SSL on SWiK

Samba 2.2.x & LDAP

Fri, 10 Oct 2008 07:06:12 -0700

SSL Free Firewall Two Factor Authentication Products from Comodo

Fri, 10 Oct 2008 07:06:06 -0700

#4733 (Option for all login links to use HTTPS) – The Trac Project

Fri, 10 Oct 2008 06:05:32 -0700

JBoss guide: How to enable SSL (HTTPS) on JBoss, as well as other

Wed, 08 Oct 2008 03:48:14 -0700

obstcp - 易于使用的通信加密工具,可部分加密通信内容

Wed, 08 Oct 2008 01:49:46 -0700

Endian - Firewall Appliance, UTM Appliance, Unified Threat Management, Hotspot, Antispam, Antivirus, VPN, OpenVPN, Open Source

Tue, 07 Oct 2008 15:48:24 -0700

Endian - Firewall Appliance, UTM Appliance, Unified Threat Management, Hotspot, Antispam, Antivirus, VPN, OpenVPN, Open Source

Tue, 07 Oct 2008 12:48:12 -0700

Diffie-Hellman Key Exchange

Tue, 07 Oct 2008 04:20:35 -0700

http://www.adamsinfo.com/diffie-hellman-key-exchange/

Diffie-Hellman Key Exchange is a popular mathematical key exchange algorithm. It allows two parties to establish a ‘key’ over an insecure medium such as the internet. As you will see, it doesn’t matter whether the intercepting party captures each piece of transmitted information, they will not be able to break the key in any way, other than the usual brute force method.

Diffie-Hellman Key Exchange is not an encryption method, it is generall but not always used pre encryption to decide on a shared encryption key.

We will call the communicating parties Bill and Ben. Let Roger be the intercepting party. You can work out these calculations on a calculator:

Bill and Ben transmit and agree on a public prime number (p) and a ‘generator’ (g) which is an integer less than ‘p’. Bill now decides on a random private number (a) which he does not transmit, Ben also agrees on a random private number (b) which he does not transmit either.

In this example, Bill and Ben decide that: p=137 g=13

Roger catches p(137) and g(13)

Bill decides privately that a=31 Ben decides privately that b=23

In actual fact these numbers will be much larger to hinder brute force. We’re going to use small numbers in our example though.

Bill now computes: j = (ga)modp [ programatically j=(g^{a)%p]
j = (1331)mod137
j = 20}

Ben now computes: k = (gb)modp [ programatically k=(gb)%p ] k = (1323)mod137 k = 24

Ben now transmits k to Bill, and Bill transmits j to Ben Roger captures (j)20 and (k)24

Bill now computes:

x = kamodp [programatically =(k^{a)%p
x = 2431mod137
x = 91}

Bill now knows that the shared encryption key is 72. He does not [need to] transmit it.

Ben calculates:

x = jbmodp [programatically =(jb)%p x = 2023mod137 x = 92

Ben also now knows that the shared encryption key is 72. He does not [need to] transmit it.

At this point, expand outwards:

x = 92 x = jbmodp = kamodp ((ga)modp)bmodp == ((gb)modp)amodp

Despite the fact that Roger has caught each individual transmission, j, k, g, and p, he can not work out x.

Now that both sides know the key, we can now agree that they’re going to encrypt using AAE – Adam’s Amazing Encryption.

Bob takes his phrase to encrypt – “password” and adds ‘72′ to each character using the ASCII alphabet:

Bob can now turn his phrase to a hex string:

\x70\x61\x73\x73\x77\x6f\x72\x64

And then add 72 to each character, making sure it wraps around 255:

\xb8\xa9\xbb\xbb\xbf\xb7\xba\xac

Ben can now decrypt using the opposite method.

In actual fact, not only would the key be substantially longer than ‘72′, but our encryption algorithm of choice ‘AAE’ would also be replaced with something more cryptographically sound :-) – Possibly RC4

JBoss Web - SSL Configuration HOW-TO

Mon, 06 Oct 2008 19:49:10 -0700

Bacula/TLS - Devco Wiki

Sun, 05 Oct 2008 23:30:11 -0700

java.net Forums : Slow HTTPS - Java 6 + Glassfish ...

Sun, 05 Oct 2008 18:04:22 -0700

JBoss 4.0 The Official Guide - Chapter 8. Security on JBoss

Sun, 05 Oct 2008 17:16:41 -0700

How To Configure ISP Mail Server With Virtual Users/Domains On Centos 5.0 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL | HowtoForge - Linux Howtos and Tutorials

Sun, 05 Oct 2008 12:42:00 -0700

Welcome to OpenVPN

Sat, 04 Oct 2008 23:05:42 -0700

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

Using SSL with GlassFish v2 : Enterprise Tech Tips

Sat, 04 Oct 2008 13:55:57 -0700

OpenSSL: Documents, Misc

Fri, 03 Oct 2008 20:13:06 -0700

Configuring JBoss SSL

Fri, 03 Oct 2008 10:56:56 -0700

setting up SSL

ssl-cert-check

Fri, 03 Oct 2008 08:58:24 -0700

SSL certificate expiry monitor. Can run as a Nagios plugin.

A ray of light on Open Source: HTTPS on JBoss 4.2.2

Fri, 03 Oct 2008 06:58:07 -0700

subversion: Subversion FAQ

Thu, 02 Oct 2008 12:35:41 -0700

Linux.com :: Setting up your own certificate authority with gnoMint

Thu, 02 Oct 2008 10:29:14 -0700

JBossWiki : SSLSetup

Thu, 02 Oct 2008 09:27:53 -0700

keystore

Perspectives Englisch, Download im heise Software-Verzeichnis

Thu, 02 Oct 2008 06:33:49 -0700

Compiling Postfix with TLS/SSL

Thu, 02 Oct 2008 05:09:34 -0700

Adictos al Trabajo. Formación y desarrollo | JAVA, JEE, UML, XML |. Tutoriales sobre nuevas tecnologías.

Wed, 01 Oct 2008 16:16:30 -0700

Adictos al Trabajo. Formación y desarrollo | JAVA, JEE, UML, XML |. Tutoriales sobre nuevas tecnologías.

Wed, 01 Oct 2008 16:16:30 -0700

Configuring JBoss SSL

Wed, 01 Oct 2008 16:16:30 -0700

JBossWiki : SSLSetup - wiki.jboss.org

Wed, 01 Oct 2008 09:15:14 -0700

[from martti] Peter Gutmann's Home Page

Wed, 01 Oct 2008 06:17:48 -0700

IBM KnowledgeWeb: WKC - Contribution details - firefox3 fix for new certificate behavior

Wed, 01 Oct 2008 02:15:25 -0700

New behavior of handling invalid and self-signed certificates was introduced in Firefox3. Unfortunately it is very annoying when you work with many sites that have self-signed ssl certificates. To reduce number of clicks from about 4 to 2 to add exception do the following: Enter about:config in address bar. Change following properties: browser.xul.error_pages.expert_bad_cert = true browser.ssl_override_behavior = 2