• Breaking News

    Friday, May 31, 2019

    Public DNS in Taiwan the latest victim to BGP hijack Security News & Discussion

    Public DNS in Taiwan the latest victim to BGP hijack Security News & Discussion


    Public DNS in Taiwan the latest victim to BGP hijack

    Posted: 31 May 2019 11:00 AM PDT

    Bypass default AppLocker rules - A post about a small discovery in AppLocker

    Posted: 31 May 2019 05:20 AM PDT

    Passive DNS - a tutorial to setup your own Passive DNS using D4 Project

    Posted: 31 May 2019 01:43 PM PDT

    My thoughts after my first (real) attempt at Hackthebox - Beginner Guides - 0x00sec

    Posted: 31 May 2019 01:03 AM PDT

    Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS

    Posted: 31 May 2019 11:23 AM PDT

    Analyzing a Coin Mining and Remote Access Hybrid Campaign

    Posted: 31 May 2019 11:15 AM PDT

    Pgen – Command-line passphrase generator

    Posted: 31 May 2019 09:57 AM PDT

    The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember.

    I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password.

    My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words.

    For example let's say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to.

    pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy. 

    51.70 bits of entropy.

    What does that mean, you might ask.

    The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well:

    A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.

    Ok, so how good is 51.70 bits of entropy?

    Wikipedia, same article again:

    The minimum number of bits of entropy needed for a password depends on the threat model for the given application. [...] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn't applicable.

    So let's say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let's generate one.

    pgen -l -n 4 plastic case refocus demise 

    Pretty memorable right? :)

    Oh yeah, and about the claim that it's fast. Just how fast is it? Have a look.

    time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s 

    That's 5 milliseconds.

    But hey, let's say we wanted to generate a bunch of passphrases at once.

    How much time does it take to generate 10.000 passphrases and dump them into a text file?

    time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s 

    About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^

    Source and instructions on how to install it are on GitHub.

    https://github.com/ctsrc/Pgen

    submitted by /u/codetrotter
    [link] [comments]

    A new super light protocol resistant to Eclipse Attacks

    Posted: 30 May 2019 07:38 PM PDT

    I made this tool to look for all the build logs of CI tools such as Travis-CI which can then be used to find sensitive information

    Posted: 31 May 2019 03:25 AM PDT

    No comments:

    Post a Comment