This document discusses applied paranoia in securing secrets and privacy. It covers dev practices like encrypting all transports using TLS and public/private keys. It discusses architecture like pinning certificates and using one-time pads. It also discusses UDP encryption using AES-CBC with random IVs. The document advocates justified paranoia for security professionals given frequent privacy breaches.
An introduction to secrecy and privacy in software system design with code examples in Go demonstrating secure transport techniques with https, tcp/tls and encrypted udp.
Implementing Software Machines in Go and CEleanor McHugh
Early draft of a tutorial on techniques for implementing virtual machines and language interpreters. Contains example programs for functional stacks and despatch loops.
Implementing Software Machines in C and GoEleanor McHugh
The next iteration of the talk I gave at Progscon, this introduces examples of Map implementation (useful for caches etc.) and outlines for addition of processor core code in a later talk.
A reworking of my 2010 RubyConf lightning talk introducing Go via a concurrent implementation of MapReduce. This code is probably buggy as hell and the design awful but it's also a reasonably good intro to the full breadth of Go.
An enhanced version of the #codemesh2014 talk on network programming in Go. It covers HTTP, HTTPS, TCP/IP, TCP/IP over TLS, UDP and basic cryptographic functions with AES-CBC and RSA.
An introduction to secrecy and privacy in software system design with code examples in Go demonstrating secure transport techniques with https, tcp/tls and encrypted udp.
Implementing Software Machines in Go and CEleanor McHugh
Early draft of a tutorial on techniques for implementing virtual machines and language interpreters. Contains example programs for functional stacks and despatch loops.
Implementing Software Machines in C and GoEleanor McHugh
The next iteration of the talk I gave at Progscon, this introduces examples of Map implementation (useful for caches etc.) and outlines for addition of processor core code in a later talk.
A reworking of my 2010 RubyConf lightning talk introducing Go via a concurrent implementation of MapReduce. This code is probably buggy as hell and the design awful but it's also a reasonably good intro to the full breadth of Go.
An enhanced version of the #codemesh2014 talk on network programming in Go. It covers HTTP, HTTPS, TCP/IP, TCP/IP over TLS, UDP and basic cryptographic functions with AES-CBC and RSA.
A discussion on the upcoming new features in ES6 and how they change the way we build applications with JavaScript.
Most Notable Upcoming Changes in EcmaScript 6
Classes: Classes are now first-class citizens in ES6. The language offers support for classes ("class" keyword), constructors ("constructor" keyword) and the "extend" keyword for inheritance.
Modules: Modules provide a much needed way to segment and organize JavaScript applications in logical chunks of code. Many frameworks already provide ways to modularize large apps, but standardizing a common module structure will bring a level of interoperability between various JavaScript libraries.
Block Scoping: Scoping in JavaScript can be a confusing topic for programmers coming from more traditional Object-Oriented languages such as Java or C#. There are basically two scopes in JavaScript: global and function. Until now. With the help of the "let" keyword, ES6 enables the definition of block scopes for variables and functions.
Default Parameters: A liked feature of many other languages such as Ruby, the default parameters save endless checking of they've been passed and if they are "undefined".
Enhanced Object Literals: There is now a handy expression for property: property assignments and methods can be defined without the "function" keyword.
Basic NLP concepts and ideas using Python and NLTK framework. Explore NLP prosessing features, compute PMI, see how Python/Nltk can simplify your NLP related task.
A discussion on the upcoming new features in ES6 and how they change the way we build applications with JavaScript.
Most Notable Upcoming Changes in EcmaScript 6
Classes: Classes are now first-class citizens in ES6. The language offers support for classes ("class" keyword), constructors ("constructor" keyword) and the "extend" keyword for inheritance.
Modules: Modules provide a much needed way to segment and organize JavaScript applications in logical chunks of code. Many frameworks already provide ways to modularize large apps, but standardizing a common module structure will bring a level of interoperability between various JavaScript libraries.
