I just read a news article regarding a demonstration on a modified method of attack against a reduced variant of the SHA-1 hash algorithm.
My suggestion, if you need more security, then start to use SHA-256 or even SHA-512. For normal usage, you can still use SHA-1 but may be not for a long time.
You can also read the know-how about the hash crack.
1 comments
Labels:
crypto
I couldn't install snort-inline, because it needs libnet 1.0.2a. In my system I have already installed libnet 1.1.0 required by dsniff-2.4.0. This silly problem made me crazy for several days.
Finally I got an enlightenment.
First, make sure you've installed iptables-devel package.
To resolve this problem, I downgraded dsniff to dsniff-2.3-1.guru.suse100
(http://rpm.pbone.net) and removed libnet 1.1.0.
# rpm -e dsniff-2.4.0
# rpm -Uvh dsniff-2.3-1.guru.suse100.i686.rpm
Preparing... ########################################### [100%]
1:dsniff ########################################### [100%]
# rpm -e libnet
Then I install libnet-1.0.2a-1.snort :
# rpm -Uvh libnet-1.0.2a-1snort.i386.rpm
Preparing... ########################################### [100%]
1:libnet ########################################### [100%]
After that I create snort RPMS :
$ rpmbuild -tb snort-2.6.0.tar.gz --with inline --with mysql
...
Wrote: /home/tedi/rpms/RPMS/i586/snort-inline-2.6.0-1.i586.rpm
Wrote: /home/tedi/rpms/RPMS/i586/snort-inline-mysql-2.6.0-1.i586.rpm
...
0
comments
Labels:
hacks
Several days ago, I installed Nessus on my machine (OpenSUSE 10.1). From the website, I didn't find Nessus package for my machine, instead I downloaded packages for SUSE 10.
The installation was a breeze :
# rpm -Uvh Nessus-3.0.3-suse10.0.i586.rpm
Preparing... ########################################### [100%]
1:Nessus ########################################### [100%]
nessusd (Nessus) 3.0.3. for Linux
(C) 1998 - 2006 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
- Register your Nessus scanner at http://www.nessus.org/register/
to obtain all the newest plugins
- You can start nessusd by typing /etc/rc.d/nessusd start
After that, I just followed what has been instructed on the installation.
# /opt/nessus/sbin/nessus-add-first-user
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------
Login : admin
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
Login : admin
Password : ***********
DN :
Rules :
Is that ok ? (y/n) [y]
user added.
Thank you. You can now start Nessus by typing :
/opt/nessus//sbin/nessusd -D
I start Nessus :
# /etc/init.d/nessusd start
After that I installed the client, apparently now they separated Nessus server and client :
# rpm -Uvh NessusClient-1.0.0.RC5-suse10.0.i586.rpm
Preparing... ########################################### [100%]
1:NessusClient ########################################### [100%]
Then I checked my computer using NessusClient :
$ /opt/nessus/bin/NessusClient
0
comments
Labels:
hacks
I am currently doing a research on how to develop crypto code in Python programming language.
Based on my research, there are several crypto libraries that's suitable for my purpose. They are Python Cryptography Toolkit and ezPyCrypto as my main libraries.
Python Cryptography Toolkit will be the low-level crypto library, while ezPyCrypto will act as a high-level crypto library.
Before installing those two libraries, make sure you have have the following packages :
0
comments
Labels:
python