Skip to content

Instantly share code, notes, and snippets.

View kennwhite's full-sized avatar

Kenn White kennwhite

66 followers · 3 following
View GitHub Profile
@kennwhite
kennwhite / main.go
Last active November 12, 2021 08:54
Implementation of AEAD-AES-256-CBC-HMAC-SHA-512 using spec test vectors
/*
Demonstration of AEAD_AES_256_CBC_HMAC_SHA_512, an authenticated encryption with associated
data (AEAD) scheme using a composition of AES in the CBC mode of operation with an
HMAC-SHA512 message authentication code, an Encrypt-Then-MAC construction.
From IETF draft spec by McGrew, Foley, & Paterson:
https://datatracker.ietf.org/doc/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05#section-2.7
Disclaimer:
This is strictly a proof of concept personal project and has not had any proper cryptography review.
Do not use for anything even vaguely important.
@kennwhite
kennwhite / cryptopapers.md
Created July 30, 2021 19:07

Not many papers share a critical view of the cryptography field, and when such papers are published they tend to be dismissed as "extreme opinions". But not talking about potential deficiencies is harmful for everyone on the long run, even if many actors' self-interest is the status quo (example: USSR). So here's a list of crypto papers and essays not purely technical, sometimes called "controverial", in arbitrary order (please send suggestions of missing entries):

Rogaway - The moral character of cryptographic work - https://web.cs.ucdavis.edu/~rogaway/papers/moral.pdf

Bernstein - Non-uniform cracks in the concrete: the power of free precomputation - http://cr.yp.to/nonuniform/nonuniform-20130914.pdf

@kennwhite
kennwhite / FIPS-Modules-In-Process.md
Last active May 24, 2021 03:57
FIPS Modules In Process (as of Apr 9, 2021)

From: https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list Snapshot as of Apr 9, 2021

Module Name Vendor Name Standard Status
Thunder Series TH-3040S, TH-5440S, TH-5840S and TH-7440S-11 A10 Networks, Inc. FIPS 140-2 In Review
ADVA 10TCE-PCN-16GU+AES100G-F encryption module ADVA Optical Networking SE FIPS 140-2 Review Pending
ADVA 9TCE-PCN-10GU+AES10G-F encryption module ADVA Optical Networking SE FIPS 140-2 Review Pending
WCC-PCN-AES100GB-F Encryption Module ADVA Optical Networking SE FIPS 140-2 Coordination
@kennwhite
kennwhite / general_tso`s_chicken.md
Last active March 28, 2021 06:40
General Tso's Chicken

Joshua Weissman's General Tso's Chicken

Chicken:

  • 1.5 lbs (700g) boneless skinless chicken thighs cut into pieces
  • 1 TB (14g) shaoxing wine
  • 1 TB (14g) soy sauce
  • pinch of salt
  • 2 cloves garlic mined
  • 1 inch knob ginger minced
  • 1/2 cup (75g) all purpose flour
@kennwhite
kennwhite / lxc_v4_notes_feb-2021.txt
Last active October 23, 2021 17:46
LXC v4 notes (2/2021) for Ubuntu
# Good tips here: https://www.cyberciti.biz/faq/install-lxd-on-ubuntu-20-04-lts-using-apt/
# List all running services
systemctl list-units --all --type=service --no-pager | grep running
# Clean install of lxc (on host) - first lxd system, then lxc command line tools
sudo apt-get update
sudo apt-get upgrade
sudo apt install lxd
sudo adduser YOURUSERID lxd # (probably already there)
@kennwhite
kennwhite / hello_world_shell_local_per_user.js
Last active February 15, 2021 18:15
Basic FLE hello world with shell, demonstrating per-user keys (json pointers)
/*
Simple demonstration using MongoDB Client-Side Field Level Encryption (local key version)
using json pointer for per-user/per-document dynamic key selection
This pattern might be useful for Right to Be Forgotten GDPR use case.
Note: FLE schemas with json pointer dynamic key IDs require randomized mode and automatic encryption
Decryption -- whether randomized or deterministic -- is always automatic, assuming the data key is available/cached.
If deterministic (searchable) mode is required, consider dynamic user key selection
at the app level via explicit encryption methods (versus automatic), e.g.:
@kennwhite
kennwhite / Gatekeeper Exception command line.md
Last active December 23, 2020 14:10
Bypass MacOS Gatekeeper for specific apps & executables on command line

To override Big Sur's Gatekeeper restriction: "cannot be opened because the developer cannot be verified" from the command line

Example with MongoDB (can be run against a folder e.g., JavaSDK or individual executables):

xattr -d com.apple.quarantine /Users/me/Downloads/mongodb-macos-x86_64-enterprise-4.4.2/bin/*

This appears to be sticky for all identical versions of that executable, i.e., if you have two copies of the identical binary in unrelated directories, removing quarantine for one seems to enter a file signature hash into the allowed list globally.

@kennwhite
kennwhite / ubuntu_20_nvidia_fix.md
Last active April 18, 2023 12:14
Ubuntu 20 Nvidia Zoom Fix

More Nvidia/Ubuntu bleeding edge funness

Problem: Failed to initialize NVML: Driver/library version mismatch

dmesg | grep -i nvrm

NVRM: API mismatch: the client has the version

@kennwhite
kennwhite / fhir_demo_install.sh
Created August 28, 2020 17:24
FHIR Connector Demo
# Example FHIR Connector Demo
# Default settings are for local mongodb on 27017. If using Atlas, modify src/config.js or
# set an environment variable: export MONGO_HOSTNAME='mongodb+srv://DBUSER:PASSWORD@example.cluster.mongodb.net'
# If using other mongodb, from shell: export MONGO_HOSTNAME='mongodb://DBUSER:PASSWORD@example.mongodb.net'
git clone https://github.com/kennwhite/node-fhir-server-mongo
cd node-fhir-server-mongo/
@kennwhite
kennwhite / mongod_boostrap_with_ese.sh
Last active August 24, 2020 20:52
Bootstrap mongodb binary (mongod) properly from command line with encrypted storage engine enabled (full database encryption)
# See: https://docs.mongodb.com/manual/tutorial/configure-encryption/#local-key-management
# As non-root user, possibly in a startup script:
/usr/bin/mongod \
--fork \
--logpath=/tmp/mdb.log \
--dbpath=/data/db \
--enableEncryption \