Choosing the right cipher / alias crypto wars part twelve

Choosing the right cipher for your server.

The wanted options:

  • Only 256 bit
  • Only Mac AEAD[1]  since in TLS 1.3 that is only allowed.
  • Kx (Key exchange) and Au (Authentication) PSK (pre-shared key) is not an option for a webserver
  • DSS cipher is for key auth
  • Kx=DH without an EC ( Elliptic curves) is not secure enough
  • Kx=RSA is weak
  • AESCCM is also a Cipher Block Chaining (CBC)
  • Aria is for Secure Real-Time Transport Protocol (SRTP)
  • DHE-RSA-AES256-GCM-SHA384 and DHE-RSA-CHACHA20-POLY1305 have no EC (elliptic curves)
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \
grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \
grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"

The Output

TLS 1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD

TLS 1.2
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

At last POLY over AES for speed, and ECDSA over RSA also for speed.

SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

This was done with the current latest OpenSSL version 1.1.1l

Only for the completeness, GCM is Galois/Counter Mode[2]

 

[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode

Enable hibernate / suspend to disk on Windows 10

I don’t know why, but the admins tend to disable hibernate via group policies from time to time. It is pretty simple to enable, but you need admin permissions.
This script first forces UAC and then enables hibernation.

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------

powercfg.exe /hibernate on

How to extract img src, title and alt from html using php

preg_match_all match the regexp in all the $html string and output everything as
an array in $result. “i” option is used to make it case insensitive

preg_match_all('/<img[^>]+>/i',$html, $result);

print_r($result);

Get the metadata

$img = array();
foreach( $result as $img_tag)
{
preg_match_all('/(alt|title|src)=("[^"]*")/i',$img_tag, $img[$img_tag]);
}

print_r($img);

Here you go.

iptables 101

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

PHP XML tag contains colon

With PHPs’ simple xml functions it is possible to read xml easily. However, that doesn’t work any longer when a tag contains a colon. That tag is simply ignored and can’t be accessed. Often in RSS feeds there is content:encoded.

There is a trick. Instead of using simplexml_load_file use

$feed = file_get_contents($url);
$feed = str_replace("<content:encoded>", "<contentEncoded>", $feed);
$feed = str_replace("</content:encoded>", "</contentEncoded>", $feed);
$xml = simplexml_load_string($feed);

have fun!

McChicken selbstgemacht

Zutaten

Pflanzenöl
1    Ei
1    Tasse Wasser
1    Tasse Mehl
2    Teelöffel Salz
1    Teelöffel Zwiebelpulver
1/4 Teelöffel Pfeffer
1/8 Teelöffel Knoblauch(-Pulver)
4    Hühnerbrust(-Streifen/Fleisch)
4    Sesam-Brötchen (Hamburger-Brötchen)
1    Tasse gehackten Eissalat

 

Die Soße

 

1/4 Tasse Mayonnaise
1/6 Teelöffel Knoblauch(-Pulver)

Beides zusammen geben in einer kleinen Schüssel und kühl stellen. Gut mischen.

Zubereitung

Zuerst das Ei aufschlagen und es dann mit einer Tasse Wasser in einer kleinen, flachen Schüssel gut verrühren. Mehl, Salz, Pfeffer, Zwiebel(-Pulver) sowie das Knoblauchpulver in eine Schüssel. Die Hühnerbrust-Streifen schön flachklopfen. Beide Seiten der Hühnerbrust-Streifen mit der Mehlmischung einreiben. Die Streifen und die Soße dann in den Kühlschrank.
Die Hühnerstreifen 10 bis 12 Minuten frittieren bis sie knusprig und hell-braun sind. Danach können die Brötchen auf dem Backblech leicht anrösten.
Ganz oben auf die “Füllung” kommt ein Esslöffel Mayonnaise. Noch mal kurz in die Mikrowelle.

Big Mac selbst gemacht

Die Soße

1/4 Tasse KRAFT Miracle-Whip
1/4 Tasse Mayonnaise
2    Esslöffel WISHBONE deluxe French Salat-Dressing (Die Orangene)
1/2 Esslöffel HEINZ Süßer Relish
2    Teelöffel VLASIC Dill Gurkengewürz (HEINZ geht auch)
1    Teelöffel Zucker
1    Teelöffel getrocknete, gehackte Zwiebel
1    Teelöffel weißen Essigs
1    Teelöffel Ketchup
1/8 Teelöffel Salz

 

Alle Zutaten sehr gut in einer kleinen Schale mischen. Danach 25 Sekunden in die Mikrowelle und wieder gut umrühren. Abdecken und mindestens 1 Stunde kühlen lassen vor dem Verzehr. 1 Tasse ist genug für ca. 8 Big Macs.

