archive-org.com » ORG » J » JOSEFSSON.ORG

Total: 236

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".

  • the intended audience for this page This work was sponsored by Simon Josefsson Datakonsult If you need commercial help with utilizing this technology or have a related project that you want help with please feel free to contact me If you find my work in this area useful also please consider making a donation No amount is too small Background and Related Work RFC 1035 section 5 describe the master file syntax RFC 2540 describe the detched format Reference MIME labeled DNS data by using the DNS URI IETF draft tracker records The Document RFC 4027 you want this one XML source not fully updated to align with RFC Open Issues There are no currently known open issues Have you found something wrong with the document Please let me know Also let me know if there is something you d like to see added to this page Timeline This timeline was re constructed in 2005 so major events may be lacking 2004 10 19 Approved 2004 10 14 Discussed on IESG telechat 2004 08 20 IETF last call 2004 03 05 Version 2 published 2001 01 23 Version 1 published 2001 01 11 Version 0 published Copying Conditions The copying

    Original URL path: http://www.josefsson.org/dns-mime/ (2016-04-30)
    Open archived version from archive



  • unattractive as well The pad character is typically percent encoded when used in an URI 9 but if the data length is known implicitly this can be avoided by skipping the padding see section 3 2 This encoding may be referred to as base64url This encoding should not be regarded as the same as the base64 encoding and should not be referred to as only base64 Unless clarified otherwise base64 refers to the base 64 in the previous section This encoding is technically identical to the previous one except for the 62 nd and 63 rd alphabet character as indicated in Table 2 Josefsson Standards Track Page 7 RFC 4648 Base N Encodings October 2006 Table 2 The URL and Filename safe Base 64 Alphabet Value Encoding Value Encoding Value Encoding Value Encoding 0 A 17 R 34 i 51 z 1 B 18 S 35 j 52 0 2 C 19 T 36 k 53 1 3 D 20 U 37 l 54 2 4 E 21 V 38 m 55 3 5 F 22 W 39 n 56 4 6 G 23 X 40 o 57 5 7 H 24 Y 41 p 58 6 8 I 25 Z 42 q 59 7 9 J 26 a 43 r 60 8 10 K 27 b 44 s 61 9 11 L 28 c 45 t 62 minus 12 M 29 d 46 u 63 13 N 30 e 47 v underline 14 O 31 f 48 w 15 P 32 g 49 x 16 Q 33 h 50 y pad 6 Base 32 Encoding The following description of base 32 is derived from 11 with corrections This encoding may be referred to as base32 The Base 32 encoding is designed to represent arbitrary sequences of octets in a form that needs to be case insensitive but that need not be human readable A 33 character subset of US ASCII is used enabling 5 bits to be represented per printable character The extra 33rd character is used to signify a special processing function The encoding process represents 40 bit groups of input bits as output strings of 8 encoded characters Proceeding from left to right a 40 bit input group is formed by concatenating 5 8bit input groups These 40 bits are then treated as 8 concatenated 5 bit groups each of which is translated into a single character in the base 32 alphabet When a bit stream is encoded via the base 32 encoding the bit stream must be presumed to be ordered with the most significant bit first That is the first bit in the stream will be the high order bit in the first 8bit byte the eighth bit will be the low order bit in the first 8bit byte and so on Josefsson Standards Track Page 8 RFC 4648 Base N Encodings October 2006 Each 5 bit group is used as an index into an array of 32 printable characters The character referenced by the index is placed in the output string These characters identified in Table 3 below are selected from US ASCII digits and uppercase letters Table 3 The Base 32 Alphabet Value Encoding Value Encoding Value Encoding Value Encoding 0 A 9 J 18 S 27 3 1 B 10 K 19 T 28 4 2 C 11 L 20 U 29 5 3 D 12 M 21 V 30 6 4 E 13 N 22 W 31 7 5 F 14 O 23 X 6 G 15 P 24 Y pad 7 H 16 Q 25 Z 8 I 17 R 26 2 Special processing is performed if fewer than 40 bits are available at the end of the data being encoded A full encoding quantum is always completed at the end of a body When fewer than 40 input bits are available in an input group bits with value zero are added on the right to form an integral number of 5 bit groups Padding at the end of the data is performed using the character Since all base 32 input is an integral number of octets only the following cases can arise 1 The final quantum of encoding input is an integral multiple of 40 bits here the final unit of encoded output will be an integral multiple of 8 characters with no padding 2 The final quantum of encoding input is exactly 8 bits here the final unit of encoded output will be two characters followed by six padding characters 3 The final quantum of encoding input is exactly 16 bits here the final unit of encoded output will be four characters followed by four padding characters 4 The final quantum of encoding input is exactly 24 bits here the final unit of encoded output will be five characters followed by three padding characters 5 The final quantum of encoding input is exactly 32 bits here the final unit of encoded output will be seven characters followed by one padding character Josefsson Standards Track Page 9 RFC 4648 Base N Encodings October 2006 7 Base 32 Encoding with Extended Hex Alphabet The following description of base 32 is derived from 7 This encoding may be referred to as base32hex This encoding should not be regarded as the same as the base32 encoding and should not be referred to as only base32 This encoding is used by e g NextSECure3 NSEC3 10 One property with this alphabet which the base64 and base32 alphabets lack is that encoded data maintains its sort order when the encoded data is compared bit wise This encoding is identical to the previous one except for the alphabet The new alphabet is found in Table 4 Table 4 The Extended Hex Base 32 Alphabet Value Encoding Value Encoding Value Encoding Value Encoding 0 0 9 9 18 I 27 R 1 1 10 A 19 J 28 S 2 2 11 B 20 K 29 T 3 3 12 C 21 L 30 U 4

