Mb USB drive inserted into my hub.  Now 256Mb isn’t large enough to entice someone to buy one at the local store, but if it’s free, I can put it to use as a TrueCrypt container.

We’ll format the entire drive as a single TrueCrypt device and when we mount it to the local file system, we’ll need to supply our password before the operating system can see and access the files stored on the device.

For this example, we’re going to create a volume within a partition or drive.  Select that option from the first dialog box using the TrueCrypt Volume Creation Wizard and click the [Next] button.

We’re going to make a Standard TrueCrypt volume – so select this option and click the [Next] button.

Next, select the USB device as the Volume Location.  What you see when you click [Select Device] can be a little intimidating. Since you’re USB device (should already be) is plugged-in, and it was the last device to be mounted, scroll down to the bottom of the list.  On my machine, I saw something that looked like this:

/dev/rdisk5:     243 MB
/dev/rdisk5s1   242 MB  /Volumes/MY DATA

When I look in My Computer (Windows) or on my desktop (Mac), I see the USB drive mounted as the volume named “MY DATA” — I clicked on /dev/rdisk5s1 to use the entire partition as my new TrueCrypt volume and then clicked the [Next] button.  (I left the checkbox marked “Next Save History” checked.)

Please make sure that you have the correct device checked.  Note the warning that TrueCrypt displays:

WARNING: Note that the partition/device will be formatted and all data currently stored on it will be lost.

(Aside:  that should really be in red lettering or something…)  If you have data on the device you want to save, alt-tab to a finder window and copy the data off to another location.  When you’re ready, click the [Next] button.

(Aside:  TrueCrypt won’t let you encrypt the entire partition of a USB stick unless you nuke the device first.  So, we’re going to use the existing partition to create a TrueCrypt filesystem within it.

Another warning pops telling you that you’re about to nuke the device.  Gleefully, mind you, click yes.

Now we get to the familiar dialog where we select the encryption and hashing options.  I’m not going to delve deeply into this topic because it was covered in the second part of this series.  However, one thing you should consider is that there is overhead involved with encryption.

First, this encryption is software based.  That means that stuff that’s written to, and read from, your device has to pass through the TrueCrypt processors to be (de)encrypted.  This takes CPU cycles.  The more CPU cycles required, the slower your read/writes to your device are going to be.  The more levels of encryption you have, and you can have up to three, the more CPU power you’re using.  Keep this in mind when you’re using a USB 1.0 device as opposed to a Solid-State Hard Drive.

Here’s another way to look at it.

Remember when you were a kid and you played with ciphers?  Everyone did.  The simplest ciphers were substitution ciphers where you’d substitute A=1, B=2, C=3 and so on.  As your ciphers gained in complexity, you realized you could substitute one letter for another.  Some newspapers carried these on the crossword page.  Really complex ciphers, like the ones used in TrueCrypt involve lots of complex mathematical calculations.  (Go back to one of the previous articles and click on the link to the wikipedia page that explains the working (math) of the cipher.)

Now, the random-number used to start the cipher is generated by the hashing algorithm that we also select in this dialog box.  Just to make things really super-random.  Because. if you think about, the one thing a computer isn’t, is random.  Randomness simply doesn’t happen in a computer.  So us computer scientists have to simulate randomness and one of the ways to get that started is with the hash.

Ok, so, remember that we’re going to substitute one letter for another (keeping it simple here…don’t nerd rage) .. the hash tells us positionally where to start.  The hash generates the first cipher start point and whatever we’re writing gets encrypted using the algorithm we’ve selected and then the data-bits are passed back to the operating system (Windows,  Linux, Mac, etc.) to be passed off to the device driver to be written to your device.  Reading something, the opposite happens.

If you use three levels of encryption, this process has to repeat itself three times.  (The part that happens in the TrueCrypt software, not the part about the read-writes and stuff.)  Depending on how much money you’ve poured into your machine, and what device you’re writing too will determine how long this will take.

For most of us, it will be instantaneous and you shouldn’t worry about it.  But I thought a nice explanation would help you understand why if suddenly you saw the SPOD (Mac: Spinning Pinwheel of Death) or the Hourglass (Windows) and things became generally unresponsive for a bit.

Anyway, pick your hashing and encryption algorithms and click [Next].

Password time.  Pick something you’ll remember and click [Next].  Oh, and using a sharpie to write the password down on the device is not recommended.