Block Scoping: Scoping in JavaScript can be a confusing topic for programmers coming from more traditional Object-Oriented languages such as Java or C#. There are basically two scopes in JavaScript: global and function. Until now. With the help of the "let" keyword, ES6 enables the definition of block scopes for variables and functions.
Default Parameters: A liked feature of many other languages such as Ruby, the default parameters save endless checking of they've been passed and if they are "undefined".
Enhanced Object Literals: There is now a handy expression for property: property assignments and methods can be defined without the "function" keyword.
Basic NLP concepts and ideas using Python and NLTK framework. Explore NLP prosessing features, compute PMI, see how Python/Nltk can simplify your NLP related task.
University of Virginia
cs4414: Operating Systems
http://rust-class.org
What happened with Apple's SSL implementation
How to make sure this doesn't happen to you!
Sharing data
ARCs in Rust
Scheduling
For embedded notes, see:
In a dynamic infrastructure world, let's stop pretending credentials aren't public knowledge in an organization and just assume that they have already been leaked, now what?
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
Python se ha convertido en el lenguaje más usado para desarrollar herramientas dentro del ámbito de la seguridad. Esta charla se centrará en las diferentes formas en que un analista puede aprovechar el lenguaje de programación Python tanto desde el punto de vista defensivo como ofensivo.
Desde el punto de vista defensivo Python es una de las mejores opciones como herramienta de pentesting por la gran cantidad de módulos que nos pueden ayudar a desarrollar nuestras propias herramientas con el objetivo de realizar un análisis de nuestro objetivo.
Desde el punto de vista ofensivo podemos utilizar Python para recolección de información de nuestro objetivo de forma pasiva y activa. El objetivo final es obtener el máximo conocimiento posible en el contexto que estamos auditando. Entre los principales puntos a tratar podemos destacar:
1.Introducción a Python para proyectos de ciberseguridad(5 min)
2.Herramientas de pentesting(10 min)
3.Herramientas Python desde el punto de vista defensivo(10 min)
4.Herramientas Python desde el punto de vista ofensivo(10 min)
The first cut of a talk on the R&D process in software development, including taking an invention to patent.
Includes two sets of code examples. One is Forth implemented in a 1980s dialect of Basic.
The other introduces evolutionary prototyping using a hybrid ruby/bash methodology.
Generics, Reflection, and Efficient CollectionsEleanor McHugh
This is a talk about how we structure and collate information so as to effectively process it, the language tools Go provides to help us do this, and the sometimes frustrating tradeoffs we must make when marry the real world with the digital.
We'll start by looking at basic collection types in Go: array, slice, map, and channel. These will then be used as the basis for our own user defined types with methods for processing the collected items.
These methods will then be expanded to take functions as parameters (the higher order functional style popularised by languages such as Ruby) and by using Go's Reflection package we will generalise them for a variety of tasks and uses cases.
Reflection adds an interpreted element to our programs with a resulting performance cost. Careful design can often minimise this cost and it may well amortise to zero on a sufficiently large collection however there is always greater code complexity to manage. When the data to be contained in a user defined collection is homogenous we can reduce much of this complexity by using Generics and our next set of examples will demonstrate this.
At the end of this talk you should have some useful ideas for designing your own collection types in Go as well as a reasonable base from which to explore Reflection, Generics, and the Higher-Order Functional style of programming.
Go for the paranoid network programmer, 3rd editionEleanor McHugh
Draft third edition of my #golang network programming and cryptography talk given to the Belfast Gophers Meetup. Now with an introduction to websockets.
An introduction to functional programming with goEleanor McHugh
A crash course in functional programming concepts using Go. Heavy on code, light on theory.
You can find the examples at https://github.com/feyeleanor/intro_to_fp_in_go
Implementing virtual machines in go & c 2018 reduxEleanor McHugh
An updated version of my talk on virtual machine cores comparing techniques in C and Go for implementing dispatch loops, stacks & hash maps.