    Original URL path: http://www.josefsson.org/base-encoding/rfc4648.txt (2016-04-30)
    Open archived version from archive

  • The Base16, Base32, and Base64 Data Encodings
    I D tracker details I have put together a free base64 implementation in portable C available in gnulib from Savannah base64 h base64 c I have also created a free base64 command line tool based on the previous library Update My tool has now been adopted by the GNU project and integrated into GNU CoreUtils as base64 It will be maintained there Emacs Lisp libraries for base16 base32 and base64 also exist base16 el base32 el base64 el Note that modern Emacs implementations include a native base64 function However it uses the same interface The following HTML form uses PHP to enable you to interactively base64 encode and decode any reasonably short string Input Encode Decode An interesting related work is the human oriented base 32 encoding Revision history 2009 05 28 draft josefsson rfc4648 impl report 00 is published with the goal of advancing the document to Draft Standard 2006 10 14 rfc4648 is published 2006 05 12 draft josefsson rfc3548bis 04 is published to address IESG comments 2006 05 03 draft josefsson rfc3548bis 03 is published to address LC comments 2006 04 03 One month IETF wide last call LC initiated 2006 03 27 draft josefsson rfc3548bis 02 is published 2006 03 23 draft josefsson rfc3548bis 01 is published 2005 11 14 draft josefsson rfc3548bis 00 is published 2005 11 12 Submitted rfc3548bis document 2005 10 22 Update rfc3548bis document to include a sort order preserving base32 alphabet as discussed in DNSEXT WG 2003 07 08 RFC 3548 published 2002 02 draft josefsson base encoding 04 published 2001 11 13 draft josefsson base encoding 03 published 2001 05 04 draft josefsson base encoding 02 published 2000 08 22 draft josefsson base encoding 00 published The copying conditions for RFCs apply of course However beyond that the part of

    Original URL path: http://www.josefsson.org/base-encoding/ (2016-04-30)
    Open archived version from archive

  • Base64
    with Unix tools in general Examples are better than words jas latte echo foo base64 base64 decode foo jas latte base64 quiet foo Zm9v What s new 2006 02 27 The base64 utility is part of GNU CoreUtils It will not be maintained here anymore 2005 06 25 Asked RMS to include it in the GNU Project he suggested adding it to GNU CoreUtils instead I posted the first patches for Coreutils 2005 06 24 Version 1 3 released License updated to reflect new FSF address 2005 01 04 Version 1 2 released Data can be given as a command line parameter Documentation improvements for example a man page was added A Swedish translation was added More self tests were added 2004 12 28 Version 1 1 released Fixes the w wrap parameter 2004 12 28 Version 1 0 released Initial release encoding and decoding is supported Download Note The latest version is now part of GNU CoreUtils The releases below are for historical purposes The releases are distributed from release directory All releases are signed with an OpenPGP key with fingerprint 0xB565716F Development Base64 is developed in CVS on a private machine At irregular intervals it is synchronized against

    Original URL path: http://www.josefsson.org/base64/ (2016-04-30)
    Open archived version from archive