Pick your filesystem type.  If you choose (FAT) then you’re device will be readable across all common operating systems.  If you’re only going to use it on a Mac, then choose the Mac filesystem option.  Don’t click quick format.  Let the TrueCrypt format the entire volume.  Click [Next] to continue…

In the next screen, randomize your hash seed my jiggling the mouse about in the window.  Click [Format] when you’re tired of watching impossibly large numbers dance about.

One last OMG! warning message – click [Yes] to format…

My archaic 256Mb USB stick formatted itself at about 5.3 MB/s — which meant it took me about 55 seconds.  I got the success message, and clicked [OK].

Now, before I mount the stick, I unplugged it, and re-inserted.  I get this pop-up from my OS:

The Disk you inserted was not readable by this computer.

With the options to [Initialize] [Ignore] or [Eject].  I click on Ignore.

What’s going on here?

Well, the entire disk has been encrypted so I need TrueCrypt to mount it as a filesystem so that I can copy files to and from the device.

I go back to the TrueCrypt window and click on [Select Device] and scroll down to where I see my device listed.  It now has no name where before it was called MY DATA by my operating system.  I click [OK] to select the device and return back to the main TrueCrypt window where I next click on the [Mount] button to mount the device so that it’s readable by my computer.

I’m challenged to provide a password — which I do…and the device is mounted on my desktop as “NO NAME”.  I can now open the device and read and write files to it, knowing those files will be stored safely in an encrypted format.

In closing this series, let’s talk about your files stored.  We created two types of volumes — one was a container within a container that required two passwords.  The not-so-secret password offered access to the first level of encrypted files while the second password offered access to the container-within-a-container password.

The second type of device we used was a USB stick were we encrypted the entire file system requiring a password for it to be mounted (visible) to your desktop.  Without the password, or without TrueCrypt for that matter, the disk is unreadable by the operating system even though we formatted it using the FAT filesystem – the most common filesystem and one readable by all operating systems.

When you get down to the platter level (see the first article), data is written is long sequences of 1′s and 0′s.  The number of 1′s and 0′s read in at one time define the size of the operating system’s capacity to process a “word’s” worth of data.  My computer is a 64-bit operating system so when it read’s a “word” from the hard drive, it read’s in 64 1′s and 0′s.  (Actually, it reads in a heckuva lot more than that, but that’s for another day.)

If someone found your USB stick and was able to somehow mount it to their filesystem and access it, then the only thing that they would see would be random data.  That is, 1′s and 0′s stored in a pattern that does not conform to a compliant access method used by today’s systems.

Your take-away is this — at the physical layer, there is absolutely no way to discriminate between random data and encrypted data.  Well, there is, but it’s going to require really, really big computers normally only found in government agencies somewhere on the east coast to figure out what stored on your little USB stick.

This concludes this tutorial.  For more reading, the folks at TrueCrypt have provided excellent documentation on their product.  The software is free for a variety of operating systems, but they will accept your donations to the project.

Don't miss a single post! Subscribe to my RSS feed
  • Press My Buttons !
  • Stumble upon
  • Delicious
  • sphinn
  • regit
  • Technorati
  • Twitter
  • Facebook
  • Mixx
  • Google
  • Yahoo
Posted by : Micheal Shallop | Leave a Comment |

Let’s Talk TrueCrypt – Part 2

Posted by : Micheal Shallop Posted on : 11-11-2010
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Category : Technical

Tags: , , , ,

No Gravatar

In our last session about TrueCrypt, we discussed what it was, as a product, and some of the features offered by the software.

In today’s topic, we’re going to go a little more practical and do some work with encrypted files.

Our overall goal is to create a file container which has not one, but two encrypted volumes residing within it.  Remember last session, how we talked about “plausible deniability“?  Well, this article is where we’ll put it into practice.

So, we want to create a file on a some sort of disk volume.  It doesn’t matter what type of media we use.  This could be your local hard drive, a USB key drive, a drive on your local network, or a drive out on the cloud.  All that matters is that your operating system is capable of “seeing” the file itself.

The process is simple – we’re going to create a container “file” for the encrypted volumes.  This file defines the size of the disk space available for storing encrypted files.  In other words, if you need to store a 200Mb file, creating a container volume of 100Mb will be insufficient.  (You can’t put something that’s larger than the object you’re trying to put it into to.  Not yet, anyway….)

For my example, I’ve chosen a volume on my Dropbox account so that my data is available to me on any machine where I have both the Dropbox and TrueCrypt clients installed.  Accounts are free and they offer 2Gb of storage.  Getcha summadat.

