private key – Hardened keys versus normal keys – A simpler explanation

A non-hardened private key is derived using the equations shown below. Here the lowercase letter represents private keys and the large box represents public keys. G is the generating point, c is the chain code, and i is the index number of the generated key. Kpar Y cpa Together they represent the extended public key. kpar Y cpa Taken together, it represents the extended privat key.

k (i) = kpar + hash (Kpar, cpar, i)
reorganizing you get, kpar = k (i) - hash (Kpar, cpar, i)

Now, let's say that the attacker has in his hands k (i) Y xpub. You can generate public keys without the need for private keys using the xpub with the following equation: K (i) = Kpar + hash (Kpar, cpar, i) * G (Check why this equation is as follows in the Appendix). The attacker will increase the index (i) in a loop until it generates the public key associated with k (i). When K (i) = k (i) * G The attacker knows the index number.

In this way, with the index in your hand, you can simply calculate the kpar from the equation kpar = k (i) - hash (Kpar, cpar, i).

Hardened keys avoid this by using the equation: k (i) = kpar + hash (kpar, cpar, i). So, even if you have your hands on xpub and the k (i), you can not reverse engineer kpar how that variable is in the hash function that is one way.

Appendix:

we saw earlier that k (i) = kpar + hash (Kpar, cpar, i)
=> k (i) * G = kpar * g + hash (Kpar, cpar, i) * G
=> K (i) = Kpar + hash (Kpar, cpar, i) * G

Address – Trying to understand extended keys

Little by little I am educating myself about how block chains and Bitcoin work. Now I understand why it is safer to use a different Bitcoin address for each transaction you make, but now I am trying to understand how you could achieve that with something as basic as paper wallets for educational purposes.

So, I noticed that most of the large exchanges currently generate a new public address every time you want to deposit cryptocurrencies. From what I have read, this is possible through the use of an extended key, which contains a public and private part, just like normal keys. Now, where I am still a bit confused is exactly how it works for them (the exchanges) to access all the funds of all the public addresses that you generated at the same time (since they show you a total balance and you can spend that balance with what it seems to be only 1 transaction). Does the extended private key give you access to spend all funds in all public addresses generated with that private extended key?

Also, when we say that the addresses should never be used more than once, I assume that they should still be used 2 times at some point, since it adds funds and then withdraws them, which means 2 transactions in total. Or am I completely wrong?

AngularJS "Error: [ngRepeat:dupes] Duplicates in a repeater are not allowed. Use 'track by' expression to specify unique keys "

I have the following array in my scope:

array (2) { [0]=> object (stdClass) # 2 (6) { [“nombre”]=> string (2) "we" [“ID”]=> string (1) "1" [“necesario”]=> string (2) "12" [“fecha”]=> string (2) "12" [“zona”]=> string (2) "12" [“genero”]=> string (0) ""} [1]=> object (stdClass) # 4 (6) { [“nombre”]=> string (2) "we" [“ID”]=> string (1) "4" [“necesario”]=> string (2) "12" [“fecha”]=> string (2) "12" [“zona”]=> string (2) "12" [“genero”]=> string (2) "23"}} [{“nombre”:”we”,”ID”:”1″,”necesario”:”12″,”fecha”:”12″,”zona”:”12″,”genero”:””},{“nombre”:”we”,”ID”:”4″,”necesario”:”12″,”fecha”:”12″,”zona”:”12″,”genero”:”23″}]'

And I want to create a row in a table for each element of it, I've tried with

ng-repeat = "request in requests"

but it gives me the error of the title of the message. When adding

ng-repeat = "request in requests track by solicitud.ID"

I keep giving the same error, and if I add it

ng-repeat = "request in track by $ index requests"

the browser is blocked and stays in a kind of infinite loop. Can somebody help me? Thank you

Unicode analysis with keys without double quotes in Python

I'm trying to convert the Python Unicode object below without double quotes to json.

