Warren Guy
29 January 2015

Detecting man-in-the-middle attacks: verifying fingerprints verbally

Have you ever wanted or needed to verify a GPG, OTP, SSL certificate or other fingerprint read aloud over the phone or even just sitting next to someone? This is important for detecting and preventing man-in-the-middle attacks, but reading/transcribing hexadecimal values can be tedious and error prone. Back in 1995, linguist Patrick Juola and PGP's Phil Zimmerman standardised a list of words corresponding with hexadecimal byte pairs for exactly this purpose. Each byte pair is represented by one of two words, depending on its position, to protect against inadvertently duplicated, missed, transposed words. As an example, my GPG fingerprint D1D4 64C0 04F0 0FB5 C9A4 C8D8 E433 E7FB 7FF5 6256 could be read aloud as "stairway souvenir flytrap recipe adrift upcoming artist positive spearhead Pandora spaniel stupendous tonic concurrent transit Wichita lockup visitor flagpole escapade".

I've written a pair of simple libraries, for JavaScript and for Ruby, for easily implementing the PGP word list, as well as a simple web based converter using the JavaScript library which is at https://warrenguy.me/projects/pgp-word-list-converter. Check out the libraries on Github:

Read full post | Comments

Warren Guy
23 December 2014

Reverse proxying Tor hidden services

This is a simple method of exposing a Tor hidden service via a regular TCP port.

You might find this useful as a convenient way of exposing a service behind a NAT firewall to the internet, or to provide a public internet presence for a service that you wish to conceal the real location of.

Read full post | Comments

Warren Guy
3 November 2014

Detecting Tor users in nginx on Linux

This is a slightly hacky method of detecting Tor users in nginx. I'm using it on this website to advise Tor users of the existence of a hidden service that can alternatively be used to access this website. You can visit this website via Tor to see it in action.

We'll be using iptables and ipset to match the IP of incoming connections to our nginx server against Tor exits that allow access to our site, and redirecting those connections to a different ip:port. In your nginx config, you can then add custom rules, headers, or use an alternative server block, or whatever you like. This method could be applied to services other than nginx.

Read full post | Comments

Warren Guy
14 October 2014

Regenerating an RSA private key with Python

This is an exercise in regenerating an RSA private key while possessing only the public key. You might also find this useful if you happen to know all of the parameters of a private key (modulus, public exponent, and either the private exponent or prime factors), and want to reconstruct a key from them (skip to the end). This covers only the practical steps required without detailed explanation.

The example used here is a 256-bit RSA key, which can be factored on my laptop in less than three minutes. You won't (I hope) find any 256-bit RSA keys in the real world, however you could likely factor a 512-bit key (which sadly do exist in the wild) with modern hardware in a matter of days.

Read full post | Comments

Warren Guy
20 August 2014

Global DNS Tester Update

In the few days since launching my Global DNS Tester, I've made a few significant improvements. It's no longer limited to looking up A records alone; you can now compare A, AAAA, PTR, CNAME, NS, MX, and SOA records returned for any given host/IP from up to 100 public nameservers simultaneously.

I've also made a bunch of iterative improvements to the interface, and some minor performance improvements.

Read full post | Comments