Translate

Archives

Image of Modern Operating Systems (3rd Edition)
Image of Operating System Concepts
Image of Beginning Google Maps API 3
Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)

UEFI Shell Utility to Display TPM TrEE Capabilities

In the post, I present a small UEFI utility for examining TrEE Capabilities from the UEFI shell. TrEE is an EFI protocol which supports a subset of the TCG TPM 2.0 library specification.

The Sunsetting of SHA-1

SHA-1 (Secure hash algorithm) is a 160-bit hash algorithm that is at the heart of many web security protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) since shortly after it was developed by the NSA (National Security Agency) in 1995. In 2005, a professor in China demonstrated an attack that could be successfully launched against the SHA-1 function, suggesting that the algorithm might not be secure enough for ongoing use. Because of this, NIST immediately recommended federal agencies begin moving away from SHA-1 toward stronger algorithms. In 2011, NIST mandated that many applications in federal agencies

Perfect Forward Secrecy in SSH

Perfect Forward Secrecy (PFS) is a property of public-key encryption systems which generate random public keys per session for the purposes of key agreement which are not based on any sort of deterministic algorithm. A compromise of one message cannot lead to the compromise of another message or multiple messages. Twitter, Apache mod_ssh, SSL, TLS, and IPSec all support forward secrecy. According to the referenced Wikipedia article: Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. However, forward secrecy (including perfect forward secrecy) cannot defend against a successful cryptanalysis

Kerberos 5 Implementations

Kerberos is a client-server network authentication protocol which works on the basis of tickets to enable nodes communicating over a non-secure network to mutually prove their identity to one another in a secure manner. There are a number of free implementations of Kerberos 5. These include: MIT Kerberos (The original) Heimdal GNU Shishi Both Microsoft Windows and Sun’s Java come with implementations of Kerberos. See RFC 4120 for full details of the Kerberos v5 Network Authentication Service.

Decode Microsoft Secure Boot KEK Certificate

In this post I show you how to decode a DER encoded binary X509 certificate and use it to show you the contents of the Microsoft X509 certificate used as the UEFI Secure boot KEK for Windows 8 platforms.