x = {
version: & # 39; 2.1.2 & # 39 ;,
dipa: & # 39; 1.2.3.4 & # 39 ;,
dipaType: & # 39; & # 39 ;,
Customer information: [{
            name: 'xyz',
            id: 1234,
            account_id: 'abc',
            contract_id: 'abc',
            in_use: true,
            region: 'NA',
            location: 'USA'
        },
        {
            name: 'XYZ',
            id: 9644,
            account_id: 'qwerty5',
            contract_id: 'qscdfgr',
            in_use: true,
            region: 'NA',
            location: 'cambridge'
        }
    ],
maxAlertCount: 2304,
ongress: false,
ScrubCenters: [{
        name: 'TO',
        percentage: 95.01,
        onEgress: false
    }],
status: & # 39; update & # 39 ;,
updated: & # 39; 1557950465 & # 39 ;,
vectors: [{
            name: 'rate',
            alertNames: ['rate'],
ongress: false,
Alerts: [{
                key: '1.2.3.4',
                source: 'eve',
                eNew: '1557943443',
                dc: 'TOP2',
                bond: 'Border',
                percentage: 95.01,
                gress: 'ingress',
                sourceEpochs: ['1557950408',
                    '1557950411',
                    '1557950414',
                    '1557950417',
                    '1557950420',
                    '1557950423',
                    '1557950426',
                    '1557950429',
                    '1557950432',
                    '1557950435',
                    '1557950438',
                    '1557950441',
                    '1557950444',
                    '1557950447',
                    '1557950450',
                    '1557950453',
                    '1557950456',
                    '1557950459',
                    '1557950462',
                    '1557950465'
                ],
name: & # 39; tariff & # 39 ;,
category: & # 39; tariff & # 39 ;,
level: & # 39; alarm & # 39 ;,
Data type: & # 39; value & # 39 ;,
data: 19.99,
time stamp: 1557950466,
type: & # 39; alert & # 39 ;,
Value: 95.01,
updated: & # 39; 1557950465 & # 39;
}],
dcs: ['TO'],
captivity: ['Bo']
        }
{
name: & udp & # 39; udp & # 39 ;,
alertNames: ['udp'],
ongress: false,
Alerts: [{
                key: '1.2.3.4',
                source: 'top',
                eNew: '1557943500',
                dc: 'TO',
                bond: 'Bo',
                percentage: 95.01,
                gress: 'ingress',
                sourceEpochs: ['1557950408',
                    '1557950411',
                    '1557950414',
                    '1557950417',
                    '1557950420',
                    '1557950423',
                    '1557950426',
                    '1557950429',
                    '1557950432',
                    '1557950435',
                    '1557950438',
                    '1557950441',
                    '1557950444',
                    '1557950447',
                    '1557950450',
                    '1557950453',
                    '1557950456',
                    '1557950459',
                    '1557950462',
                    '1557950465'
                ],
name: & udp & # 39; udp & # 39 ;,
category: & # 39; udp & # 39 ;,
level: & # 39; alert & # 39 ;,
data_type: & # 39; named_values_list & # 39 ;,
data: [{
                    name: 'Dst',
                    value: 25
                }],
time stamp: 1557950466,
type: & # 39; alert & # 39 ;,
updated: & # 39; 1557950465 & # 39;
}],
dcs: ['TO'],
captivity: ['Bo']
        }
{
name: & # 39; tcp & # 39 ;,
alertNames: ['tcp_condition'],
ongress: false,
Alerts: [{
                key: '1.2.3.4',
                source: 'to',
                eNew: '1557950354',
                dc: 'TO',
                bond: 'Bo',
                percentage: 95.01,
                gress: 'ingress',
                sourceEpochs: ['1557950360',
                    '1557950363',
                    '1557950366',
                    '1557950372',
                    '1557950384',
                    '1557950387',
                    '1557950396',
                    '1557950399',
                    '1557950411',
                    '1557950417',
                    '1557950423',
                    '1557950426',
                    '1557950432',
                    '1557950441',
                    '1557950444',
                    '1557950447',
                    '1557950450',
                    '1557950456',
                    '1557950459',
                    '1557950465'
                ],
name: & # 39; tcp & # 39 ;,
category: & # 39; tcp & # 39 ;,
level: & # 39; alert & # 39 ;,
Data type: & # 39; named & # 39 ;,
data: [{
                    name: 'TCP',
                    value: 25
                }],
time stamp: 1557950466,
type: & # 39; alert & # 39 ;,
updated: & # 39; 1557950465 & # 39;
}],
dcs: ['TO'],
captivity: ['Bo']
        }
],
Timestamps: {
FirstAlerted: & # 39; 1557943443 & # 39 ;,
lastAlerted: & # 39; 1557950465 & # 39 ;,
lastLeaked: null
}
}

I tried using hjson and demjson

Import Hjson
result = hjson.loads (x)
import demjson
result = demjson.loads (x)

Current result:

hjson.scanner.HjsonDecodeError: Additional data: line 156 column 1 – line 620 column 27 (char 4551 – 232056)

demjson.JSONDecodeError: unexpected text after the end of the JSON value

Expected result:

Json object

cryptography – determine the relationship between many keys

I have many short lengths (6 bytes) and I know some factors that could be used to calculate them. I know with certainty that it can be obtained with the information given.

As the keys are very short and so are the factors that may be involved in the generation, I was wondering what would be the approach to discover how they are generated.

