|
D. Ebdrup posted:EDIT: Look, it's fine that you (now) have something that lets you turn off your brain
|
# ? Aug 20, 2018 07:51 |
|
|
# ? Jun 8, 2024 15:55 |
|
Cocoa Crispies posted:SSL1_RSA64_WITH_CAESAR_ECB hey now it’s actually 1024 layers of Caesar ciphers, each with a different key
|
# ? Aug 20, 2018 08:32 |
|
D. Ebdrup posted:L2TP/IPSec daemon, as every OS supports connecting to these without having to install additional software, and it's been audited unlike algo or wireguard. i thought l2tp had some rumblings earlier this year that it might be going the way of pptp soon e: poo poo sorry this was two pages ago, i forgot to refresh tab Truga fucked around with this message at 10:59 on Aug 20, 2018 |
# ? Aug 20, 2018 10:37 |
|
goddamnedtwisto posted:epirb beacons don't have much more transmitting power than cell phones (i think the new small personal ones actually have less) and they're fairly easily receivable from space, although of course they're also transmitting on a single frequency. that iridium modem is cool, but again, much larger than a consumer GPS SoC. evil_bunnY fucked around with this message at 11:11 on Aug 20, 2018 |
# ? Aug 20, 2018 11:01 |
Truga posted:i thought l2tp had some rumblings earlier this year that it might be going the way of pptp soon Everybody posted:mocking me for my poor phrasing because I was tired, even when I should've known better The point I was just trying, and failing, to make is that if you're fine with using algo or wireguard then that's fine - but let's try and pretend that it's not the only way of doing things.
|
|
# ? Aug 20, 2018 11:26 |
|
evil_bunnY posted:last time I looked PLB/EPIRBs were quite powerful for a handheld device (~5w?) they do plbs that fit into watches (admittedly rather chunky ones) now. googling around suggests 5w seems to be the standard for the big epirbs for ships and planes but i can't find specs for the smaller ones.
|
# ? Aug 20, 2018 11:48 |
|
that’s cool actually, last time I carried one it had a bigass rolled dipole you had to extract out of the loving thing before activation. just the thing you want when you’ve just crushed a bone at 3500m.
|
# ? Aug 20, 2018 12:14 |
|
D. Ebdrup posted:The point I was just trying, and failing, to make is that if you're fine with using algo or wireguard then that's fine - but let's try and pretend that it's not the only way of doing things.
|
# ? Aug 20, 2018 13:29 |
|
spankmeister posted:I've been thinking of getting an Eastern-European sim for cheap data here. i've never run into that, that sounds explicitly like what the "roam like at home" regulation aimed to stop, unless you are talking about using it outside of the eu. what's weird with the eu roaming stuff is that you can still be charged extra for calling or texting other eu countries while you are in your home country, but once you cross a border you can call any other eu country "like you are at home"
|
# ? Aug 20, 2018 13:51 |
|
goddamnedtwisto posted:they do plbs that fit into watches (admittedly rather chunky ones) now. googling around suggests 5w seems to be the standard for the big epirbs for ships and planes but i can't find specs for the smaller ones. We ran INMARSAT on Air Force aircraft, it was meant for ships, but the antenna aiming was handled by GPS.
|
# ? Aug 20, 2018 15:07 |
|
ssl based vpns are cool and good but its real annoying when they use ports that arent 443 (lookin at you sophos)
|
# ? Aug 20, 2018 15:55 |
|
BIGFOOT EROTICA posted:ssl based vpns are cool and good but its real annoying when they use ports that arent 443 (lookin at you sophos) Probably because they are TLS + proprietary protocol rather than TLS + HTTP + proprietary protocol to which OpenVPN and some others support.
