GPG Quick Guide

Posted by technologiquepark on July 19, 2012

I have many friends who are having a few Issues getting the grips of GPG and public key encryption so I decided to make a quick post to cover the basics.

Firstly a video to explain the concept of public key encryption

diffie-hellman key exchange

A good way to learn is the command line as It requires no front end software and is installed on nearly every linux system by default . The command line? No, it’s not hard as long as you have a basic understanding of how asymmetric cryptography works (i.e. you’ve at least read the wikipedia page), and are comfortable on the command line in the first place. It’s even easier with a helper program like Kgpg or GnuPG. Here are some helpful hints if you want to give the command line version a shot (note this is for linux):

Windows users can check out http://gpg4win.org/

#to create a new key
gpg –gen-key

#to encrypt a message
gpg –recipient recipient –armor –encrypt file

#to decrypt a message
gpg –decrypt file

#to export public key (ascii)
gpg –armor –export name

#to export public key (ascii) to file
gpg –armor –output file –export name

#list public keys
gpg –list-keys

#import a public key
gpg –import file

A good guide can be found in the Ubuntu community documentation

https://help.ubuntu.com/community/GnuPrivacyGuardHowto

Announcing Pastee Droid

Posted by technologiquepark on June 8, 2012

Pastee Droid is an Android client for “the secure pastebin” Pastee!
Supports Paste encryption. If encryption is selected pastes are encrypted (AES-256) with a password. A SHA-256 hash of the password is stored in the database, not the passphrase itself, which ensures that only those who know the password will be able to view the content of your paste. All traffic is sent over SSL

Supports over 100 languages. Languages are listed in order of common (C, Java , Text Only, etc) , other (ActionScript, Debian Source File, etc ) and combo (XML+Ruby , HTML+Django/jinja, etc) .

Supports pastes of up to 200,000 characters

Pastes are not listed. Pastee assures users that it will never list or index your pastes for any reason. Privacy and security are essential to Pastee.

Paste IDs are carefully chosen , this makes them less susceptible to crawling bots. Paste ID’s are short and easy to remember if you must.

Pastee Droid supports sharing of pastes via various apps such as twitter , text message , email etc.
Pastee Droid also supports URL-shortening .Just paste a URL and it will be shortened .
Pastes have reasonable expire times. An hour , a day , a week , a month and a year.

For more information on Pastee see https://pastee.org/about

“Pastee Droid” is copyrighted by Technologique Park
“Pastee” is copyrighted by Pastee
The Pastee Droid Logo is a modification based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Original can be found at http://www.android.com/developers/branding.html

This slideshow requires JavaScript.

Google I/O 2010 – Writing real-time games for Android redux

Posted by technologiquepark on June 7, 2012

HashPass Desktop

Posted by technologiquepark on May 22, 2012

In my previous post I introduced the android app HashPass which I made and briefly discussed that there was a command line version available for the desktop. This post is a follow up explaining the modes of operation of the command line version.

Basically it was made to supplement the android app. It has two modes of operation and they are as follows:

method 1: The text is specified inline

python hashPass.py algorithm text_to_be_hashed

tpa@tortoise:~$ python hashPass.py md5 test 098f6bcd4621d373cade4e832627b4f6 tpa@tortoise:~$

method 2: The text is specified at runtime

python hashPass.py algorithm

tpa@tortoise:~$ python hashPass.py md5 Enter the text to be hashed and press enter. test 098f6bcd4621d373cade4e832627b4f6 tpa@tortoise:~$

The reason there are two methods is that if you normally use the first one listed above the text or password in this case would be saved in your shell history file so the second one is the recommended and safer method to use. The first method is there is case users wishes to hash any text but was mainly added so it can be run inside other scripts . Lets say you wish to hash a lot of passwords and you want to save the output to some file. Assuming pass is the password you wanted to hash, you would save the following to a file

#!/usr/bin/env bash

#sample script to demonstrate the first method of hashPass

printf “pass for site 1: ” ; python ~/bin/hashPass.py md5 pass
printf “pass for site 2: ” ; python ~/bin/hashPass.py sha1 pass
printf “pass for site 3: ” ; python ~/bin/hashPass.py sha256 pass
printf “pass for site 4: ” ; python ~/bin/hashPass.py sha512 pass

Then change the permissions of the file with chmod u+x filename.sh

The output produces

pass for site 1: 1a1dc91c907325c69271ddf0c944bc72 pass for site 2: 9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684 pass for site 3: d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1 pass for site 4: 5b722b307fce6c944905d132691d5e4a2214b7fe92b738920eb3fce3a90420a19511c3010a0e7712b 054daef5b57bad59ecbd93b3280f210578f547f4aed4d25

The algorithms are the same one available in the android application. MD5 , SHA1, SHA256 & SHA512.

