#qi-hardware IRC log for Tuesday, 2016-04-19

DocScrutinizer05apropos server... how's your new one? living up to expectations?02:05
Action: DocScrutinizer05 also idly wonders why his own server stopped sending logwatch mails02:06
DocScrutinizer05hmmm 181-171-244-190.fibertel.com.ar is bruteforcing my server02:14
whitequarkkyak: huh, I was really wrong, it seems https://crypto.stackexchange.com/questions/3952/is-it-possible-to-obtain-aes-128-key-from-a-known-ciphertext-plaintext-pair02:51
azkayEnded up getting a (blurry) trinket anyway; i.imgur.com/Cms2udy.jpg03:22
wpwrakDocScrutinizer05: server is working fine so far. i'm just missing some bits of config info from the old one before i can properly set it up. seems they forgot to complete the setup :(03:59
DocScrutinizer05who forgot to setup? hetzner?04:00
wpwrakDocScrutinizer05: (181-171-244-190.fibertel.com.ar) that doens't look like me :)04:00
wpwrakno, amhosting04:00
DocScrutinizer05no, that's not you04:00
DocScrutinizer05:-)04:00
DocScrutinizer05Hetzner vServers have the advantage that moving the VM to another working iron should be a matter of less than 5 seconds04:01
wpwrakwhitequark: that sounds a lot more in line with what i expected :)04:01
whitequarkyeah, I'm not sure where I got that04:02
wpwrakDocScrutinizer05: yup, the big feature of VMs :)04:03
whitequarkwell, the VMs which can do online migration, which is not all of them04:05
whitequarkbut yeah. online migration is very neat.04:06
DocScrutinizer05I bet Hetzner using something commercial grade decent for their company virtualization solution04:08
DocScrutinizer05and for sure you/they can start those snapshots you can do now, on any other iron04:09
DocScrutinizer05also only takes a minute04:09
DocScrutinizer05heck, it took less than 10 minutes (prolly even <5) from *ordering* that server to ready-for-login04:10
DocScrutinizer05another 2 minutes for restore of a on-site "tape" backup04:11
DocScrutinizer05done04:11
DocScrutinizer05(if only there was a decent generic server migration restore script)04:12
DocScrutinizer05all those nasty little files in /etc that are actaully iron-specific04:13
DocScrutinizer05"iron", like IP addr etc pp04:14
DocScrutinizer05I wish somebody had written a script to exclude them from getting overwritten during restore04:15
whitequarkDocScrutinizer05: commercial grade?04:21
whitequarkhah04:21
whitequarkcan you do `dmesg | grep -i xen` ?04:21
DocScrutinizer05in a VM?04:22
whitequarkyes04:22
DocScrutinizer05would be surprised to find anything like that04:23
whitequarktry it04:23
whitequarkyou may be surprised04:23
DocScrutinizer05no, I'm not. Zilch04:23
whitequarkah04:24
whitequarkit's KVM04:24
whitequarknot Xen04:24
DocScrutinizer05afaik Hetzner using vmware04:24
DocScrutinizer05the enterbrise solution04:24
whitequarkdoes kvm also not grep in dmesg?04:25
whitequarkhmm, might be vmware, yeah. been a while since i cared about that host04:25
DocScrutinizer05vsphere or similar stuff prolly04:28
kyakwhitequark: yep, i've already read it yesterday.. There is one interesting thing though. It turns out that when knowing plaintext and being able to modify ciphertext, it is possible to inject arbitrary data into every second block of ciphertext04:39
kyakthis has nothing to do with what i originally asked, but just an interesting fact that i came across while reading04:40
kyaki'm talking about AES-CBC04:40
kyakand i also understand larsc's comment regarding pinguin :)04:40
kyakit also turns out that IV doesn't really matter 04:41
kyakif you don't know IV, but know the key, you will loose just the first block04:41
kyakand this first block is sometimes filled with random data, so that the IV doesn't matter anyway04:42
kyakthe main purpose of IV is to make the same plaintext look different every time you encrypt it (wasn't obvious for me)04:42
kyakso "salt it!" doesn't help with encryption by itself04:43
kyakit just makes pinguins go away :)04:43
Action: DocScrutinizer05 wants to see the pinguin too04:46
wpwrakkyak: hmm, i wonder how these modes you're talking about work, if they really have the properties you describe04:50
wpwrakone common pattern works as follows: you use the crypto algo to produce a "one-time pad", a unique bitstring. then you xor the plaintext with the OPT. that is you cyphertext.04:52
wpwrakto reverse, you generate the same OPT, and XOR again.04:52
wpwrakeven if your algorithm works completely differently, you can always express it in such a way04:53
wpwraknow, the interesting bit is thus how you generate that OTP. a common design pattern there would be a function that does some variation of hash(key, "salt", position) or hash(key, "salt", last_state)04:56
DocScrutinizer05wpwrak: is your mail working again?04:58
wpwrakonly gmail04:58
whitequarkkyak: yes, malleability04:58
whitequarkthat's why you need authenticated encryption04:59
whitequarkand why you need to authenticate *after* encrypting04:59
wpwrakideally, you'd ensure key integrity right at the start, e.g., by including an (unencrypted) good hash (CRC or such, something efficient) of the key :)05:04
wpwrakworks best of keys come from a relatively small vocabulary, e.g., human-readable words, not random bits or hashed passphrases :)05:05
wpwrak(this sort of things has actually been done ;-)05:06
kyakwpwrak: yes, the key word is malleability as whitequark pointed out.. http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/05:15
kyakthere is a picture in the article in the wiki as well that explains how AES-CBC decryptions works and how this attack becomes possible05:16
kyakDocScrutinizer05: the pinguin: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_.28ECB.2905:20
wpwrakhmm, i was hoping for whitequark to jump up and shout. but maybe he got a stroke instead :) just to be clear: the CRC stuff i described above would be rather horrible, for it would allow you to brute-force the password much more efficiently than by trying to decrypt the data and checking the integrity of the decrypted message05:23
wpwraklikewise, it's a bad idea to have an unencrypted checksum of the plaintext05:24
wpwrakDocScrutinizer05: evil sysadmin idea of the day: for /etc file, create some FUSE config file processor that you mount on /etc very early during boot. then let that one make substitutions. e.g., /etc/hostname -> <$HOST$>  /etc/hosts 127.0.0.1 <$HOST$>.<$DOMAIN$> localhost   etc.07:34
wpwrakthen all you need is /evil-sysadmin.conf07:34
wpwrakhmm, debugging TLS in postfix sucks. it has a nice logging option .. that seems to be far too familiar with the works of schroedinger07:54
whitequarkwpwrak: I was afk08:02
wpwrakDocScrutinizer05: bonus idea, for the evil sysadmin: make file names that expand as well. e.g., /etc/foo/<$HOST$>.conf09:19
wpwrakaccess to /etc/foo/bar.conf would first try /etc/foo/bar.conf, then scan /etc/foo/ for expandable names and look for a match, then try /etc, etc. if it expands a dirname, add the remaining path and try again09:21
wpwrakprobably should allow climbing above the first expansion, though that may mess a bit with the user's head :)09:22
wpwrakgrrr. ssmtp proudly supports "AuthMethod" to set the SMTP authentication method. the server offers PLAIN and LOGIN. ssmtp always chooses LOGIN, no matter what i try.14:29
wpwrakturns out it doesn't support PLAIN at all. plus, it doesn't check that AuthMethod has any value it actually supports. very funny :(14:30
wpwraknew server is processing mail :) so far, everything looks healthy22:44
MistahDarcyNanoNote 2, where are you?23:30
--- Wed Apr 20 201600:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!