similar to: Some additional attacks on Cookie Session

Edge has a change in default behaviour where sessions are stored as cookies instead of in the file system. This was a pleasant surprise when I synced up, fired up my app, and nothing worked. Ah, life on the edge. I''m sure I''m just missing something, but I can''t get sessions to survive the first redirect. I added the following code to environment.rb, based on

what i have done is as follows password = Digest::SHA1.hexdigest("#{salt}:#{password}") pass1 = Digest::SHA1.hexdigest("#{salt}:asdfgh") pass2 = Digest::SHA1.hexdigest("#{salt}:asdfgh") pass3 = Digest::SHA1.hexdigest("#{salt}:qwerty") puts pass1==pass2 puts pass1==pass3 This works fine but i need to get the decrypted password how can i get it any help is

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

Hello all, I tried OpenSSH versions 2.1.1p4, 2.2.0p1 and the latest snapshot briefly on 64-bit Irix 6.5.7f an 6.5.9m. Both times, no matter what I do, I'll get 'PRNG initialization failed -- exiting'. This happens with ssh-keygen (the keys aren't even generated yet, ssh binary etc.) It's clear that Irix etc. don't have a proper entropy pool like *BSD and Linux do, but

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

Hello all, Thank you in advance for your help with this. I am trying to implement the user authentication method from Ruby Recipes which calls for the use of SHA 2. Here is the code for the password: def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt) end I open

=== 1. Camping on Rack === I''ve just finished rewriting Camping to use Rack in the "core". I got rid of (a little less) than 1kB in camping.rb and removed lots of un-necessary files (lib/server/*.rb, fastcgi.rb & mongrel.rb). bin/camping does now only provide WEBrick, Mongrel and console-support and should only be used in development. It uses Rack::ShowExceptions to catch

On Sun, Jul 24, 2005 at 04:06:02PM +0200, Poul-Henning Kamp wrote: +> In message <20050724135738.GM46538@darkness.comp.waw.pl>, Pawel Jakub Dawidek writes: +> +> >We should probably test entropy quality on boot. +> >I've somewhere userland version of /sys/dev/rndtest/ which implements +> >FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users.

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

a small fix for the PRNG/EGD section -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh_cvs/configure.in.old Tue Feb 27 12:56:06 2001 +++ openssh_cvs/configure.in Tue Feb 27 16:54:48 2001 @@ -5,6 +5,7 @@ AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL_HOST +AC_C_BIGENDIAN # Checks for programs. AC_PROG_CPP @@ -1279,14

(Sorry, third time -- last one, promise, just giving it a subject line!) OK, a second machine hosted at the same hosting company has also apparently been hacked. Since 2 of out of 3 machines hosted at that company have now been hacked, but this hasn't happened to any of the other 37 dedicated servers that I've got hosted at other hosting companies (also CentOS, same version or almost),

On Tue, 2004-01-20 at 23:44, Josh Coalson wrote: > Miroslav did some experiments with searching for optimum blocksize. > from what I remember it made at best a couple percent difference. > there was a thread about it here a while back. > Did his changes make it in? I can think of a coupla ways to approach this and I'd like to hear about what he tried. A couple of % doesnt seem

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the

On Thu, Nov 14, 2013 at 01:48:17AM -0800, edwintorok wrote: > Following the link to builder.ml from your blogpost I noticed the make_random_password () function, and I have some suggestions, well nitpicks really. See the 2 commits from this pull request. > > 1. Using Ocaml&#39;s buffered I/O means that one make_random_password() call reads 64k bytes from /dev/urandom which drops the

I have a new centos 6 install. Randomly i get out of memory messages and my ssh file transfer dies. I have tried this in filezilla as well as winscp. I have disabled motd in ssh and i also had entropy problems so i enacted rngd -r /dev/urandom -o /dev/random but did not stop the out of memory errors. I am seeing the below in the logs. It only occurs during ssh file transfers. Feb 28

On 29/05/17 15:46, Robert Moskowitz wrote: > > > On 05/28/2017 06:57 PM, Rob Kampen wrote: >> On 28/05/17 23:56, Leon Fauster wrote: >>>> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> >>>> >>>> On 05/28/2017 04:24 AM, Tony Mountifield wrote: >>>>> In article

This is a small 12 line system, internal extensions 150 - 180. I didn't have a phone on 151. Here's the sip.conf stanza: ;;[151] ;;type=friend ;;context=longdistance ;;callerid="Conf Room" <151> ;;secret=0000 ;;host=dynamic ;;qualify=yes ;;dtmfmode=rfc2833 ;;allow=all ;;defaultuser=151 ;;nat=yes ;;canreinvite=no There's no DISA. And then somehow (how???) ip address

I admit I am stuck. I am converting a legacy php site to ROR. The old site uses MD5, a security flaw waiting to happen. I upgraded to AAA and am adding code in the session_controller.rb file to see if crypted_password is blank. If it is, crypt and check the password against the old md5 version and write it in the new crypted_password field. Here is my code add on before the logged_in?: def

Hi, I am using Van Dyke SecureCRT 3.2.1 to access an AIX server running OpenSSH-2.5.0p1. Using ssh1 with X11 forwarding enabled, the server reports the following error (in the client session): Packet integrity error. (34) This problem was not evident in 2.3.0p1. Running sshd in debug gives the output: debug1: sshd version OpenSSH_2.5.1p1 debug1: load_private_key_autodetect: type 0 RSA1

I did this as a project back in the early 2002, and I had a nice little how-to to walk me through it. Many work places and moves, and I've lost it. I have a friend who asked me about this recently, and I can't seem to find anything on the web, or the how-to I used (not surprised). If I remember correctly, you needed an up-to-date zlib, egd (or prng), OpenSSL, tcpwrappers, and OpenSSH.