Lots of tested and debugged code is provided as well as references to some useful/interesting books.
Digital Identity talk from Strange Loop 2018 and Build Stuff Lithuania 2018 including walkthrough of the uPass system and the design principles behind it.
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
This is a fairly technical overview of the considerations involved in architecting software systems to support privacy. Rather than focus on what the law demands - something which can change across time and jurisdictions - it looks at the real problems we need to solve to know as little about the users of computer systems as possible whilst achieving their needs.
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
A very light intro talk on privacy, identity, and designing with the latter to preserve the former.
Probably makes no sense at all without the audio so if it whet's your appetite dig through my other decks on these topics. Most of those have code in for the more technically minded.
An overview of the uPass digital identity system. Covers the core problem domain and the end-to-end stack from liveness to black-box transaction store. Lots of diagrams, references to all the relevant patent applications and so forth.
An introduction to Go from basics to web through the lens of "Hello World", extracted from the Book "A Go Developer's Notebook" available from http://leanpub.com/GoNotebook
Finding a useful outlet for my many Adventures in goEleanor McHugh
A talk about my Leanpub-published living eBook: A Go Developer's Notebook. Buy my book? Write your own Book using Leanpub? Learn you some Golang for fun?
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
13. paranoia
Pronunciation: /ˌparəәˈnɔɪəә/
noun
{mass noun}
A mental condition characterized by delusions of persecution, unwarranted
jealousy, or exaggerated self-importance, typically worked into an organized
system. It may be an aspect of chronic personality disorder, of drug abuse, or
of a serious condition such as schizophrenia in which the person loses touch
with reality.
Unjustified suspicion and mistrust of other people:
mild paranoia afflicts all prime ministers
13
14.
15.
16.
17. paranoia
Pronunciation: /ˌparəәˈnɔɪəә/
noun
{mass noun}
The perfectly reasonable belief that someone, somewhere is watching your
online behaviour with malicious and/or voyeuristic intent. It may be a result
of reading a Hacking Exposed or Hacking for Dummies publication,
experiencing the fallout from identity theft, or shopping with bitcoin.
Justified suspicion and mistrust of other people:
chronic paranoia afflicts all information security professionals
accute paranoia afflicts the victims of hacking
17
28. encrypt all transports
• establish a secure channel by exchanging public keys
• and check their validity against trusted certificates (SSL, TLS, etc.)
• as an added measure pin these certificates (like SSH pins keys)
• then exchange symmetric keys for a private secure channel
• change these keys frequently (cheap cipher streams)
• and pin each distinct message to a distinct key (one-time pads)
28
42. package main
import "crypto/aes"
import "crypto/cipher"
import "crypto/rand"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Serve(":1025", func(c *UDPConn, a *UDPAddr, b []byte) {
if m, e := Encrypt("Hello World", AES_KEY); e == nil {
c.WriteToUDP(m, a)
}
})
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
func Quantise(m string) (b []byte, e error) {
b = append(b, m...)
if p := len(b) % aes.BlockSize; p != 0 {
p = aes.BlockSize - p
// this is insecure and inflexible as we're padding with NUL
b = append(b, make([]byte, p)...)
}
return
}
func IV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
_, e = rand.Read(b)
return
}
func Encrypt(m, k string) (o []byte, e error) {
if o, e = Quantise([]byte(m)); e == nil {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
if iv, e = IV(); e == nil {
c := cipher.NewCBCEncrypter(b, iv)
c.CryptBlocks(o, o)
o = append(iv, o...)
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/42
43. package main
import "crypto/aes"
import "crypto/cipher"
import "crypto/rand"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Serve(":1025", func(c *UDPConn, a *UDPAddr, b []byte) {
if m, e := Encrypt("Hello World", AES_KEY); e == nil {
c.WriteToUDP(m, a)
}
})
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
func Quantise(m string) (b []byte, e error) {
b = append(b, m...)
if p := len(b) % aes.BlockSize; p != 0 {
p = aes.BlockSize - p
// this is insecure and inflexible as we're padding with NUL
b = append(b, make([]byte, p)...)