|
# ? Aug 20, 2018 16:58 |
|
MrMoo posted:Probably because they are TLS + proprietary protocol rather than TLS + HTTP + proprietary protocol to which OpenVPN and some others support. yeah https isn’t tls isn’t ssl
|
# ? Aug 20, 2018 17:12 |
|
ive found ssl vpns to be super useful in restricted public networks like certain businesses' wifi, which block outoging traffic to anything but a small set of ports including TCP 80, TCP 443, and UDP 53, but i havent had the opportunity to try ipsec to a cloud vm on such a network to see if that works openvpn listening on UDP 53 is (at least used to be) extremely useful to get around captive portals, e.g. cisco home routers that had a guest network that was unencrypted but required entering a password to a HTML form
|
# ? Aug 20, 2018 17:35 |
|
Lysidas posted:ive found ssl vpns to be super useful in restricted public networks like certain businesses' wifi, which block outoging traffic to anything but a small set of ports including TCP 80, TCP 443, and UDP 53, but i havent had the opportunity to try ipsec to a cloud vm on such a network to see if that works might still be able to do this for free in flight wifi
|
# ? Aug 20, 2018 17:40 |
Wiggly Wayne DDS posted:i mean you're always able to do things wrong, i doubt anyone was disagreeing on that front
|
|
# ? Aug 20, 2018 17:44 |
|
hell how about an entire vpn implementation over dns packets https://github.com/yarrick/iodine
|
# ? Aug 20, 2018 17:51 |
|
BIGFOOT EROTICA posted:hell how about an entire vpn implementation over dns packets DNS tunneling != VPN
|
# ? Aug 20, 2018 17:57 |
|
yeah true
|
# ? Aug 20, 2018 18:06 |
|
D. Ebdrup posted:Please do tell me more, I'm still awaiting the config tbh, it's a good learning experience for everyone
|
# ? Aug 20, 2018 18:42 |
Wiggly Wayne DDS posted:well it ain't hard, algo and wireguard are about providing strong defaults and making it easier for the end-user to not gently caress things up. you're free to gently caress around on l2tp/ipsec but they were abandoned as suitable by the community for a good reason. the ease of shooting yourself in the foot with using out-of-box settings for alternatives, or not realising that cipher suite choices may have changed slightly across a decade isn't a feature that improves network security
|
|
# ? Aug 20, 2018 21:30 |
|
D. Ebdrup posted:So you're saying you don't think I've updated my ciphers in over a decade? Just how loving dumb do you take me for. sure sounded that way to me: D. Ebdrup posted:I set this up over a decade ago, and have been using it since, since it lets me have some idea of what's happening on my system, that's all. I don't think others should necessarily be deprived of that because there's something new and fancy out there.
|
# ? Aug 20, 2018 21:38 |
|
Personally I'm very hesitant to recommend Wireguard since it's still new and unproven IMO. OpenVPN, set up correctly, has a proven track record. If you think OpenSSL is bad (it is) give OpenVPN-NL a try, which is a fork that uses mbedTLS (formerly PolarSSL).
|
# ? Aug 20, 2018 21:40 |
|
spankmeister posted:Personally I'm very hesitant to recommend Wireguard since it's still new and unproven IMO. OpenVPN, set up correctly, has a proven track record. it's not all that new, it's been around for a few years now, but yeah it's not nearly as broken in as stuff like openvpn (though maaan is openvpn clunky as hell...)
|
# ? Aug 20, 2018 21:41 |
ate all the Oreos posted:sure sounded that way to me: Isn't it for you? BlankSystemDaemon fucked around with this message at 21:46 on Aug 20, 2018 |
|
# ? Aug 20, 2018 21:44 |
|
ate all the Oreos posted:it's not all that new, it's been around for a few years now, but yeah it's not nearly as broken in as stuff like openvpn (though maaan is openvpn clunky as hell...) Also being new and not really broken in, but it runs in the kernel? eeeeh...