Several keys have in common the same UID and are differentiated by the "block" of data they authenticate, for example (all values ​​are in hexadecimal):

UID: 8de73004

Keys generated for this UID:
1b47cf796936 (block 15)
d53c00f53a3d (block 14)
5f42136fec45 (block 13)
3b1547f2ee91 (block 12)

I also assume that there is a private key involved in the process.

Is there a particular approach to doing this? Or are there just too many chances that it's not worth it?

Configure SSH keys in Ubuntu 18.04

Who should read this?

This tutorial is for beginner users to intermediate linux that want to go beyond the basic password security. Security professionals recommend using the ssh keys to make authentication in ssh sessions faster, easier and more secure. As passwords become longer and more complex, they become more difficult to use and manage.

Key-based access is safer and easier to administer for people. For teams and organizations, key-based access has some challenges around user rotation and hygiene that are beyond the scope of this tutorial.

What are we talking about ?

This tutorial will guide you through the basic procedures for configuring and using SSH keys on your servers and how to use them with common Windows ssh tools such as putty or on OSX, or Linux.

SSH is a client server protocol originally developed to replace the insecure and unencrypted telnet protocol. SSh1 was originally developed in 1995 by Tatu Ylonen, a researcher at the Helsinki University of Technology. Tatu went on to find ssh.com. SSH became one of the most used security and administration tools in modern technology.

OpenSSH was a bifurcated derivative work (for the OpenBSD project) of earlier versions of the SSH server application that had less restrictive licenses.

Why

The use of SSH keys makes access to the system fast, easy, secure and scalable. It is practically the only way to fly if you really want to be a Linux administrator.

What are the SSH keys?

SSH keys are a pair of public and private keys that are used to authenticate users who try to log in remotely on systems to perform administrative tasks and actions. The public key is placed on the remote server and the private key is stored as a secret on the user's local machine.

Previous requirements

This tutorial is based on Ubuntu 18.04 running the last

$ sudo apt-get update && apt-get upgrade

If you are using Windows, you will need:
Putty https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html ### You need at least putty v0.70 to use ED25519

WinSCP https://winscp.net/eng/download.php

Puttygen https://winscp.net/eng/download.php This is included in the WinSCP installer

Step 1

$ mkdir -p ~ / .ssh
$ chmod 0700 ~ / .ssh
$ ssh-keygen -t ed25519 -C "VPS Server # 101" ### https://ed25519.cr.yp.to/ if you're wondering what ED25519 is
Generating a pair of ed25519 public / private keys.
Enter the file in which the key will be saved (/root/.ssh/id_ed25519):
Enter the passphrase (empty for no passphrase): #haha I can not write
Enter the same passphrase again:
The password phrases do not match. Try again.
Enter the passphrase (empty for no passphrase): #till can not write
Re-enter the same passphrase:
Your ID has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256: + EgRgp7QUWicc / vjjYfl8iW / HW1E5PkzOYY7TmCMlYU VPS server # 101
The random image of the key is:
+ -[ED25519 256]- +
| or. * o. ... |
| Or .. Eoo. |
| + + ... or + |
| or. O + + .. |
| .o S. + .. *. |
| .oo. . .oo + |
| ..Bo. . + o |
| = ++ .oo |
| +. or ... |
+ ----[SHA256]----- +
$ ls -al ~ / .ssh
total 16
drwx ------ 2 root root 4096 April 30 04:12. ### I agree to pretend that I did not run this as root
drwx ------ 7 root root 4096 April 30 04:11 ..
-rw ------- 1 root root 411 Apr 30 04:12 id_ed25519 ### THIS IS YOUR PRIVATE KEY DO NOT SHARE
-rw-r - r-- 1 root root 97 April 30 04:12 id_ed25519.pub ### THIS IS YOUR PUBLIC KEY - GOES ON REMOTE DEVICES 

Step 2

You must add your public key to the file ~ / .ssh / authorized_keys on any server where you want to log in.

$ cat id_ed25519.pub >> ~ / .ssh / authorized_keys # APPLY THE CONTENT FROM FILE_1 to FILE_2

Use WinSCP or SCP to download your private key to your workstation.

In Windows

Open PuttyGen and load the private key that you downloaded from the VPS. Be sure to select parameter ED25519 if that is the type of key you generated!

Then press Save private key, save the key file id_ed25519.ppk somewhere smart.

Open Putty and navigate to SSH> Auth in the menu on the left, find and upload your private key file

Go back to the session and save the session so you do not have to specify the file key again and again like a robot.

If your session throws an error "Unable to load private key file .ppk (file format error)" it is likely that your version of putty is too old and not compatible with ED25519.

