Why I'm releasing a brainwallet cracker at DEFCON 23

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.

Read more...

Using GitHub with multiple accounts or deploy keys

GitHub's implementation of git over ssh identifies accounts (for purposes of access control) solely by ssh public key. As a consequence, a particular public key can be associated with, at most, one account. Deploy keys are even more restricted - they can only be associated with a single repository. While ssh can try several keys, GitHub doesn't know what you're trying to access until after you authenticate, so a workaround is required to select the right key.

Read more...

Stupid certificate tricks

Sometimes I do things for no real reasons other than "because I can" and/or "it amuses me". For example, embedding a snarky message into my HTTPS certificate.

Read more...

Why Bitcoin mining ASICs won't crack your password

I've seen a lot of people expressing concern that Bitcoin mining ASICs are going to lead to some sort of password cracking apocalypse.

They won't.

Read more...

How I made my header image

I'm pretty happy with how my header image (seen above) turned out. Here's how it was made:

Read more...

Never forget to start screen again

There a few systems that I frequently work on from multiple locations. I like to be able to log back in and pick up where I left off after disconnecting and screen is great for that, but I have to remember to start it before I do anything else. After forgetting one too many times, I figured out how to start it automatically when I open an interactive SSH session. Here's what I came up with:

Read more...