I have a been a TrueCrypt user since version 4.0. I used to have an half-baked solution of TrueCrypt, EFS with SYSKEY option 2 (password). When full disk encryption was introduced, I finally got a laptop encryption scheme that I like. It features :
Strong cryptography
Thank TrueCrypt for 256 bits AES in XTS mode. I [...]
I wanted to test the relative strength of a password policy. I wanted to run a password cracking tool over different passwords, from a dictionary based password (like Banana42) to a random one (generated with Password Safe). Creating users setting passwords and running different password extraction tools was a lot of trouble.
I found a detailed [...]
IBM WebSphere stores its passwords in files. Everybody does that and it is hard to do otherwise. When I am confronted with the problem, I usually say that the only option you have is what file you want a password in. IBM (in WebSphere) went a little further by applying a hardcoded XOR. Each caracter [...]
UPDATED Feb. 2nd 2008 : There is an enhanced version out, with better code, features and documentation.
A friend of mine wanted a special group of users to be able to unlock a workstation without losing any data. Putting those uses in the administrator groups was not a solution, because the default behaviour of Windows was [...]
I was struggling with an strange error message, trying to retrieve a username from a desktop handle (HDESK). The Windows function LookupAccountName would always return error code 0×534 (that’s 1332 in decimal). Looking it up with GetLastError gave this :
No mapping between account names and security IDs was done
It would have happened with a Windows [...]
This page contains links to useful, free content to prepare to your GSSP certification. I gathered these links as I was preparing for the exam myself.
Start by reading the exam blueprint here. All the links below are shown in hyperlink and in full text, so you can study with only a printed version of this [...]
Don’t you just love man-in-the-middle (MITM) HTTPS proxies ? I use Burp proxy a lot, it does man-in-the-middle and gzip.
But I have an assignment where the client configuration cannot be changed. The client rejects certificates from non-trusted CA and I cannot add Portswigger’s certificate to the trusted roots. I went looking for an open source [...]
I was looking for a table that showed how client authentication, server authentication and impersonate flag work together. I found many good examples and tutorials explaining how to make any combinaison work, but not a quick reference table.
So I made one. I tested on a Windows Server 2003 with ASP.NET version 2.0. I used wfecth [...]