Uncategorized – Tony's Bit https://tonysbit.blog Software Development, Cloud Computing, Blockchain Technology and Finance. Sun, 15 Oct 2023 14:10:47 +0000 en-US hourly 1 https://wordpress.org/?v=6.7 187656588 Post Quantum Part 1: The storm beyond the horizon https://tonysbit.blog/?p=615 Sun, 15 Oct 2023 13:59:34 +0000 https://tonysbit.blog/?p=615 There is a modern cryptography has a slow but looming threat just beyond the horizon, Quantum Computing. Without getting into the nitty gritty, the fundamental maths behind how we share secrets from device to device is at risk of being broken. The risks are especially present for solutions that are vulnerable to store now, decrypt later. Messaging apps are especially vulnerable to this type of attack and there are engineers already working to mitigate the risks.

Something not talked about frequently are topics such as the risks quantum computing have on modern forms of authentication/authorization. Most modern authentication/authorization frameworks (such as OpenIDConnect) rely on JWT Tokens and signing algorithms that are not quantum resistant. Once broken, attackers could functionally gain access to the front door by signing their own tokens to impersonate users on any of these systems. More worryingly is the fact that most systems use a single signer which means the encryption exploit can be reused to impersonate any user on that system.

Good news! NIST (National Institute of Standards and Technology) have been hard at work in evolving the backbone of digital freedom. From that very difficult work a number of algorithms have been selected for the future standards .

For digital signatures CRYSTALS-DilithiumFALCON and SPHINCS+ was selected.

For encryption CRYSTALS-Kyber was selected.

What could this mean for us code monkeys on the ground building the internet backbone as we string together defensive middleware, layer hashing algorithms into our db and implement E2E client communication to fend off the hackers? This series looks to explore the implications and how the technology used commonly today will change. We will look at C# and RUST example test implementations of authentication and data protection practices in the post quantum age!

A example of what we will explore, a JWT authenticated API implementing Dilithium3.

]]>
615
Deploying a SSL Protected Containerized App: Part 2 https://tonysbit.blog/?p=107 Fri, 09 Mar 2018 20:33:25 +0000 http://tonysbit.blog/?p=107 Checklist

Let’s quickly do a checklist of what we have so far

  1. SSH Accessible Virtual Machine (Running Centos 7.4)
  2. Ports 22, 443, 80 are open on the virtual machine
  3. Domain pointed at the public IP of the Virtual machine

If you have not done these things, you can deploy your virtual machine following the steps in part 1.

Preparing the Host

Start this part by initializing a SSH session into the virtual machine.

Swap to the root user by running

su root

Installing Docker

Install docker

On the virtual machine that you have deployed run the following commands:

sudo yum install -y yum-utils  device-mapper-persistent-data  lvm2

​​​​​​sudo yum-config-manager    --add-repo https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce

Note: These are the quick commands to install docker, for more information as to what they do exactly visit the docs.

Downloading CertBot

Certbot is a nifty client that will fetch SSL/TLS certificates and is used as the client for Let’s Encrypt.

Download Cert Bot

Pre-requisites:

yum -y install yum-utils
yum install epel-release

Run installation:

sudo yum install certbot

Note: These are the quick commands to install certbot, for more information as to what they do exactly visit the docs.

Generating a SSL Certificate

On the virtual machine that you have deployed run the following commands:

When running certbot to obtain a SSL certificate, too many attempts will result in a lockout of the domain of up to a hour. To prevent a lockout we will be testing the creation of the certificate with a –staging command.

sudo certbot certonly --staging

Run through the prompts and at the very end enter your domain address (domain.com.au).

The successful output is shown below

92f0915b-1ae6-4894-b127-899415893848

Once you can confirm that a staging certificate can be generated, run the process again without the --staging tag.

Once you have completed the deployment of a production ready SSL certificate, you can now move on to part 3.

]]>
107