Comments for SecurityWire Blog http://blog.securitywire.com Computer and Network Security, Penetration Testing, Vulnerability Research, Cryptography and more! Wed, 20 Jan 2010 20:44:02 +0000 http://wordpress.org/?v=2.9.1 hourly 1 Comment on Randomizing your MAC addresses on boot with macchanger by haakneus http://blog.securitywire.com/2009/09/20/randomizing-your-mac-addresses-on-boot-with-macchanger/comment-page-1/#comment-727 haakneus Wed, 20 Jan 2010 20:44:02 +0000 http://blog.securitywire.com/?p=92#comment-727 Hi, I used your script and it works great, thank you for posting. There is only one nasty thing. I've a wlan0 wireless network adapter in my system. After a reboot the wlan0 gets an random mac. BUT... after a airmon-ng start wlan0, the now made mon0 interface has the original hard-coded mac of the wlan0 interface. eaks.... there goes my privacy... off course you can fix this with the macchanger tool, but it does not work by it self with monitoring virtual network adapters. Cheers! Haakneus Hi, I used your script and it works great, thank you for posting. There is only one nasty thing. I’ve a wlan0 wireless network adapter in my system. After a reboot the wlan0 gets an random mac. BUT… after a airmon-ng start wlan0, the now made mon0 interface has the original hard-coded mac of the wlan0 interface. eaks…. there goes my privacy… off course you can fix this with the macchanger tool, but it does not work by it self with monitoring virtual network adapters. Cheers! Haakneus

]]> Comment on Storing sensitive information using public key encryption in PHP by localcents http://blog.securitywire.com/2009/07/17/rsa-public-key-encryption-in-php/comment-page-1/#comment-725 localcents Thu, 14 Jan 2010 04:14:28 +0000 http://blog.securitywire.com/?p=1#comment-725 Personally, I find phpseclib's Crypt_RSA better: http://phpseclib.sourceforge.net/ It's supposed to support PKCS#1 v2.1 whereas OpenSSL only supports PKCS#1 v1.5. As such, where OpenSSL doesn't support multi-prime RSA or OAEP padding, phpseclib does. Personally, I find phpseclib’s Crypt_RSA better:

http://phpseclib.sourceforge.net/

It’s supposed to support PKCS#1 v2.1 whereas OpenSSL only supports PKCS#1 v1.5. As such, where OpenSSL doesn’t support multi-prime RSA or OAEP padding, phpseclib does.

]]> Comment on Having Fun with SSLStrip by ThaMainMan http://blog.securitywire.com/2009/11/25/having-fun-with-sslstrip/comment-page-1/#comment-694 ThaMainMan Thu, 03 Dec 2009 15:47:51 +0000 http://blog.securitywire.com/?p=99#comment-694 Awesome... It worked for me on the live distro only, I have a VM where I installed BT to the HD and I was getting permission errors trying to do step 2 but on the live distro it worked like a charm!! Awesome… It worked for me on the live distro only, I have a VM where I installed BT to the HD and I was getting permission errors trying to do step 2 but on the live distro it worked like a charm!!

]]> Comment on Storing sensitive information using public key encryption in PHP by cchamberland http://blog.securitywire.com/2009/07/17/rsa-public-key-encryption-in-php/comment-page-1/#comment-46 cchamberland Thu, 10 Sep 2009 03:13:46 +0000 http://blog.securitywire.com/?p=1#comment-46 Your decrypt is fine, however your problem is that you have reversed your base64 encoding and encryption in your encrypt function. First, you need to encrypt then base64 encode in your encrypt function; that should fix your problem. Let me know if that doesn't work, i may have sobered up by the time you read this lol :) Your decrypt is fine, however your problem is that you have reversed your base64 encoding and encryption in your encrypt function. First, you need to encrypt then base64 encode in your encrypt function; that should fix your problem. Let me know if that doesn’t work, i may have sobered up by the time you read this lol :)

