The hash function you're most likely to use routinely is SHA-1. Invented by the National Security Agency, it's been around since 1995. Recently, though, there have been some pretty impressive cryptanalytic attacks against the algorithm. The best attack is barely on the edge of feasibility, and not effective against all applications of SHA-1. But there's an old saying inside the NSA: "Attacks always get better; they never get worse." It's past time to abandon SHA-1.You can read the rest of his essay from Wired here at his blog.
Saturday, February 10, 2007
This is the information I've been waiting for - NIST is going to have a competion for a new secure hashing standard. For a year or so there has been information that the SHA-1 hash has been 'broken', I have been waiting for Bruce Schneier's take on the issue:
Secure Remote Filesystems
Accessing files on remote systems can sometimes be a big pain in the ass (BPITA). You can use Samba to mount filesystems, but that means setting up a Samba server on the remote system and being susceptible to security problems. There is an alternative, called SSHfs that uses SSH to mount the remote filesystem as if it were a local directory.
In Ubuntu it is easy to get working:
Unmount the remote filesystem using the unmount command:
In Ubuntu it is easy to get working:
sudo apt-get install sshfsNow your remote account's files are accessible right there on the local system, via a secure link. This works for the MAC as well, if you install MACfuse and Secure Remote Disk.
sudo joe /etc/modules
Add fuse on a line by itself
sudo modprobe fuse (only needed to get it loaded now)
sudo gpasswd -a username fuse
newgrp fuse
mkdir ./mnt/remote
sshfs user@remote.system: ./mnt/remote/
Unmount the remote filesystem using the unmount command:
fusermount -u ./mnt/remoteThis is better than Samba because you are using secure link to transfer the data, it is less complicated and therefore less likely to be compromised than Samba. Building on top of things that do 'just 1 thing' is the Unix way and is a large part of why Unix systems and programming practices are more secure and more flexible than those you see with primarily GUI centric systems.
wxPython
Back in July I wrote that I had settled on pyGTK as the cross-platform development tool for me. Well, I've change my mind a little. With pyGTK you don't get the native 'look-and-feel' on other systems like Windows and MAC. This isn't a problem for me, but for normal users it makes the program appear amateur. Good news, though! The wxWidgets project provides a cross platform C++ environment that uses the native widgets for each platform. And, there is a python project, wxPython, that integrates nicely with it.
So, now I can develop cross platform applications, using my favorite language (Python) and they will look like native applications, keeping the natives happy.
So, now I can develop cross platform applications, using my favorite language (Python) and they will look like native applications, keeping the natives happy.
Subscribe to:
Comments (Atom)