|
# ? Aug 20, 2018 21:44 |
|
spankmeister posted:Personally I'm very hesitant to recommend Wireguard since it's still new and unproven IMO. OpenVPN, set up correctly, has a proven track record. polarssl/mbedtls owns
|
# ? Aug 20, 2018 21:44 |
|
D. Ebdrup posted:To me, the care and feeding of a system is part using a system, which means following security announcements and eratta notices, as well as regularily updating, plus paying attention about small little details like crypto primitives getting deprecated. yeah, but you followed a statement about setting it up a decade ago and using it ever since with a statement about not jumping on something new and fancy so it didn't exactly seem like you were particularly keen on keeping it up to date
|
# ? Aug 20, 2018 21:47 |
|
Hey single DES was good enough for the banks in 1987 so it sure as hell is good enough for me!
|
# ? Aug 20, 2018 21:52 |
|
spankmeister posted:Personally I'm very hesitant to recommend Wireguard since it's still new and unproven IMO. OpenVPN, set up correctly, has a proven track record. it was the go-to for simple setups to masquerade as extremely bandwidth intensive dns as mentioned earlier, but there was never a perfect resource for configuration leading to all sorts of bastardised tutorials that still get recommended in 2018. then again the same could be said for ssh 20 years ago
|
# ? Aug 20, 2018 21:56 |
ate all the Oreos posted:yeah, but you followed a statement about setting it up a decade ago and using it ever since with a statement about not jumping on something new and fancy so it didn't exactly seem like you were particularly keen on keeping it up to date Curiously, I think what prompted me to avoid the SHA1-collision fun in a round-about way was seeing that switching to AES-GCM-256 could more than double performance even on relatively inexpensive hardware (though my system isn't exactly the same hardware as the one in this example) because GCM has been designed not just around combining the encryption and hmac step, but also because it's been designed to carry packetized data - so I feel like I dodged a bullet there.
|
|
# ? Aug 20, 2018 21:58 |
|
CRIP EATIN BREAD posted:polarssl/mbedtls owns Polarssl was way worse when we did testing than openssl
|
# ? Aug 20, 2018 22:04 |
|
spankmeister posted:Hey single DES was good enough for the banks in 1987 so it sure as hell is good enough for me! Wasn't there a security notice a while back that basically many appliances still offered all the weak algorithms so you attack by forcing a downgrade? Hence BoringSSL ripping out all the old junk, or whatever. You just know the military and financial houses still run the oldest and weakest stuff possible to pass the annual inspections, they're too cheap to upgrade, although you know Cisco will want to fleece them on those upgrades.
|
# ? Aug 20, 2018 22:05 |
Yeah, downgrade attacks are some of the easiest to pull off (when already doing man-in-the-middle attacks).
BlankSystemDaemon fucked around with this message at 22:10 on Aug 20, 2018 |
|
# ? Aug 20, 2018 22:08 |
|
apseudonym posted:Polarssl was way worse when we did testing than openssl Worse how
|
# ? Aug 20, 2018 22:42 |
|
Wiggly Wayne DDS posted:ya openvpn's alright if you're willing to jump into the documentation and approach it as a hobby project, professionally though? ehhh every ssl vpn product is a crock of poo poo to varying degrees at least openvpn is cross-platform and won't blue screen your laptop every couple months when you install the wrong update
|
# ? Aug 20, 2018 22:53 |
|
spankmeister posted:Worse how Prone to segfault with weird cert chains, we almost threw it out of the paper
|
# ? Aug 20, 2018 23:00 |
|
Cocoa Crispies posted:SSL1_RSA64_WITH_CAESAR_ECB excuse me I think you'll find psk_null_with_RC4 over ssl2 is more than robust enough for my purposes
|
# ? Aug 20, 2018 23:05 |
|
Post your favorite
|
# ? Aug 20, 2018 23:15 |
|
|
# ? Jun 8, 2024 15:55 |
|
AES256 gcm mode gently caress the haters
|
# ? Aug 20, 2018 23:17 |