]]> Comment on Storing sensitive information using public key encryption in PHP by adriaan http://blog.securitywire.com/2009/07/17/rsa-public-key-encryption-in-php/comment-page-1/#comment-45 adriaan Wed, 09 Sep 2009 03:34:46 +0000 http://blog.securitywire.com/?p=1#comment-45 I created the following code: ############################################ function EnCrypt($dataStr) { $cert = "public.pem"; $fp = fopen($cert,"r"); $pub_key = fread($fp,8192); fclose($fp); $publickey = openssl_pkey_get_public ($pub_key); openssl_public_encrypt($dataStr, $output, $publickey); return $output; } function DeCrypt($dataStr) { $cert = "private.pem"; $pass = "?????????"; $fp = fopen($cert,"r"); $priv_key = fread($fp,8192); fclose($fp); $privatekey = openssl_pkey_get_private ($priv_key, $pass); openssl_private_decrypt($dataStr, $output, $privatekey); return $output; } ############################################ This works. But when I add the base64, so I can save the encrypted data to a database, my result from DeCrypt is an empty string. here is the code that doesnt work: ############################################ function EnCrypt($dataStr) { $cert = "public.pem"; $fp = fopen($cert,"r"); $pub_key = fread($fp,8192); fclose($fp); $publickey = openssl_pkey_get_public ($pub_key); openssl_public_encrypt(base64_encode($dataStr), $output, $publickey); return $output; } function DeCrypt($dataStr) { $cert = "private.pem"; $pass = "4dr144r0n"; $fp = fopen($cert,"r"); $priv_key = fread($fp,8192); fclose($fp); $privatekey = openssl_pkey_get_private ($priv_key, $pass); openssl_private_decrypt(base64_decode($dataStr), $output, $privatekey); return $output; } ############################################ What am I doing wrong? I created the following code:

############################################

function EnCrypt($dataStr) {
$cert = “public.pem”;
$fp = fopen($cert,”r”);
$pub_key = fread($fp,8192);
fclose($fp);
$publickey = openssl_pkey_get_public ($pub_key);
openssl_public_encrypt($dataStr, $output, $publickey);
return $output;
}

function DeCrypt($dataStr) {
$cert = “private.pem”;
$pass = “?????????”;
$fp = fopen($cert,”r”);
$priv_key = fread($fp,8192);
fclose($fp);
$privatekey = openssl_pkey_get_private ($priv_key, $pass);
openssl_private_decrypt($dataStr, $output, $privatekey);
return $output;
}
############################################
This works.

But when I add the base64, so I can save the encrypted data to a database, my result from DeCrypt is an empty string.

here is the code that doesnt work:
############################################
function EnCrypt($dataStr) {
$cert = “public.pem”;
$fp = fopen($cert,”r”);
$pub_key = fread($fp,8192);
fclose($fp);
$publickey = openssl_pkey_get_public ($pub_key);
openssl_public_encrypt(base64_encode($dataStr), $output, $publickey);
return $output;
}

function DeCrypt($dataStr) {
$cert = “private.pem”;
$pass = “4dr144r0n”;
$fp = fopen($cert,”r”);
$priv_key = fread($fp,8192);
fclose($fp);
$privatekey = openssl_pkey_get_private ($priv_key, $pass);
openssl_private_decrypt(base64_decode($dataStr), $output, $privatekey);
return $output;
}
############################################

What am I doing wrong?

]]> Comment on Storing sensitive information using public key encryption in PHP by C Chamberland http://blog.securitywire.com/2009/07/17/rsa-public-key-encryption-in-php/comment-page-1/#comment-3 C Chamberland Wed, 22 Jul 2009 19:56:10 +0000 http://blog.securitywire.com/?p=1#comment-3 I found this helpful, and the decrypting a little difficult at first. There were no good examples on decrypting so here's my input. I had base64 encoded my data to store in my database, hence the "Base64_decode" on my $dataStr: ################################################################### function DeCrypt($dataStr) { $cert = "private.pem"; $pass = "passphrase"; $fp=fopen($cert,"r"); $priv_key=fread($fp,8192); fclose($fp); $res = openssl_get_privatekey($priv_key,$pass); openssl_private_decrypt(base64_decode($dataStr),$newsource,$res); return $newsource; } #################################################################### I found this helpful, and the decrypting a little difficult at first. There were no good examples on decrypting so here’s my input. I had base64 encoded my data to store in my database, hence the “Base64_decode” on my $dataStr:

###################################################################
function DeCrypt($dataStr) {

$cert = “private.pem”;
$pass = “passphrase”;

$fp=fopen($cert,”r”);
$priv_key=fread($fp,8192);
fclose($fp);
$res = openssl_get_privatekey($priv_key,$pass);

openssl_private_decrypt(base64_decode($dataStr),$newsource,$res);
return $newsource;

}
####################################################################

]]> Comment on Storing sensitive information using public key encryption in PHP by Twitted by cioa http://blog.securitywire.com/2009/07/17/rsa-public-key-encryption-in-php/comment-page-1/#comment-2 Twitted by cioa Sat, 18 Jul 2009 21:17:43 +0000 http://blog.securitywire.com/?p=1#comment-2 [...] This post was Twitted by cioa [...] [...] This post was Twitted by cioa [...]

]]>