I’ve long been a fan of Keith Brown’s Password Minder program for keeping all my passwords and other sensitive information safe.

Imagine my frustration then when last week I couldn’t find it to download onto my new ly repaved laptop. Yeah, I had a backup copy, but I like to get newer versions of things when I repave to keep these things up to date.

It seemed that Pluralsight’s web presence had been completely redone (good) but the Tools page was done (bad).

Today after checking back to see any updates, I found a post by Keith with a new link:

http://mercury.pluralsight.com/tools.aspx

Whew! It isn’t dead. :)

I can't even remember when or why I wrote this, but I needed to quickly and easily generate a password for something. I typically use PasswordMinder for this, but when I wrote this I just needed to generate a whole bunch of them for someone else and didn't need to keep them in my password database.

It is a relatively simple script that uses the RNGCryptoServiceProvider class in the System.Security.Cryptography namespace to generate the random sequence. It uses a default set of characters (see the script) and a default password length of 12.

generate-password.ps1:

param( 
[int] $len = 12,
[string] $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_!@#$%^&*()_"
)
$bytes = new-object "System.Byte[]" $len
$rnd = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$rnd.GetBytes($bytes)
$result = ""
for( $i=0; $i -lt $len; $i++ )
{
$result += $chars[ $bytes[$i] % $chars.Length ]	
}
$result

DISCLAIMER: I am not a crypto expert, so this might not be a very good implementation! It is meant to illustrate how you can do this stuff in PowerShell and not anything else.

This post on Slashdot pointed me to this message on The Cryptography Mailing List by Peter Gutmann.

The gist is that CIPE, vtun and tinc--three popular open-source tunneling protocols--are terribly flawed. The worst part is that these flaws have been known for years but nobody has done anything about them.

As Peter says in the posting:

At least Microsoft eventually tries to fix their stuff, given sufficient public embarrassment and the odd hundred thousand or so computers being taken out by attackers.

I love this quote too...

Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment.

Okay... it isn't real crytpo, maybe more like an interesting form of steganography. SpamMimic takes your message and turns it into an innocent looking spam message. Run the message back through the tool and you get your original message back. Fun.

I while ago I posted about wanting a native implementation of PGP for .NET. Well, it looks like someone did it. It is still in beta, but looks good so far. It is open-source, so download and go crazy reading crypto code!

A tutorial has been posted to CodeProject that shows you how to use it.

A while ago, I wrote an article about a solution I generated for one of my customers that used Gnu Privacy Guard (GPG) to protect the content of email messages sent from their webserver to internal staff. The solution worked great.

I started thinking about how I would do that in .NET and quickly ran across this article at CodeProject.com. It is basically a wrapper class around the GPG.EXE program. It works, but it got me thinking... with all of the wonderful stuff in System.Security.Cryptography, couldn't we implement the same thing?

After looking into it a little further, it looks to me that we should be able to implement at least part of what a typical PGP implementation provides. System.Security.Cryptograpy has SHA1, MD5, DES, TripleDES, and Rijndael implementations. Granted I haven't spent a whole lot of time digging much further than this, but it seems to me what we should be able to glue all of this together into a PGP class library for .NET.

Had anyone run into this anywhere? I can't imagine that someone else hasn't started this project already.

AaronX sent me this eBay listing. If only I had a spare $12K laying around. I'm re-reading Cryptonomicon right now and everytime I read that I get back into crypto. I can't help it, I've always had an attraction to cryptography.