Stéphan Mestach mestachs

## crypto-wrong-answers.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mestachs
                / crypto-wrong-answers.md
            
            
              Created
              June 19, 2016 14:42
                — forked from paragonie-scott/crypto-wrong-answers.md
            
              
                An Open Letter to Developers Everywhere (About Cryptography)
              
          
    Hello software developers,
Please check your code to ensure you're not making one of the following mistakes related to cryptography.
I. General Mistakes


Writing your own home-grown cryptography primitives (For example: Mifare Classic)

Exception: For the sake of learning, but don't deploy it in production.


Using a fast hash function (e.g. MD5, SHA256) for storing passwords. Use bcrypt instead.
Not using a cryptographically secure random number generator


## github_comment_on_commit.py
// Using the Jenkins Groovy Post build plugin to execute the following after every build
// https://wiki.jenkins-ci.org/display/JENKINS/Groovy+Postbuild+Plugin


// It would be nice not to have to specify these here... the repo name should be available within the hudson
// api somehow, but I didn't know how to get it. The access token should maybe be saved in a config file, and
// read in at runtime?
GITHUB_REPO_NAME = 'myusername/myreponame'
GITHUB_ACCESS_TOKEN = 'my_github_api_v3_access_token'

## app.rb
require 'sinatra'
require 'redis'
require 'json'
require 'date'

class String

  def &(str)
    result = ''
    result.force_encoding("BINARY")

## gist:5116404
LINT_IGNORES = ['rvm']

namespace :lint do
  desc "Check puppet module code style."
  task :ci do
    begin
      require 'puppet-lint'
    rescue LoadError
      fail 'Cannot load puppet-lint, did you install it?'
    end

## .bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

if [[ -n "$PS1" ]] ; then

# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
	// Using the Jenkins Groovy Post build plugin to execute the following after every build
	// https://wiki.jenkins-ci.org/display/JENKINS/Groovy+Postbuild+Plugin


	// It would be nice not to have to specify these here... the repo name should be available within the hudson
	// api somehow, but I didn't know how to get it. The access token should maybe be saved in a config file, and
	// read in at runtime?
	GITHUB_REPO_NAME = 'myusername/myreponame'
	GITHUB_ACCESS_TOKEN = 'my_github_api_v3_access_token'
	require 'sinatra'
	require 'redis'
	require 'json'
	require 'date'

	class String

	def &(str)
	result = ''
	result.force_encoding("BINARY")
	LINT_IGNORES = ['rvm']

	namespace :lint do
	desc "Check puppet module code style."
	task :ci do
	begin
	require 'puppet-lint'
	rescue LoadError
	fail 'Cannot load puppet-lint, did you install it?'
	end
	# ~/.bashrc: executed by bash(1) for non-login shells.
	# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
	# for examples

	if [[ -n "$PS1" ]] ; then

	# don't put duplicate lines in the history. See bash(1) for more options
	# ... or force ignoredups and ignorespace
	HISTCONTROL=ignoredups:ignorespace