}
return
}
func IV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
_, e = rand.Read(b)
return
}
func Encrypt(m, k string) (o []byte, e error) {
if o, e = Quantise([]byte(m)); e == nil {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
if iv, e = IV(); e == nil {
c := cipher.NewCBCEncrypter(b, iv)
c.CryptBlocks(o, o)
o = append(iv, o...)
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/43
44. package main
import "crypto/aes"
import "crypto/cipher"
import "crypto/rand"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Serve(":1025", func(c *UDPConn, a *UDPAddr, b []byte) {
if m, e := Encrypt("Hello World", AES_KEY); e == nil {
c.WriteToUDP(m, a)
}
})
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
func Quantise(m string) (b []byte, e error) {
b = append(b, m...)
if p := len(b) % aes.BlockSize; p != 0 {
p = aes.BlockSize - p
// this is insecure and inflexible as we're padding with NUL
b = append(b, make([]byte, p)...)
}
return
}
func IV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
_, e = rand.Read(b)
return
}
func Encrypt(m, k string) (o []byte, e error) {
if o, e = Quantise([]byte(m)); e == nil {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
if iv, e = IV(); e == nil {
c := cipher.NewCBCEncrypter(b, iv)
c.CryptBlocks(o, o)
o = append(iv, o...)
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/44
45. package main
import "crypto/aes"
import "crypto/cipher"
import "crypto/rand"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Serve(":1025", func(c *UDPConn, a *UDPAddr, b []byte) {
if m, e := Encrypt("Hello World", AES_KEY); e == nil {
c.WriteToUDP(m, a)
}
})
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
func Quantise(m string) (b []byte, e error) {
b = append(b, m...)
if p := len(b) % aes.BlockSize; p != 0 {
p = aes.BlockSize - p
// this is insecure and inflexible as we're padding with NUL
b = append(b, make([]byte, p)...)
}
return
}
func IV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
_, e = rand.Read(b)
return
}
func Encrypt(m, k string) (o []byte, e error) {
if o, e = Quantise([]byte(m)); e == nil {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
if iv, e = IV(); e == nil {
c := cipher.NewCBCEncrypter(b, iv)
c.CryptBlocks(o, o)
o = append(iv, o...)
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/45
46. package main
import "crypto/aes"
import "crypto/cipher"
import "crypto/rand"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Serve(":1025", func(c *UDPConn, a *UDPAddr, b []byte) {
if m, e := Encrypt("Hello World", AES_KEY); e == nil {
c.WriteToUDP(m, a)
}
})
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
func Quantise(m string) (b []byte, e error) {
b = append(b, m...)
if p := len(b) % aes.BlockSize; p != 0 {
p = aes.BlockSize - p
// this is insecure and inflexible as we're padding with NUL
b = append(b, make([]byte, p)...)
}
return
}
func IV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
_, e = rand.Read(b)
return
}
func Encrypt(m, k string) (o []byte, e error) {
if o, e = Quantise([]byte(m)); e == nil {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
if iv, e = IV(); e == nil {
c := cipher.NewCBCEncrypter(b, iv)
c.CryptBlocks(o, o)
o = append(iv, o...)