 

Der Burger

1    Sesam-Brötchen (groß)
1    Sesam-Brötchen normal-groß
2    Burger Patties
2    Esslöffel der selbst gemachten Soße
2    Teelöffel Zwiebeln
1    Scheibe Käse
2    Scheiben Essiggurken
1/4 Tasse zerrissener Eissalat

Zubereitung

Die obere Hälfte des normal-großen Sesam-Brötchen kann bei Seite belegen gelegt werden, es wird nur der untere Teil benötigt. Die Sesam-Brötchen werden im Backofen geröstet. Die Patties können jetzt in die Pfanne oder auf den Grill. Nach dem Rösten der Brötchen 1 Esslöffel der Sauce auf jeder Oberseite der gerösteten Hälften geben. Danach den zerrissenen Kopfsalat hinzugeben. Eine dünne Scheibe Käse auf dem Kopfsalat. Auf dem Kopfsalat, der auf der “mittleren” Seite des Big Macs liegt kommen die 2 Scheiben Essiggurken drauf. Sobald die Patties fertig sind, kommen diese mit auf den Burger. Nun den kompletten Burger nun 15 Sekunden in die Mikrowelle bei 600 Watt. Guten Appetit!

Deutsche Anführungszeichen in LateX

Die richtigen Anführungszeichen, nämlich am Anfang unten und am Ende oben.

% Deutsche Anführungszeichen
\let\oldquote'
\newif\ifquoteopen
\catcode`\'=\active
\makeatletter
\DeclareRobustCommand*{'}{%
   \@ifnextchar'{%
     \ifquoteopen
       \global\quoteopenfalse\grqq\expandafter\@gobble
     \else
       \global\quoteopentrue\glqq\expandafter\@gobble
     \fi
   }{\oldquote}%
}
\makeatother

Im Text dann je zwei einfache Anführungszeichen am Anfang und am Ende ”So”

Thai Fried Rice

ingredients

  • 1.5 cups of cooked Jasmine rice cooled (or day old rice works well too)
  • 250g minced beef
  • some green onions
  • ¼ of a big white onion
  • 2 cloves garlic
  • 1 egg
  • ½ tablespoon soy sauce
  • ½ tablespoon oyster sauce
  • Pinch of sugar (optional)
  • 1 tablespoon of oil for frying
  • 5 chilies
  • 3 tablespoons of fish sauce
  • ½ of a lime

instructions

Peel 2 cloves of garlic, and then just finely mince them. Slice ¼ of a sweet white onion into medium sized strips. Finely dice about 3 – 4 green onions.
Turn on your stove to medium high, heat up your wok (or frying pan), and add about 1 tablespoon of oil.
Once your oil is hot, add the garlic first, and stir fry continuously for about 15 seconds or so, until it gets nice and fragrant Next, toss in your minced beef, and fry for about 30 seconds. Add in a little less than ½ of your rice first. This is going to soak up all those
delicious minced beef juices and oils and keep your rice nice and dry. Stir fry for about 10 more seconds – This is a little known trick to make good rice, so it remains nice and dry. Scoot all your rice to one side of the pan, and then crack in the egg into the empty side.
Whirl the egg up, let it cook for a few seconds, and then start to mix it up with the rice and minced beef
Keep stir frying for about 20 seconds until the egg is fully cooked, and then add in the rest of your rice, and give it a quick stir.
Add ½ tablespoon of soy sauce, ½ tablespoon of oyster sauce, just a pinch of sugar (optional), and continue stir frying your rice, making sure all the sauce get mixed in.
Then add your chopped onions, and stir fry for another 30 seconds until the vegetables wilt, but they can still be crisp and not fully cooked
Lastly, toss in your green onions, stir it a few more seconds, and it’s ready to plate.
Slice off a wedge of lime, and serve it on the plate next to the rice. For the final touch, I like to sprinkle some freshly ground black pepper and Chili flakes. Add 3 tablespoons of fish sauce to a small bowl. Slice about 5 Thai chilies (you can add more or less, up to you), and add them to the fish sauce. Finally, I like it with a little squeeze of about ½ of a lime – but this is optional – and at many Thai restaurants it’s only fish sauce and chilies. That’s it, give it a stir, and put on top of your fried rice for extra saltiness

Author Archive

Archives by Month: