Without use of MAC, it’s easy to mess with the IV to change the result of “successfully decrypting” ciphertext.
First, create some plaintext:
echo Give Eve \$500 > plaintext.dat
cat plaintext.dat
hamsolo.dev hamsolodev
hamsolodev
/ board.ini
Created
December 8, 2013 05:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [uwsgi] | |
| socket = /tmp/app.sock | |
| chdir = /home/USER/sites/site.com/repo.git | |
| env = NEW_RELIC_ENVIRONMENT=production | |
| env = NEW_RELIC_CONFIG_FILE=newrelic.ini | |
| uid = USER | |
| chown-socket = www-data:GROUP | |
| chmod-socket = 660 |
hamsolodev
/ deft-113.md
Created
October 29, 2013 02:29
hamsolodev
/ deft-32.md
Created
October 4, 2013 04:28
TODO passphrase protected keyfiles…setup a keyfile in a remaining key-slot? something to make this properly two–factor.
Notes on installing Arch Linux from scratch, using LVM volumes inside a LUKS container.
Why not boot from removable media? Well, there's no real support for “plausible deniability” built in to LUKS/dm-crypt. This means that the benefit of booting from removable media—being able to keep secret the fact that the main HDD contains an encrypted
hamsolodev
/ hostdiscovery.py
Last active
December 20, 2015 19:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # | |
| # Retrieve a list of hosts from EC2, with Name metadata tags matching | |
| # the supplied regex. | |
| # | |
| # e.g. in your fabfile | |
| # | |
| # env.roledefs = { | |
| # 'somesite': lambda: matching_names(r'somesite-web-\d+'), | |
| # } |
hamsolodev
/ zshrc_for_brenton.sh
Created
August 1, 2013 23:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: sh; coding: utf-8 -*- | |
| # check for interactive shell, returning straight away if this isn't | |
| # one! | |
| [ -z "$PS1" ] && return | |
| setopt prompt_subst | |
| setopt transient_rprompt | |
| setopt prompt_sp | |
| autoload -Uz vcs_info |
hamsolodev
/ updateip.py
Created
July 2, 2013 06:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Update Route53 DNS A name record for home IP. | |
| # | |
| # Uses the *route53* library, rather than boto. | |
| import os | |
| import re | |
| import sys |
hamsolodev
/ .xmodmaprc.txt
Created
June 30, 2013 06:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| remove Lock = Caps_Lock | |
| remove Control = Control_L | |
| keysym Control_L = Caps_Lock | |
| keysym Caps_Lock = Control_L | |
| add Lock = Caps_Lock | |
| add Control = Control_L |
hamsolodev
/ deft-32.md
Created
June 26, 2013 01:09
TODO passphrase protected keyfiles…setup a keyfile in a remaining key-slot? something to make this properly two–factor.
Notes on installing Arch Linux from scratch, using LVM volumes inside a LUKS container.
Why not boot from removable media? Well, there's no real support for “plausible deniability” built in to LUKS/dm-crypt. This means that the benefit of booting from removable media—being able to keep secret the fact that the main HDD contains an encrypted
hamsolodev
/ tcpdump_commands.md
Created
June 15, 2013 04:11
Watch outgoing DNS requests on wlan0
tcpdump -pni wlan0 'port domain'
hamsolodev
/ pf.conf
Created
June 10, 2013 10:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set skip on lo0 | |
| block in all | |
| pass in on { em0 wlan0 } proto udp from any to 224.0.0.251 port mdns | |
| pass out all keep state |