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/46
48. package main
import "bufio"
import "crypto/cipher"
import "crypto/aes"
import . "fmt"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Request(":1025", func(c *UDPConn) {
c.Write(make([]byte, 1))
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(m, AES_KEY); e == nil {
Println(string(m))
}
}
})
}
func Decrypt(m []byte, k string) (r string, e error) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
iv, m = Unpack(m)
c := cipher.NewCBCDecrypter(b, iv)
c.CryptBlocks(m, m)
r = Dequantise(m)
}
return
}
func Unpack(m []byte) (iv, r []byte) {
return m[:aes.BlockSize], m[aes.BlockSize:]
}
func Dequantise(m []byte) string {
var i int
for i = len(m) - 1; i > 0 && m[i] == 0; i-- {}
return string(m[:i + 1])
}
func Request(a string, f func(Conn)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
f(conn)
}
}
}
whispered secrets http://slides.games-with-brains.net/48
49. package main
import "bufio"
import "crypto/cipher"
import "crypto/aes"
import . "fmt"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Request(":1025", func(c *UDPConn) {
c.Write(make([]byte, 1))
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(m, AES_KEY); e == nil {
Println(string(m))
}
}
})
}
func Decrypt(m []byte, k string) (r string, e error) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
iv, m = Unpack(m)
c := cipher.NewCBCDecrypter(b, iv)
c.CryptBlocks(m, m)
r = Dequantise(m)
}
return
}
func Unpack(m []byte) (iv, r []byte) {
return m[:aes.BlockSize], m[aes.BlockSize:]
}
func Dequantise(m []byte) string {
var i int
for i = len(m) - 1; i > 0 && m[i] == 0; i-- {}
return string(m[:i + 1])
}
func Request(a string, f func(Conn)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
f(conn)
}
}
}
whispered secrets http://slides.games-with-brains.net/49
50. package main
import "bufio"
import "crypto/cipher"
import "crypto/aes"
import . "fmt"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Request(":1025", func(c *UDPConn) {
c.Write(make([]byte, 1))
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(m, AES_KEY); e == nil {
Println(string(m))
}
}
})
}
func Decrypt(m []byte, k string) (r string, e error) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
iv, m = Unpack(m)
c := cipher.NewCBCDecrypter(b, iv)
c.CryptBlocks(m, m)
r = Dequantise(m)
}
return
}
func Unpack(m []byte) (iv, r []byte) {
return m[:aes.BlockSize], m[aes.BlockSize:]
}
func Dequantise(m []byte) string {
var i int
for i = len(m) - 1; i > 0 && m[i] == 0; i-- {}
return string(m[:i + 1])
}
func Request(a string, f func(Conn)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
f(conn)
}
}
}
whispered secrets http://slides.games-with-brains.net/50
51. package main
import "bufio"
import "crypto/cipher"
import "crypto/aes"
import . "fmt"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Request(":1025", func(c *UDPConn) {
c.Write(make([]byte, 1))
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(m, AES_KEY); e == nil {
Println(string(m))
}
}
})
}
func Decrypt(m []byte, k string) (r string, e error) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
iv, m = Unpack(m)
c := cipher.NewCBCDecrypter(b, iv)
c.CryptBlocks(m, m)
r = Dequantise(m)
}
return
}
func Unpack(m []byte) (iv, r []byte) {
return m[:aes.BlockSize], m[aes.BlockSize:]
}
func Dequantise(m []byte) string {
var i int
for i = len(m) - 1; i > 0 && m[i] == 0; i-- {}
return string(m[:i + 1])
}
func Request(a string, f func(Conn)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
f(conn)
}
}
}
whispered secrets http://slides.games-with-brains.net/51
52. package main
import "bufio"
import "crypto/cipher"
import "crypto/aes"
import . "fmt"
import . "net"
const AES_KEY = "0123456789012345"
func main() {
Request(":1025", func(c *UDPConn) {
c.Write(make([]byte, 1))
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(m, AES_KEY); e == nil {
Println(string(m))
}
}
})
}
func Decrypt(m []byte, k string) (r string, e error) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
var iv []byte
iv, m = Unpack(m)
c := cipher.NewCBCDecrypter(b, iv)
c.CryptBlocks(m, m)
r = Dequantise(m)
}
return
}
func Unpack(m []byte) (iv, r []byte) {
return m[:aes.BlockSize], m[aes.BlockSize:]
}
func Dequantise(m []byte) string {
var i int
for i = len(m) - 1; i > 0 && m[i] == 0; i-- {}
return string(m[:i + 1])
}
func Request(a string, f func(Conn)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
f(conn)
}
}
}
whispered secrets http://slides.games-with-brains.net/52
54. package main
import . "bytes"
import "crypto/rsa"
import "encoding/gob"
import "net"
func main() {
HELLO_WORLD := []byte("Hello World")
RSA_LABEL := []byte("served")
Serve(":1025", func(c *net.UDPConn, a *net.UDPAddr, b []byte) {
var key rsa.PublicKey
if e := gob.NewDecoder(NewBuffer(b)).Decode(&key); e == nil {
if m, e := Encrypt(&key, HELLO_WORLD, RSA_LABEL); e == nil {
c.WriteToUDP(m, a)
}
}
return
})
}
func Encrypt(key *rsa.PublicKey, m, l []byte) ([]byte, error) {
return rsa.EncryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/54
55. package main
import . "bytes"
import "crypto/rsa"
import "encoding/gob"
import "net"
func main() {
HELLO_WORLD := []byte("Hello World")
RSA_LABEL := []byte("served")
Serve(":1025", func(c *net.UDPConn, a *net.UDPAddr, b []byte) {
var key rsa.PublicKey
if e := gob.NewDecoder(NewBuffer(b)).Decode(&key); e == nil {
if m, e := Encrypt(&key, HELLO_WORLD, RSA_LABEL); e == nil {
c.WriteToUDP(m, a)
}
}
return
})
}
func Encrypt(key *rsa.PublicKey, m, l []byte) ([]byte, error) {
return rsa.EncryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
func Serve(a string, f func(*UDPConn, *UDPAddr, []byte)) {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := ListenUDP("udp", address); e == nil {
for b := make([]byte, 1024); ; b = make([]byte, 1024) {
if n, client, e := conn.ReadFromUDP(b); e == nil {
go f(conn, client, b[:n])
}
}
}
}
return
}
whispered secrets http://slides.games-with-brains.net/55
57. package main
import "crypto/rsa"
import "crypto/rand"
import "crypto/sha1"
import "crypto/x509"
import "bytes"
import "encoding/gob"
import "encoding/pem"
import “io/ioutil"
import . "fmt"
import . "net"
func main() {
Request(":1025", "ckey", func(c *net.UDPConn, k *rsa.PrivateKey) {
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(k, m, []byte("served")); e == nil {
Println(string(m))
}
}
})
}
func LoadPrivateKey(file string) (r *rsa.PrivateKey, e error) {
if file, e := ioutil.ReadFile(file); e == nil {
if block, _ := pem.Decode(file); block != nil {
if block.Type == "RSA PRIVATE KEY" {
r, e = x509.ParsePKCS1PrivateKey(block.Bytes)
}
}
}
return
}
func Request(a, file string, f func(*UDPConn, *PrivateKey)) {
if k, e := LoadPrivateKey(file); e == nil {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
SendKey(conn, k.PublicKey, func() {
f(conn, k)
})
}
}
}
}
func Decrypt(key *rsa.PrivateKey, m, l []byte) ([]byte, error) {
return rsa.DecryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
func SendKey(c *net.UDPConn, k rsa.PublicKey, f func()) {
var b bytes.Buffer
if e := gob.NewEncoder(&b).Encode(k); e == nil {
if _, e = c.Write(b.Bytes()); e == nil {
f()
}
}
}
whispered secrets http://slides.games-with-brains.net/57
58. package main
import "crypto/rsa"
import "crypto/rand"
import "crypto/sha1"
import "crypto/x509"
import "bytes"
import "encoding/gob"
import "encoding/pem"
import “io/ioutil"
import . "fmt"
import . "net"
func main() {
Request(":1025", "ckey", func(c *net.UDPConn, k *rsa.PrivateKey) {
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(k, m, []byte("served")); e == nil {
Println(string(m))
}
}
})
}
func LoadPrivateKey(file string) (r *rsa.PrivateKey, e error) {
if file, e := ioutil.ReadFile(file); e == nil {
if block, _ := pem.Decode(file); block != nil {
if block.Type == "RSA PRIVATE KEY" {
r, e = x509.ParsePKCS1PrivateKey(block.Bytes)
}
}
}
return
}
func Request(a, file string, f func(*UDPConn, *PrivateKey)) {
if k, e := LoadPrivateKey(file); e == nil {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
SendKey(conn, k.PublicKey, func() {
f(conn, k)
})
}
}
}
}
func Decrypt(key *rsa.PrivateKey, m, l []byte) ([]byte, error) {
return rsa.DecryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
func SendKey(c *net.UDPConn, k rsa.PublicKey, f func()) {
var b bytes.Buffer
if e := gob.NewEncoder(&b).Encode(k); e == nil {
if _, e = c.Write(b.Bytes()); e == nil {
f()
}
}
}
whispered secrets http://slides.games-with-brains.net/58
59. package main
import "crypto/rsa"
import "crypto/rand"
import "crypto/sha1"
import "crypto/x509"
import "bytes"
import "encoding/gob"
import "encoding/pem"
import “io/ioutil"
import . "fmt"
import . "net"
func main() {
Request(":1025", "ckey", func(c *net.UDPConn, k *rsa.PrivateKey) {
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(k, m, []byte("served")); e == nil {
Println(string(m))
}
}
})
}
func LoadPrivateKey(file string) (r *rsa.PrivateKey, e error) {
if file, e := ioutil.ReadFile(file); e == nil {
if block, _ := pem.Decode(file); block != nil {
if block.Type == "RSA PRIVATE KEY" {
r, e = x509.ParsePKCS1PrivateKey(block.Bytes)
}
}
}
return
}
func Request(a, file string, f func(*UDPConn, *PrivateKey)) {
if k, e := LoadPrivateKey(file); e == nil {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
SendKey(conn, k.PublicKey, func() {
f(conn, k)
})
}
}
}
}
func Decrypt(key *rsa.PrivateKey, m, l []byte) ([]byte, error) {
return rsa.DecryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
func SendKey(c *net.UDPConn, k rsa.PublicKey, f func()) {
var b bytes.Buffer
if e := gob.NewEncoder(&b).Encode(k); e == nil {
if _, e = c.Write(b.Bytes()); e == nil {
f()
}
}
}
whispered secrets http://slides.games-with-brains.net/59
67. package main
import "crypto/hmac"
import "crypto/rsa"
import "crypto/rand"
import "crypto/sha1"
import "crypto/sha256"
import "crypto/x509"
import "bytes"
import "encoding/base64"
import "encoding/gob"
import "encoding/pem"
import “io/ioutil"
import . "fmt"
import . "net"
func main() {
Request(":1025", "ckey", func(c *net.UDPConn, k *rsa.PrivateKey) {
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(k, m[44:], []byte("served")); e == nil {
s, _ := base64.URLEncoding.DecodeString(string(m[:44)))
v := hmac.Equal(s, Sign(m, "signature"))
Print(string(m), "[valid:", v,"]”)
}
}
})
}
func Sign(message string, key []byte) string {
h := hmac.New(sha256.New, key)
h.Write([]byte(message))
return base64.StdEncoding.EncodeToString(h.Sum(nil))
}
func SendKey(c *net.UDPConn, k rsa.PublicKey, f func()) {
var b bytes.Buffer
if e := gob.NewEncoder(&b).Encode(k); e == nil {
if _, e = c.Write(b.Bytes()); e == nil {
f()
}
}
}
func LoadPrivateKey(file string) (r *rsa.PrivateKey, e error) {
if file, e := ioutil.ReadFile(file); e == nil {
if block, _ := pem.Decode(file); block != nil {
