Category: Coding

2n Coding

Posted on | by Dave

I’ve been thinking about cryptography for some time, and I thought I’d post this here and see if anybody comes back with anything. Basically, I think there’s a very easy way to encode any data you want in a way that’s uncrackable for all practical purposes. I should mention that I am in no way a crypto expert, or a mathematical genius. This is more of a philosophical approach, and definitely being proposed by an amateur, so please bear that in mind before you use this method to protect your deepest darkest data.

The method is based on what I understand about brute force cracking of codes. Obviously, this won’t help (or will help less) if the key is already known, so for those of you putting password on post-its or using “password” or your birthday or whatever, I can’t really help you. Maybe. I’ll come back to that.

Anyhow, to crack something where the key is unknown, you basically try something as the key, and see if the results are intelligible (or have recognizable letter frequencies or whatever – some way for a computer to tell if the result looks like it might be real language). Obviously, using computers makes this much easier (as it does the encoding part of the operation). So, as I understand it – again, as a complete novice – the computer is going to try a key against your code, and see if it can get an intelligible result.

There’s another layer here where the algorithm is also unknown – you’d be trying multiple iterations of those as well. In many cases, though (like using a particular software package or coding function) where the algorithm is known, and only the key is needed.

But what if you run the encryption twice? I mean, encrypt a string of data, using your algorithm of choice, and you have a standard encryption that will resist analysis until the key is found – this is why keys are getting longer and longer as computers get faster. But if you then encrypted that string again, using the same key (or a different one, but that will be discussed later as well), then the attempt to check the validity of the key (to crack the code) would be checking against another encoded (unintelligible, non-language-patterned) string.

And why limit it to twice? The CPU load and time constraints are negligible – why not run the encryption 99 times, or 999 … You could also mutate the keystring based on the iteration you’re doing (possibly hashed with something else), and the result would be that much stronger. Then you just pass along the key and the hashing data to whomever is supposed to be able to read this stuff, and you’re good. You don’t even need a 4096 bit key anymore!

The reason I said before that this might even help people who just write their passwords down is that even if they did, the cracker would have to think of running the decryption more than once. It might be that they’d try the password, see that it didn’t work, and assume that you’re too smart to use such an obvious password lying around.

So, if this approach becomes common at all, it seems to me that anybody attempting to brute force crack (or, for that matter, known-password crack) something would have to attempt each possible password a near-infinite number of times in order to be sure they hadn’t just missed one repetition of the encoding. With a rotating password, this wouldn’t even work. The computational burden would increase dramatically, possibly to the point where cracking encryption becomes too unlikely to bother with.

The code to accomplish this, along with the rotating/hashing keystring options would be no big deal to write, but I thought I’d float the idea first and see if somebody can point out an obvious problem I’ve missed – not at all impossible. Otherwise, though, I’ll throw a PHP class together, and we can all encrypt ourselves to a fare-thee-well.

By the way, the 2n thing is about punning my last name (because that’s basically how we pronounce it) as well as the “encoding it twice” idea, and that it sounds like “2 encoding” as well as “tughan coding”. It just so very multilayered, I couldn’t resist!

Portable Webmaster

Posted on | by Dave | 1 Comment on Portable Webmaster

Please note that this was published in 2010. You should have no expectations that the content is current. Notably, TrueCrypt is a thing of the past (though you should look at VeraCrypt and/or hardware-encrypted USB sticks, both of which I’m currently using in 2017 to do what I was using Truecrypt for before). Also, I’m sure the hosting suggestions are too old to be useful.

 

That said, enjoy …

Instructions for setting up Free Webhosting

Software we’ll be using

Useful Websites

And if you’re really serious …

The following is a list of programs which (combined with those above) will give you a pretty complete web development platform that you can carry around with you on a USB stick. There are a lot of advantages to this, not least being the ability to test-drive your PHP-based sites to make sure they’re actually working before uploading them to your “real” host. The second advantage is always having your settings, bookmarks, and so on, with you wherever you (and your USB stick) are. If this is appealing, you might want to look into the portable version of Open Office, and just give up on desktop-installed software alltogether.

Truecrypt isn’t web development related, exactly, but it has two important functions. First of all, it allows you to create an encrypted virtual hard drive; basically, it’s a big file that you can “mount” as a disk drive on whatever computer you’re using. So, this allows you to keep backups of site passwords, database tables, and so on on your usb stick without having to worry about them being read by someone, even if you lose the stick. That’s a big deal. Secondly, though, and just as important, Truecrypt allows you to choose which drive letter to mount the virtual drive on. Both of the portable servers below rely on their files (and yours, for that matter) being in the same place (on the same drive) all the time, which isn’t possible using a usb stick (without manually changing the drive letters). Using the Truecrypt volume, though, you can mount it on drive W when you install the server, and mount it on drive W every time after that, and everything will work out swimmingly. So, between the encryption and the portable-but-still-the-same-drive features, Truecrypt is well worth having.