  • Summer House Wireless+3G Network
    it So we ll need to install USB support as well I needed the following packages kmod usb core kmod usb serial kmod usb ohci root OpenWrt ipkg install kmod usb core 2 4 34 brcm 1 mipsel ipk Installing kmod usb core 2 4 34 brcm 1 to root Configuring kmod usb core Done root OpenWrt ipkg install kmod usb serial 2 4 34 brcm 1 mipsel ipk Installing kmod usb serial 2 4 34 brcm 1 to root Configuring kmod usb serial Done root OpenWrt ipkg install kmod usb ohci 2 4 34 brcm 1 mipsel ipk Installing kmod usb ohci 2 4 34 brcm 1 to root Configuring kmod usb ohci Done root OpenWrt With Kamikaze 7 06 you may get an error in the kernel log since the Huawei USB ID is not recognized Note that this has been fixed in both 7 07 and 7 09 usb c USB device 2 vend prod 0x12d1 0x1001 is not claimed by any active driver To fix this in 7 06 although I suggest upgrading to 7 07 or 7 09 instead you ll need to load the usbserial kernel module with the vendor 0x12d1 product 0x1001 parameters To make this be loaded automatically every time the box starts modify etc modules d 60 usb serial into usbserial vendor 0x12d1 product 0x1001 Huawei E600 Reboot the box and you ll see something like this in the kernel log Linux Kernel Card Services 3 1 22 options pci cardbus PCI Enabling device 01 01 0 0000 0002 Yenta ISA IRQ mask 0x06f8 PCI irq 2 Socket status 30000820 cs cb alloc bus 2 vendor 0x1033 device 0x0035 PCI Enabling device 02 00 0 0000 0002 PCI Enabling device 02 00 1 0000 0002 PCI Setting latency timer of device 00 04 0 to 64 usb ohci c USB OHCI at membase 0xb8004000 IRQ 2 usb ohci c usb 00 04 0 PCI device 14e4 4716 usb c new USB bus registered assigned bus number 1 hub c USB hub found hub c 2 ports detected PCI Setting latency timer of device 02 00 0 to 64 usb ohci c USB OHCI at membase 0xc01b5000 IRQ 2 usb ohci c usb 02 00 0 PCI device 1033 0035 usb c new USB bus registered assigned bus number 2 hub c USB hub found hub c 1 port detected PCI Setting latency timer of device 02 00 1 to 64 usb ohci c USB OHCI at membase 0xc01b7000 IRQ 2 usb ohci c usb 02 00 1 PCI device 1033 0035 usb c new USB bus registered assigned bus number 3 hub c USB hub found hub c 1 port detected usb c registered new driver serial usbserial c USB Serial support registered for Generic usbserial c USB Serial Driver core v1 4 hub c Cannot enable port 1 of hub 1 disabling port hub c Maybe the USB cable is bad hub c new USB device 02 00 0 1

    Original URL path: http://www.josefsson.org/grisslan/internet.html (2016-04-30)
    Open archived version from archive

  • Index of /uclinux
    20070130 tar bz2 Download the m68k Coldfire cross compiler Get it from http www uclinux org pub uClinux m68k elf tools This was written for the 20061214 version MD5 24776e2bc5fe27b35fac0c989029ee68 Install it as follows sh m68k uclinux tools 20061214 sh Download libgpg error libgcrypt gnutls gsasl cd uClinux dist lib wget q ftp ftp gnupg org gcrypt libgpg error libgpg error 1 5 tar bz2 sha1sum libgpg error 1 5 tar bz2 1f83d9af8e8ed3bcbf3a5e9018db257dc6336655 libgpg error 1 5 tar bz2 tar xfj libgpg error 1 5 tar bz2 mv libgpg error 1 5 libgpg error wget q ftp ftp gnupg org gcrypt libgcrypt libgcrypt 1 2 4 tar gz sha1sum libgcrypt 1 2 4 tar gz d279e7a4464cccf0cc4e29c374a1e8325fc65b9a libgcrypt 1 2 4 tar gz tar xfz libgcrypt 1 2 4 tar gz mv libgcrypt 1 2 4 libgcrypt wget q http josefsson org gnutls releases gnutls 1 6 3 tar bz2 sha1sum gnutls 1 6 3 tar bz2 7553b9f7ddd4982c0759b814bc6d9bf892cf7347 gnutls 1 6 3 tar bz2 tar xfj gnutls 1 6 3 tar bz2 mv gnutls 1 6 3 gnutls wget q http josefsson org gsasl releases gsasl 0 2 18 tar gz sha1sum gsasl 0 2 18 tar gz 4447b365d34b2e4c605c16c8bd6819be3c404679 gsasl 0 2 18 tar gz tar xfz gsasl 0 2 18 tar gz mv gsasl 0 2 18 gsasl Download patch Get it from http josefsson org uclinux This was written for the 20070607 version SHA 1 01022c6fba6f9c480cb29ba35ba73bfbf2db3cdb Apply it as follows patch p 0 20070607 diff patching file uClinux dist config Configure help patching file uClinux dist config config in patching file uClinux dist lib Makefile patching file uClinux dist lib libgpg error makefile patching file uClinux dist lib libgcrypt makefile patching file uClinux dist lib gnutls makefile patching file uClinux dist lib gsasl makefile Build uClinux cd uClinux dist