if block.Type == "RSA PRIVATE KEY" {
r, e = x509.ParsePKCS1PrivateKey(block.Bytes)
}
}
}
return
}
func Request(a, file string, f func(*UDPConn, *PrivateKey)) {
if k, e := LoadPrivateKey(file); e == nil {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
SendKey(conn, k.PublicKey, func() {
f(conn, k)
})
}
}
}
}
func Decrypt(key *rsa.PrivateKey, m, l []byte) ([]byte, error) {
return rsa.DecryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
whispered secrets http://slides.games-with-brains.net/67
68. package main
import "crypto/hmac"
import "crypto/rsa"
import "crypto/rand"
import "crypto/sha1"
import "crypto/sha256"
import "crypto/x509"
import "bytes"
import "encoding/base64"
import "encoding/gob"
import "encoding/pem"
import “io/ioutil"
import . "fmt"
import . "net"
func main() {
Request(":1025", "ckey", func(c *net.UDPConn, k *rsa.PrivateKey) {
if m, e := ReadStream(c); e == nil {
if m, e := Decrypt(k, m[44:], []byte("served")); e == nil {
s, _ := base64.URLEncoding.DecodeString(string(m[:44)))
v := hmac.Equal(s, Sign(m, "signature"))
Print(string(m), "[valid:", v,"]”)
}
}
})
}
func Sign(message string, key []byte) string {
h := hmac.New(sha256.New, key)
h.Write([]byte(message))
return base64.StdEncoding.EncodeToString(h.Sum(nil))
}
func SendKey(c *net.UDPConn, k rsa.PublicKey, f func()) {
var b bytes.Buffer
if e := gob.NewEncoder(&b).Encode(k); e == nil {
if _, e = c.Write(b.Bytes()); e == nil {
f()
}
}
}
func LoadPrivateKey(file string) (r *rsa.PrivateKey, e error) {
if file, e := ioutil.ReadFile(file); e == nil {
if block, _ := pem.Decode(file); block != nil {
if block.Type == "RSA PRIVATE KEY" {
r, e = x509.ParsePKCS1PrivateKey(block.Bytes)
}
}
}
return
}
func Request(a, file string, f func(*UDPConn, *PrivateKey)) {
if k, e := LoadPrivateKey(file); e == nil {
if address, e := ResolveUDPAddr("udp", a); e == nil {
if conn, e := DialUDP("udp", nil, address); e == nil {
defer conn.Close()
SendKey(conn, k.PublicKey, func() {
f(conn, k)
})
}
}
}
}
func Decrypt(key *rsa.PrivateKey, m, l []byte) ([]byte, error) {
return rsa.DecryptOAEP(sha1.New(), rand.Reader, key, m, l)
}
whispered secrets http://slides.games-with-brains.net/68
69. encrypt all passwords
• accept unicode to expand the symbol space
• hash every new password before it’s submitted
• always use a cryptograpically secure hash (HMAC)
• and a fresh HMAC key for each password (which you must store)
• salt the resulting hash when you receive it (and store the salt)
• then hash again before storing in your database
69
70. require multi-factor authentication
• have the user submit their password over a secure channel
• then send them a confirmation code out-of-band
• that’s an agreed trust anchor acting as a shared secret
• the confirmation code should be big enough to generate a HMAC
• and only the HMAC should be submitted
• now you have two secure channels based on shared secrets
70
71. encrypt all storage
• secured transport is useless without secured data stores
• encrypt all sensitive fields - that probably means all fields
• and store HMACs for desired search terms
• otherwise your black box is secure but unsearchable
• make sure you use different roles for reading, writing and searching
• that’s right, your datastore is also a set of secure streams
71
73. anchor trust internally
• establish a private certificate authority
• assign fine-grained roles to different components
• audit requirements, code, operations, security logs
• never deploy without a credible security audit
• and make those deployments immutable
• security audits best done by third parties with an attacker mentality
73