Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.
cryptography
Setting up keepassxc with yubikey
I use keepassxc to store my passwords. Up until now for my setup I have been using Password + Keyfile as the database credentials, where keyfile has been mostly used as a salt rather than an actual secrets. I store a backup of this keyfile in various online accounts. Because of this I've never been entirely comfortable storing the passwords anywhere online, as it would only require cracking my password. Adding the yubikey secret to the credentials should add an offline factor that will be very difficult to compromise.
ReadRevoking a PGP Key from MIT's Key Server
Instructions on how to revoke your public PGP key from MIT's Key Server.
ReadYubikey OpenPGP Setup for SSH and Commit Signing
Some disorganized notes on how I set up my yubikey for SSH auth and git commit signing.
Readtamperfree
I'd like to write about a part of what was my master thesis project. For my thesis I wrote about a mostly theoretical whistleblowing system.
ReadRolling my own Certificate Authority
I'm about to deploy a small sideproject I've been coding the past 2 weeks and
ReadMD5 Length Extension Attack
I found this great explanation of a length extension attack [here by Skullsecurity](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
ReadQR Codes as Password Storage?
I played around yesterday with the idea of using QR-codes as an offline password storage. This way I don't have to rely on a database of passwords stored on my computer or in the cloud. I shudder at the thought of storing passwords in the cloud, encrypted or not. Instead my idea is to have printed QR codes in a binder, encrypted using a master password. To clarify, the content inside the QR code will be encrypted.
ReadPredicting .NET Guid.NewGuid()
.... is unfortunately rather difficult. GUID stands for [globally unique
Read