While you’re doing that we’re going to talk about files and how TrueCrypt organizes files and how data is stored on physically on the platter.

At the physical layer on a traditional hard-disk drive platter, data is referred to as “magnetic media”.  This is because, at the microscopic level, you have a slab of iron that’s aligned a particular way.  If this slab of microscopic iron is aligned one way, you have a “1″, the other way, a “0″.  Read-in enough of these 1′s and 0′s and you have a data stream.  How the data is tracked on the physical partition is not in the scope of this article (and should already know something about this anyway), but suffice to say that if you organized your 1′s and 0′s into, say, header blocks and data blocks, then it’d be possible to associate the data stream into something meaningful.

However, data by itself, without organization just looks random.  Without knowing how data is organized physically, there’s nothing to distinguish meaningful data from random-appearing data.  And this is the concept I want you to keep in-mind when we get to the part about plausible deniability, ok?

Using TrueCrypt, what we’re going to do is create a file by reserving a certain amount of disk space assigned to the file.  You’ll use TrueCrypt to mount the file, as if you were mounting a filesystem – a volume – where you can store files, images, etc.  Then, again using TrueCyrpt, you’re going to contain a second filesystem within the first one.  Depending on which password you provide determines which filesystem gets mounted.

In other words, let’s say you have a USB drive that you carry with you.  On it, you have source-code files for your latest project.  You do not want to lose your source code because it’s worth millions (!) and you’re nearly code-complete on the project you’ve been working on.

However, the Elbonians wants your source code and will stop at nothing to get it!  So, they kidnap you.  And they take your USB drive and plug it into their computer.  But, wait!  Your drive is encrypted with TrueCrypt!  The entire drive is meaningless without the password!  They ask politely for the password and you, of course, refuse.

It’s not until you come under the extreme duress of having a loaded sling-shot placed against your knees that you relent.  You sob convincingly as you blurt the password to the outer filesystem.  The Elbonian hacker types in your password, and, success!  The filesystem mounts, and they see your source code files!  They quickly transfer them to their computer, chucking in a sinister fashion amid much elbow nudging.

However, the Elbonian spymaster is not so easily fooled!    He asks the hacker how large were your files and the hacker pockety-pocks out the answer of 100MB.  The spymaster looks at your USB drive and blinks.  A 2GB USB drive and you only have 100MB used?  Sure, you reply.  Blink.  Blink.

Scan the rest of his drive, he orders the hacker….whir…whir…whir… and…. nothing.  All meaningless random data, reports the hacker.  The spymaster chucks your stick back at you, laughs once, and forces out of the rolling minivan…

See, there really is no difference in appearance between random data, and encrypted data (given a proficient encryption schema).  If, for some reason, someone, against all odds, was able to crack the second (hidden) filesystem and actually access your files, you could always claim plausible deniability because you weren’t aware of the presence of those files.  For all you know, some sophisticated worm on your Windows box (they won’t believe you if you’re using a Mac or a Linux machine) was writing out to the hidden filesystem.

Anyway, I hope you get the points made in that massive rathole we just traveled down.

Let’s get back to the how-to…

Fire up TrueCrypt and let’s create a volume – for demonstrative purposes, we’re going to create a volume on our local hard drive, but you could use TrueCrypt to create a volume anywhere – a USB stick, a network device, even a cloud-mounted device like DropBox.

When you select “Create Volume” the first dialog box that opens asks if you’d like to create either an encrypted file container, or a volume within a partition or drive.  The first option is for inexperienced users, so we’re going to select the that option and click the [Next] button.  (Unless you’d like to reformat one of your existing disk partitions which is the rocky road you’ll head down should you choose that option.)

This dialog asks if you wish to create a standard TrueCrypt volume (eg.: a single volume) or a Hidden TrueCrypt volume – like what we talked about before.  Click on the Hidden TrueCrypt volume option and click the [Next] button.

The next dialog asks us to select a device — this is where the volume will be located physically.  Again, for demonstrative purposes, I’m going to create my volume on my local drive.  Feel free to create yours where ever you like and click the [Next] button to continue.  (Note that you may be asked for your administrator’s password.  Just because you’re using the software doesn’t mean can run amok on another system sucking down their available hard drive space for your nefarious schemes…)

Oh, and it’s a good idea to leave the box “Never save history” checked….

