Crypto

Everyone has secrets. Or at least some data you don’t want to show others, right? Vim is a common editor to be found on Linux systems. It has an option to create and use encrypted files. We will look at how to configure it and use this encryption capability.

Encryption is the process of fiddling with data so that others no longer can’t read it. The idea is that you still can, so when we speak about encryption, we can’t ignore decryption. This also means that we need a good cryptographic algorithm. This way we can store our original file into an encrypted version. Then when we later need the data again, we can decrypt it.

Anyone who wants to create a new key set via GnuPG (GPG) may run into this error:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 142 more bytes)

The problem is caused by the lack of entropy (or random system noise). While trying to get more, you might keep running into this message. In our case running a find on the disk, while making sha1sums and putting that into files, was actually not enough.

What is the Poodle vulnerability ?

The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It was discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack.

How does the attack work?

While we won’t go into too much depth of encryption and ciphers, we will share some basics. When SSL 3.0 is used in CBC mode, it uses a block cipher. Small blocks of data are being evaluated for further processing, opposed to encryption on bit level.