« March 2005 | Main | May 2005 »
April 27, 2005
Bernstein v. United States
http://en.wikipedia.org/wiki/Daniel_J._Bernstein
Bernstein brought the court case Bernstein v. United States and later represented himself in court despite having no formal training as a lawyer. As a result of the ruling in that case, software was declared protected speech under the First Amendment and national restrictions on encryption software were overturned.
An admirable guy. Also a cryptography expert.
Posted by Roy at 04:18 PM | Comments (0)
April 24, 2005
SSH and Cygwin, cont.
OK, Cygwin seems to have some bugs in its utility mkpasswd.
Although my current user is in my desktop machine's Administrators group, when I run mkpasswd -d -u wh5a > /etc/passwd, the gid is always set to that of Domain Users.
So I have to edit the passwd file by myself, and change the gid to that of Administrators.
Posted by Roy at 03:31 PM | Comments (0)
April 23, 2005
Some notes on setting up ssh
The previous post is about Cygwin-specific sshd setup.
Now let's talk about some general ideas. (Maybe wrong though.)
Basically, ssh supports two kind of log in methods.
One is like traditional telnet, which prompts users to input user name and passwd. The improvement is that all the information is encrypted using the server's public key. (When you first log onto a machine, the ssh client will ask you if you trust it, and will record its public key in known_hosts later on.) However this method is vulnerable to man-in-the-middle attack.
Another way is to not send passwd at all. But I guess this is also vulnerable if your connection is eavedropped at the first time. In this way the server will challenge the client with client's public key. Only client has its private key and thus be able to respond to the challenge. To enable automatic login, see the links below. You may also choose to input a passwd, which is called "passphrase".
http://www.csua.berkeley.edu/ssh-howto.html
http://www.chinaitlab.com/www/news/article_show.asp?id=6390
http://www.chinaitlab.com/www/news/article_show.asp?id=7241
If you also want to log in automatically using SecureCRT, you may have it generate a pair of keys for you, and upload the public key to the server. You must note that SecureCRT uses a different format of key from that used by OpenSSH. But OpenSSH can convert it to the acceptable format.
http://archive.erdelynet.com/ssh-l/2001-07/msg00007.php
I still have some problems with cygwin. Let's reboot the system and see what happens.
BTW, cygwin has a utility to generate the keys in one step. The command is called ssh-user-config.
Posted by Roy at 10:11 PM | Comments (0)
CygWin, SSH, Java...
If you want to install an SSH server without installing CygWin, try http://sshwindows.sourceforge.net/. If I remembered correctly, the instructions are quite straightforward to follow.
Today I'm trying to make sshd on Cygwin work. Maybe the program had a little conflict with the one without cygwin that I installed before, I had some problems when I tried to set it up.
As a lesson, you should RTFM carefully, especially when you're running something you're not familiar with. So it's quite useful to skim over the User's Guide of Cygwin. But that is a very general doc, so if you want to set up any specific packages, be sure to read the doc under /usr/share/doc/Cygwin/, since they've usually made some changes to the original packages.
Besides the doc delivered with cygwin, I found http://ncyoung.com/entry/389 also very useful.
A formal way to run servers is using cygrunsrv -S xxx to start a service, and -E xxx to end one. Although you can also run /usr/sbin/sshd to start it.
The basic steps to set up sshd under Cygwin are:
1. mkgroup (-l for local, -d for domain) >> /etc/group
2. mkpasswd (-l for local, -d for domain) -u username >> ../etc/passwd
These two steps add the user information into the Unix style config file. If you want to log in as some user, you need to add in information for that user, and he must be in Admin group.
3. ssh-host-config
4. to test your server, use sshd -d -d -d to show verbose debug msg.
In order to run java under cygwin, you may install JSE for windows, and it will also work under cygwin. But you must take some special care for the CLASSPATH environment variable. Because JSE is actually a windows program, it won't understand the path you set under Cygwin. You can solve it by adding this to your .bash_profile:
export CLASSPATH=~/cs771/cup:.:~/cs771/assign10
if [ $CYGWIN ]
then
export CLASSPATH=`cygpath -wp $CLASSPATH`
fi
But this way doesn't work for ssh because when you log into an ssh server running under Cygwin, the CYGWIN variable isn't set. We can use other variables instead, such as $WINDIR.
Posted by Roy at 02:50 PM | Comments (0)
April 19, 2005
AES compromised?
What a big news!
I need to check it out later.
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Posted by Roy at 02:20 PM | Comments (0)
April 14, 2005
水木快挂了吧
为期近一月的抗争似乎终于要结束了。南大小百合早已毅然决然辞世,水木则在层层围困中负隅顽抗,心存侥幸。翰海则早已是个阉人,无所谓死与活了。
水木昨天突然down机,然后现在居然可以telnet上了,并在公告中显示如下:
由于技术故障,系统进入维护状态,目前仅提供telnet方式访问。
由此给用户带来不便,敬请各位谅解,感谢大家支持。
恢复了吧?you say。错了,进去以后似乎一切如常,但是任何版面都无法进入。
并有人转贴一则公告如下:
发信人: ai (内部测试), 信区: sysop
标 题: [公告]BBS水木清华站务委员会公告
发信站: BBS 水木清华站 (Thu Apr 14 13:13:15 2005), 站内
【 以下文字转载自 Announce 讨论区 】
发信人: SYSOP (System Operator), 信区: Announce
标 题: [公告]BBS水木清华站务委员会公告
发信站: BBS 水木清华站 (Thu Apr 14 13:13:12 2005), 站内
鉴于现水木清华服务器已经不由我们掌握,我们不再能保证用户的一切数据、资料的
安全,请大家自行注意安全与备份。所有个人发表的文章各人都自己拥有版权,所有个人
的资料各人都拥有隐私权,如果无法清理,被其他人备份,可以和有关部门联系要求清理。
水木清华站务委员会成员一直团结在一起,但是我们无法与暴力和强权抗衡,辜负了
大家的期望。
但是我们依然承诺会给大家重新提供一个可以信任、安全可靠、好朋友们在一起的我
们自己的家园。
|水| 站务总管 |站| 系统维护: czz flyriver stiger windinsn
|木| |务|
|清| chenx |委|
|清| chenx |委|
|华| KCN |员| 站务管理: ai bird0 fishbyc llwin LtNing
|站| wanggordon|会| Menphis passed vivas yeting
BBS水木清华站站务委员会
2005年 4月14日
终于,世界第一大封闭式大学将要崛起了。所谓 秀才造反,三年不成,古人诚不我欺也。
Posted by Roy at 11:36 AM | Comments (0)
April 13, 2005
Some or any?
http://www.geocities.com/SiliconValley/2527/qualexplanation.html
Also includes some explanation for some other grammar issues.
Posted by Roy at 07:03 PM | Comments (0)