On Linux / OSX

Downloading your keys in your Linux workstation is quite simple.

user @ workstation: ~ $ scp user@192.168.1.101~/.ssh/id_ed25519 ~ / .ssh /
User password@192.168.1.101:
id_ed25519 100% 411 15.4KB / s 00:00
user @ workstation: ~ $ ssh root@192.168.1.101 # type your password and boom where you are
Welcome to Ubuntu 18.04.2 LTS (GNU / Linux 4.15.0-38-generic x86_64)

References

  • https://www.openssh.com/history.html
  • https://www.ssh.com/ssh/
  • https://ed25519.cr.yp.to/ if you are wondering what is ED25519

About the Author

Sean Richards, CISSP, is a technology enthusiast and security professional for 20 years. He loves family, animals, barbecue, and bicycles.
https://www.linkedin.com/in/seangrichards/
https://github.com/seangrichards/
https://twitter.com/seangrichards

Understanding of private keys, public keys, addresses and transactions.

Private key (SK) -> Public key (PK) -> Address (A). Some say that SK -> PK == A. Which one is correct?

First. An address is not a public key. This is a coding (Base 58 Check or Bech32 coding, depending on the type of address) of the RIPEMD160 hash of the SHA256 hash of the public key. The address comes from the public key, but it is not the public key itself. A public key can have multiple addresses.

  1. Now, in a transaction when X to Y of "n" bitcoins occurs this: X signs (digitally) the transaction "t" with its SK and this is the part that I do not understand. How does "Y" to open and verify that the transaction was sent from X? Or in addition to X signing the transaction that encrypts? Can the transaction again with Y / Y PK / A open it? Is there something I'm missing?

Signing is not the same as encrypting. Transactions are not encrypted, no data in a transaction is secret. Everything can be read by all.

A digital signature can be verified by knowing the message that was signed and the public key corresponding to the private key that signed the message. In the case of Bitcoin, the message is defined by consensus rules (it is the hash of certain parts of the transaction), and the public key is provided in the transaction itself. Those three things (the public key, the signature and the message) can be used to verify that the signature is valid.

brute force – Postfix SMTP – Can I use SSH public keys instead of the sasl password?

Postfix … Can I use SSH public keys instead of the SASL password?

Soon, do not. Postfix uses SASL, and while SASL supports a variety of different authentication mechanisms, SSH pubkeys is not one of them.

That said, SASL supports a series of sophisticated mechanisms that would serve its purpose of making the login not trivial for the attackers to try. The biggest problem may be finding and configuring a complex mechanism that is compatible with your legitimate clients!

The simplest way to incorporate public key authentication into your Postfix SMTP workflow is to use the Postfix SMTP TLS configuration to require authentication, as described in this documentation.

Alternatively, as described in this answer, you can force your legitimate clients to connect through SSH and connect to the SMTP server through an SSH tunnel, thus fulfilling the same objective.

  1. Is it possible to completely change the login authentication in such a way that
    You must use a public key instead of a password so that these automated
    the bots require more advanced methods to even get to the smtp server in the
    first place?

Some of the SASL mechanisms listed on the previous page are, effectively, public keys, for example, RFC 3163 (but note that their warning is less useful than the simple TLS).

The lack of SASL pubkey mechanisms is probably due to the fact that all those who considered one saw the alternative of doing the same in the TLS layer and said "Resolved, there is no need to work on this!"

  1. For websites that are on a server that also acts as a mail server, it is
    there is a method to allow only vhosts authentication in this
    web server itself?

Certainly, if they are on the same machine, you can configure an SMTP listener on localhost (127.0.0.1) to which the process of your web server can be connected but which is not available to external people. You can also rely on retransmission without authentication on that server, since it is not accessible to others. Look at the Postfix master.cf File to configure different or additional listeners.

Web application: How to store the keys in a web application that I want to be able to edit through a web page?

In my web application I use several payment providers. I want to be able to edit confidential data related to them, such as API keys, through a web page. Therefore, in order to do this, I have to store that data in a file or database. Not in the env. variables Correct?

Let's say that I will have a table "payment_providers", in it there will be a column "private_keys". Is there a way to store confidential data in a database in a more secure way? Should they encrypt it in some way? Or save it as it is?

I want a simple solution. I'm in Linux. A solution that involves libraries or third-party tools will not work for me.

plsql – How to create a procedure to insert a new row in a table when the table has two external keys in the SQL developer?

How to create a procedure to insert new data in a table when the table has two external keys in the SQL developer?

When I executed it, it is saying:
02291. 00000 – "integrity restriction (% s.% S) infringed – the primary key was not found"
* Cause: A foreign key value does not have a matching primary key value.
* Action: delete the foreign key or add a matching primary key.