Monthly Archives: December 2015
ecryptfs-add-passphrase returns sig [d395309aaad4de06] for test

Right now I am a bit annoyed, because I have read the installation manuals for ecryptfs.
Most of them point to something like:

$$code(lang=shell)
$ echo -n test | ecryptfs-add-passphrase
Passphrase:
Inserted auth tok with sig [d395309aaad4de06] into the user session keyring
$ echo d395309aaad4de06 >> ~/.ecryptfs/secret.sig
$$/code

basicly you later tell mount which passphrase to use via ecryptfs_fnek_sig=d395309aaad4de06,ecryptfs_sig=d395309aaad4de06

Maybe I am totally stupid, but for me, for the moment it looks as if signature actually means CHECKSUM. And it looks like this one is even worse than the one in your /etc/shadow. It may get better if your password is actually long compared with that checksum, but I would guess: most user passwords are not.

However I would be happy to learn that I was concerned for nothing.

brought nat64 to live

I just brought my first ever NAT64 up and running!

64 bytes from 64:ff9b::808:808: icmp_seq=501 ttl=57 time=1.42 ms
64 bytes from 64:ff9b::808:808: icmp_seq=502 ttl=57 time=1.48 ms
64 bytes from 64:ff9b::808:808: icmp_seq=503 ttl=57 time=1.50 ms
64 bytes from 64:ff9b::808:808: icmp_seq=504 ttl=57 time=1.43 ms
64 bytes from 64:ff9b::808:808: icmp_seq=505 ttl=57 time=1.36 ms
64 bytes from 64:ff9b::808:808: icmp_seq=506 ttl=57 time=1.51 ms
64 bytes from 64:ff9b::808:808: icmp_seq=507 ttl=57 time=1.55 ms
64 bytes from 64:ff9b::808:808: icmp_seq=508 ttl=57 time=1.45 ms
64 bytes from 64:ff9b::808:808: icmp_seq=509 ttl=57 time=1.53 ms
64 bytes from 64:ff9b::808:808: icmp_seq=510 ttl=57 time=1.35 ms
64 bytes from 64:ff9b::808:808: icmp_seq=511 ttl=57 time=1.35 ms
64 bytes from 64:ff9b::808:808: icmp_seq=512 ttl=57 time=1.37 ms
64 bytes from 64:ff9b::808:808: icmp_seq=513 ttl=57 time=1.56 ms

it can ping googles nameserver now.
V6 only infrastructure is coming.

using gnupg as a privacy guard

Two days ago I cleaned up my key management.
I created new gnupg keys and I figured out that gnupg is able to
deal with many more things than I thought of today.

You can use the Keys in you GPG storage to authenticate your ssh logins.
You can use the Keys for signing and ancrypting with both PGP and S/MIME
standards.

The GPG Agent keeps your keys painlessly locked away when you are not
using them for a while, but I do not have to enter my passphrase every
minute just to check my mail.

There is only one Option that I really miss: I want to authenticate
against Facebook, Google and others via using GnuPG, it is the
obvious next step. That means a Webbrowser who is aware of Gnupg and
a multipart signed mime post request. There are rumors that browsers
already have such a thing, but I was not able to find anything on the
net.

So my private keys are now saver than before.
But lets start from scratch:

  • everyone uses electronic signatures, on webpages and for your eBanking
  • most people do know nothing about electronic signatures
  • not knowing is is dangerous

If you don’t know anything about Public Key and Signatures you definately
watch this:

An electronic signature is the other way round, you
encrypt private and decrypt public.

How easy is that? The only big issue is, that you have to keep your keys save.

So far, cu next time. Oh by the way, my new GnuPG Key is:

  • ID: 5F94E76B Keygrip: 977A0623F543190A41D7DE2A0D297B023E9868DD