Installation

— Windows

Download and install python from http://www.python.org/download

I tested it with python 2.7 on windows xp

Once installed open up a command prompt.

You then add python to the PATH with

PATH C:\Python27;%PATH%

If you run into trouble in this step see http://docs.python.org/faq/windows#how-do-i-run-a-python-program-under-windows . This way only temporarily adds python to the path

To keep the path in memory right click my computer > properties > advanced > environment Variables and then add ;C:\Python27 on to the PATH variable
like so

MyComputer Properties

Environment Variables

Add Python to Path

Now you can navigate to the directory where the script is with cd. For this example we will assume it is on the desktop

example cd Desktop

Now to run the script we can use the same methods listed above, using the second method we get the same result

python hashPass.py md5 Enter the text to be hashed and press enter. test 098f6bcd4621d373cade4e832627b4f6

— Linux/unix

Linux users should have python and hashlib installed if no they will be in your distro’s repository.

— Mac OSX

Like linux python should be installed by default in mac. Instructions are the same to run it in mac as they are in linux.

Hope you find the Hash Pass mobile and desktop versions useful.

Announcing HashPass

Posted by technologiquepark on May 15, 2012

HashPass Icon

HashPass allows a user to input a password or any text and generate a hash from it.

Generally a secure password is hard to remember so users tend to opt for easy to remember passwords. These passwords are also easy to crack. This app aims to address that by allowing the user to use hashes in place of their passwords on various sites.

Example: a user may have a password such as “computer” (a bad one) that would be easily cracked in a dictionary attack.

Where as the md5 hash generated from computer is
df53ca268240ca76670c8566ee54568a which is not easy to guess or dictionary attack.

There are currently four algorithms available in the app. MD5 , SHA1 , SHA256 & SHA512.

This allows the user to use the same password for four different sites and a different hash for each.

For your banking or email you could use the SHA512 hash of your chosen password . In the computer example the hash is

922d076069b1df893fc010b7a6d2aa55c7c4c5d194f163394a4c864de5754131c17bfa94ac166

7f56b5181cc7eca5dc3a09444caee6eecf16114926bb29f7e79

The hashes are automatically copied to the clipboard for convenience. This allows you to paste it into an app such as facebook or an email app.

This slideshow requires JavaScript.

If a database is compromised which is insecurely storing the passwords and your passwords (your generated hash) was obtained . The other three sites (with different hashing algorithms) would be safe.

Using hashes as passwords also makes an attack more computationally expensive as each string (sequence of characters) has to be hashed first before submitting it as the password. Also that factor is multiplied by 4 as the attacker does not know which algorithm you may have chosen.

You could also paste the output of the initial hash as the input with different functions for more options. Just remember the algorithms and the order you chose if you do.

I have also made an open sourced command line desktop version which is written in python and can be downloaded from https://minus.com/mBDxG4GLu/
This app respects users privacy and no data is recorded about the user. The Internet permission is required to serve the ads.

Announcing Bodha Converter

Posted by technologiquepark on May 15, 2012

Bodha Converter default screen

Bodha Converter is an android app I made a while ago which I only got around to publishing recently. It allows users to convert between Binary, Octal, Decimal, Hex and Ascii with a zen like approach.

It supports general (Binary , Octal , Decimal and Hex ) conversions up to 2^63-1 in their respective formats. It also supports Ascii characters in the range of NUL to DEL (0 – 127)

A convenient table is also included for quick lookups also in the range of 0 – 127

This app collects no personal data. The internet permission is only required to serve advertisements. It can be obtained from the google play marketplace

Hope you find it useful.