Ok – here’s where we select both the encryption and hashing algorithms.  TrueCrypt offers three types of encryption, in varying combinations.  AES, Serpent and Twofish.  I’ve thoughtfully provided links to the Wikipedia links explaining what each encryption algorithms entail.  What’s interesting is that TrueCrypt allows you to use combinations of the three singly, in pairs, or in triplets.  So, for example, you choose AES-Twofish — this means that this is two ciphers operate in a cascading faction: blocks are first encrypted with Twofish, and then with AES.  Each cipher uses it’s own 256-bit key and all keys are mutually independent on one another.

The hashing algorithm you select at the bottom of the dialog box can be either RIPEMD-160, SHA-512, or Whirlpool.  The hashing algorithm is used by the TrueCrypt random-number-generator as a ‘pseudorandom “mixing” function, and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function.’

Select whichever hashing algorithm you prefer, along with any encryption algorithm and click the [Next] button.

In the next dialog box, choose the size of the outer partition keeping in-mind that the inner partition you’re planning on installing cannot be larger than the outer partition.  Enter in the appropriate number, select the units from the drop-down dialog, and press the [Next] button.

The next dialog asks you for your outer-volume password.  This is the password that you will reveal if coerced into doing so.  You should choose a password that is significantly different from the inner-volume password.  Type the password in twice, leave both option boxes unchecked, and click the [Next] button.

The next dialog asks you to move your mouse randomly within the dialog box to generate a seed for your encryption keys.  When you get tired of watching numbers rip across the dialog, click [Format] to create the outer volume.

Once formatted, you will see an informational screen which (wisely) advises you to place files into the outer volume.  These should probably be files that you don’t mind being discovered, but you would still want to encrypt.  Old tax records, emails, work financials, that sort of thing.  Click [Next] when you’re done with all that.

In this section, we’re going to deal with the Hidden volume.  In my test case, the size of the outer volume was predetermined so it’s asking me to click [Next] to move on.

Doesn’t this dialog look familiar?  This is the same encryption/hashing dialog that you saw to format the outer volume.  This time, we’re going to do the same thing, except we’re going to format the inner volume.  I’d strongly suggest that you choose different encryption and hashing algorithms for the outer volume than what you selected for the inner volume.  Make your selections and click [Next].

In this dialog, choose the size of the inner partition.  I’d recommend about 50% of the entire file size.  If you go larger, it may appear obvious that there’s something else hidden within your file.  Click [Next].

Choose a very strong password.  I’d strongly recommend using 1Password to generate a hideously-long nonsensical string that you’d need 1Password to provide as there’s no way in Hell that you’re going to remember it.  (I’ll talk about 1Password in a follow-up article.)  As before, leave the check boxes alone and click [Next].

Select the filesystem format.  This may vary from OS to OS.  I’m going with FAT.  Click [Next] and then do the mouse-move-random-number thing.  Click [Format] when that bit’s over.

You should see a pop-up that says that the TrueCrypt volume has been successfully created and is now ready for use.  Yay!

In part-3, I’ll wrap all this up and explain the bits and pieces I glazed over.  For now, you know enough to start banging away on your filesystem…

Don't miss a single post! Subscribe to my RSS feed
  • Press My Buttons !
  • Stumble upon
  • Delicious
  • sphinn
  • regit
  • Technorati
  • Twitter
  • Facebook
  • Mixx
  • Google
  • Yahoo
Posted by : Micheal Shallop | Leave a Comment |

Web Services Tutorial Series Recovered!

Posted by : Micheal Shallop Posted on : 01-11-2010
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Category : Announcements, Site

Tags: , , ,

No Gravatar

My old blog, mshallop.wordpress.com, was shut down because they weren’t able to resolve some technical issues I was having displaying code.  Unfortunately, I didn’t think to obtain copies of the articles that I had written before shutting the site down and that, as they say, was that.  They were gone.

Until I started up my wordpress applet on my iPad and I discovered that the applet had locally-saved copies of the articles.  So, despite the “updated” release dates, I re-present the tutorial on enabling Web Services with PHP & nuSoap.

Don't miss a single post! Subscribe to my RSS feed
  • Press My Buttons !
  • Stumble upon
  • Delicious
  • sphinn
  • regit
  • Technorati
  • Twitter
  • Facebook
  • Mixx
  • Google
  • Yahoo
Posted by : Micheal Shallop | Leave a Comment |

Page optimized by WP Minify WordPress Plugin

Weather forecast by WP Wunderground & Denver Snow Plowing