Posts about ‘Ruby’


View all posts

Warren GuyWarren Guy
20 June 2015

Rack::DetectTor: Rack middleware for detecting Tor exits

I've just released Rack::DetectTor, Rack middleware for detecting Tor users. It adds an environment varliable tor_exit_user with a value of true or false to the Rack request object. I've previously blogged about detecting Tor users in nginx using iptables, however Rack::DetectTor is a much neater and more self contained solution for Ruby/Rack based web apps (built on Ruby on Rails, Sinatra, Padrino, etc).

More info on the Github project page: https://github.com/warrenguy/rack-detect-tor

Read full post | Comments

Warren GuyWarren Guy
29 January 2015

Detecting man-in-the-middle attacks: verifying fingerprints verbally

Have you ever wanted or needed to verify a GPG, OTP, SSL certificate or other fingerprint read aloud over the phone or even just sitting next to someone? This is important for detecting and preventing man-in-the-middle attacks, but reading/transcribing hexadecimal values can be tedious and error prone. Back in 1995, linguist Patrick Juola and PGP's Phil Zimmerman standardised a list of words corresponding with hexadecimal byte pairs for exactly this purpose. Each byte pair is represented by one of two words, depending on its position, to protect against inadvertently duplicated, missed, transposed words. As an example, my GPG fingerprint D1D4 64C0 04F0 0FB5 C9A4 C8D8 E433 E7FB 7FF5 6256 could be read aloud as "stairway souvenir flytrap recipe adrift upcoming artist positive spearhead Pandora spaniel stupendous tonic concurrent transit Wichita lockup visitor flagpole escapade".

I've written a pair of simple libraries, for JavaScript and for Ruby, for easily implementing the PGP word list, as well as a simple web based converter using the JavaScript library which is at https://warrenguy.me/projects/pgp-word-list-converter. Check out the libraries on Github:

Read full post | Comments