    Original URL path: http://www.josefsson.org/uclinux/ (2016-04-30)
    Open archived version from archive

  • On Active Attacks to Kerberos Telnet
    option even though this was requested by the user Once the mutual authentication is done it is possible to cover up for the disabled Encryption option by inserting data into the stream that resembles those messages inserted by the client to inform the user that encryption has been enabled This step is of no theoretical interest most users expect that encryption is properly negotiated if she requests it and that a error or at least a warning is given if encryption isn t enabled There is a lesson to be learned here though Never reuse a stream for both insecure data and security information The user will not be able to tell whether the security information was sent by the possibly insecure remote system which may be a attacker or generated by the locally trusted application Once any encryption and integrity functionality has been disabled it is trivial to hijack the session The following is a excerpt from a terminal session where a user requests a remote session which is overtaken by a active attacker The output to the user looks identical to when a mutual authenticated and encrypted channel is opened In the text below the session is hijacked right after the mutual authentication and the active attacker inserts the encryption status information and removes a security warning from the remote system Familiarity with the Kerberos Telnet system is necessary to appreciate it alice telnet x bob example com Encryption is verbose Trying 10 0 0 1 Connected to bob example com Escape character is Trying mutual KERBEROS5 host bob example com EXAMPLE COM Kerberos V5 accepts you as alice EXAMPLE COM Output is now encrypted with type DES CFB64 Input is now decrypted with type DES CFB64 eve Varying this approach we was able to come up with a similar attack against Kerberos V4 Telnet Apparently tricking the client into using client only authentication by modifying the Authentication negotiation disables the attempt to use encryption even though encryption was requested by the user However the Kerberos V4 authentication mechanism actually negotiates a mutually agreed key during the server authentication phase so the logic of disabling encryption when mutual authentication is unsuccessful is not necessary and is indeed harmful as it opens up for the attack Conclusions The attack we have seen is made possible by combining two things Protocol issue The phase that negotiate which authentication and encryption scheme should be used is not protected by the mechanism that is eventually chosen Implementation issue The Kerberos Telnet client should not override user requested security level i e requesting encryption based on unprotected network data This first is well known and well documented weakness in the Authentication and Encryption Options The Authentication option specifications suggests that the entire negotiation phase may be protected by a check sum by the mechanism Neither the Kerberos V4 or the Kerberos V5 Telnet protocols implement this This results in a unwanted characteristic in a security negotiation protocol It is impossible to know whether

    Original URL path: http://www.josefsson.org/ktelnet/kerberos-telnet.html (2016-04-30)
    Open archived version from archive

  • Simon Josefsson's Master Thesis
    functionality We show how the idea can be implemented in a secure mail application together with S MIME We compare the DNS lookup mechanism with traditional Directory Access Protocol based systems and identify weaknesses and strenghts We also discuss and suggest a solution to privacy threats that arise because of recent security additions to the DNS namely Secure DNS The report in various formats PDF format 3MB Gzip compressed PDF format 620KB Postscript format 2 5MB Gzip compressed Postscript format 552KB Online HTML format Presentation in various formats KDE Presenter format 40KB Online HTML PNG format Raw network dumps as referenced in the report for Ethereal dns tcp ipv4 client pcap dns tcp ipv4 pcap dns tcp ipv4 server pcap dns udptcp ipv4 client pcap dns udptcp ipv4 pcap dns udptcp ipv4 server pcap ldap tcp ipv4 client pcap ldap tcp ipv4 pcap ldap tcp ipv4 server pcap Säkerhet för nätverksapplikationer med Domännamnssystemet av Simon Josefsson påbörjat Juni 2000 Sammanfattning Vid design av säkra distribuerade system är hanteringen av kryptografiska nycklar ett grundläggande problem Publik nyckel PK teknologi används ofta för att lösa många av dessa problem För att PK teknik ska vara praktiskt tillämpbart i stora system som t

    Original URL path: http://www.josefsson.org/exjobb/ (2016-04-30)
    Open archived version from archive



  •