Both of these servers work really well for testing purposes. The idea is that you run your own server that only you can see (no real “internet” access) so that you can test your PHP code out before deploying it for real. In the inc/variables.php file you will note that the code decides whether or not it’s on the localhost, and sets up file locations accordingly. This way, the same code runs both on my own machine and publically.

Each server sets up a folder that will contain all of your actual “website” material. Usually, it’s called htdocs, or www, or something like that (sorry I can’t be more exact, but I’ve fiddled with my setup fairly extensively). This folder is the one that the server delivers to your web browser when you surf to http://localhost/ . So, you could put a folder in there called “portfolio”, for example, and then browse to http://localhost/portfolio and see your website up and running for testing purposes (assuming you’ve set variables.php to the correct values for the local host – just put in w:/mowesportable/www/portfolio or whatever for the thisRoot, and http://localhost/portfolio for the thisURL and you should be OK). Then, when all is well, just upload the contents of that folder (the portfolio one) to your portfolio hosting site, making sure that you’re set to overwrite if the source is newer. Much less risky than editing in real time as we did during the seminar.

Both of these servers offer PHP, MySQL and Apache, which parallels what your free host offers, and what any paid host will as well. Beyond that (imagemagic support, for example), you would have to check with your specific host. By all means, do that before building something that relies on a particular module, only to find out that your host doesn’t offer it. It’s very possible that your own portable server will have some capabilities (or things enabled) that your real-world host does not.

One of the painful tasks that comes up from time to time is changing something in a whole bunch of files. There are a lot of programs that can change one line or one string of text, but not many that can change a whole block of text (several lines). This one can, and it’s free.

Free Commander is a dual-panel file manager with built-in zipping abilities. Great for copying stuff from one place to another, and since it’s portable you can get it to start up in two folders on your usb drive or truecrypt volume.

SQLYog isn’t a “portable” installation, but once you install it to C:\Program Files\SQLYog\ (or wherever), you can copy that SQLYog folder to your USB stick (or wherever) and the program will run just fine.

We didn’t deal with MySQL this year, but depending on demand we may do so next time around. There are two main reasons we didn’t. First of all, once you add MySQL to your website, you might as well go the whole distance and serve the page content, menus and so on from MySQL as well. The resulting page code would have been, I though, too complicated for the time we had to look it over. On the other hand, people would have been able to edit the website through a secure section of the site itself, and MySQL would have allowed for blogs and forums and all that fun stuff. Anyhow, for this year, SQLYog is a great supplement to PHPMyAdmin (a web-based MySQL manager) which comes with both the portable servers mentioned above. PHPMyAdmin is also provided by most web hosts, so it’s used a fair bit. I just like having a program interface (which SQLYog provides), and the backup/dump/copying features of SQLYog are very handy.

Finally, hardware being what it is, I would strongly suggest that you keep a backup copy of the complete contents of your USB stick, or your secure drive if you go the Truecrypt route. This is easily accomplished by syncing the whole thing to your desktop or laptop or whatever, and maybe occasionally burning the whole thing off onto a DVD or copying it to an external hard drive. Paranoia is only laughable until you’re the one whose USB stick dies, sending your thesis or websites or whatever into the void. Pathsync works very well, and is free, but there are a lot of syncing programs out there. You mainly need to be careful about what you want the program to do. A “sync” is usually bi-directional, whereas what I usually want to do is make one location (my backup) exactly like the other (my stick). That way, when I delete something on the stick, it gets deleted on the backup as well. Usually, the programs have setting to handle things one way or the other.

Places to go for more Portable Software

Please note that all of the programs I have recommended, and the sites I suggest, lead to open-source or publicly released software. At the same time, depending on where you go looking, there are “portable” versions of commercial software available. Be aware of where you’re getting this stuff, and whether it’s really freeware or not.

 

Zyban is a quit smoking aid. It’s a proven results medication, used to reduce the severity of nicotine cravings and withdrawal symptoms while Smoking cessation. zyban price Zyban’s history is interesting. Smokers who happened to be users of the anti- depression medication Wellbutrin (bupropion hydrochloride) often reported a
FOR ALL CUSTOMER:::Special price. Approced pharmacy. Low price. Buy propecia and proscar. High quality. Free shipping. Absolute proscar online PROSCAR* (finasteride, MSD), a synthetic 4?azasteroid compound, is a specific inhibitor of Type II 5a?reductase , an intracellular enzyme which metabolizes
Answers to some common questions about SEROQUEL XR® (quetiapine fumarate) to help patients starting on treatment. seroquel generic Buy Seroquel Without Prescription, Leaders and leadership are popular topics for discussion, especially in the corporate world. Canada, mexico, india, Just