LINUX NEWS
Resources & Links From CramSession.com
Thursday, March 14, 2002
TABLE OF CONTENTS
1) Sean’s Notes
2) Linux News
Upgrade OpenSSH!
More on the Loki Bankruptcy
Zlib Bugs
AOL and RedHat, Again
3) Linux Resources
Performance Tweaks
Supercharging Your Web Pages
NAT for the Home or Office
Keeping Your Red Hat System Updated
XP and Linux, Together
4) App o’ the Week
~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~
Free Quizzer for all Cramsession subscribers. Your Choice of Win2K Professional, A+, Network+, CCNA, CCNP, or MetaFrame. Hundreds of Free multiple-choice questions/answers and detailed explanations, and lots of free reference material in our adaptive simulation test engine. Limit one per Cramsession subscriber. Download your FREE Quizzer at:
http://ad.brainbuzz.com/?RC06&AIP05
For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit
http://cramsession.com/marketing/default.asp
-------------------------
1) Sean's Notes
-------------------------
With all the news about Network Associates dropping the PGP
product line, I thought that it would be a good time to do an
article or two on GPG, the GNU Privacy Guard, a free replacement
for PGP (Pretty Good Privacy). PGP has been around for ages
(well, over 10 years at least).
GPG and PGP are programs designed primarily to send encrypted
mail, though they have been used to solve other problems such
as verifying the authenticity of an RPM. Sending encrypted
mail isn't as simple as it sounds, as there are many factors
to take into account. Keeping your email secure hinges upon
something called Public Key Cryptography.
In the Public Key scheme, you get two keys, one called your
private key, the other is your secret key. Together, they
make up a key pair. Use one key to encrypt data, and only
the other key can decrypt it. The problem with this is that
it is very slow compared to other methods at our disposal,
even with today's fast computers.
Into the mix we'll throw in good old conventional cryptography,
where one key is used to both decrypt and encrypt. Encrypt
something with a certain key, only someone with that key can
decrypt it. Nice and fast, and certainly simple. However,
how do you securely transmit the key so your recipient can
decrypt the message?
So, we'll merge both conventional cryptography and public key
cryptography. Make up a random key and encrypt your message
with it. Encrypt it using public key cryptography and
throw away the key. Presto, only the person at the other end
can decrypt the key, and thus decrypt the message.
When we talk about keys, we talk in terms of bits. With
conventional cryptography, pretty much any integer forms a
valid key, so we can get away with keys around 128 bits long.
Those with a bit of a math background will realize that this
gives 2^128 combinations (that's around 40 digits if you wrote
it out). Trying every key with a billion computers, each
capable of trying a billion keys per second, you'll still be
running your program long after the Sun has burned out. With
a scheme like this, adding a bit to the key length doubles the
search space for the key, and thus doubles the difficulty of a
brute force crack.
Public key cryptography, on the other hand, usually needs much
bigger numbers, since not every integer forms a key. Some
algorithms rely on huge prime numbers being multiplied, or
that an attacker be able to calculate logarithms in a finite
field (a finite field is like a clock... Go past 12 and you
wrap around to 1). Easy stuff with small numbers, but as you
increase the size of the numbers involved, you increase the
complexity exponentially. Cryptographers love these types of
situations, because they can continually double the effort an
attacker has to put in by simply adding a few bits. With
ElGamal (used by GPG), the keys are between 1024 and 2048 bits.
Chances are that GPG is already installed on your computer, but
if it isn't, you can easily download it from http://www.gnupg.org.
Our first step is to create a key:
$ gpg --gen-key
The first thing you'll be asked is what kind of key to generate.
Since we're going for simplicity here, we'll select option 1 to
generate both a DSA and ElGamal key. Then, you'll be prompted
for the size of your ElGamal keypair. I wouldn't do anything
less than 1024 bits. Once that's over with, choose an expiry
date for your key. '0' means it's good until revoked, which is
what I always choose.
Next, you'll be asked to identify your key with your name,
email address, and an optional comment. With "Sean Walberg"
as my name, "Linux News" as the comment, and
"swalberg@cramsession.com" as my email, my key would show up as:
Sean Walberg (Linux News) <swalberg@cramsession.com>
After that, choose a passphrase. Note that I used
"passPHRASE", not "passWORD". What you're typing in is going
to protect your key from being misused if stolen, so make sure
you're protecting it with something good (don't use anything
you normally use to log in, or any of the obvious birthdays,
pet's names, etc).
Finally, your computer will churn for a while, and you'll see
"public and secret key created"
so you know you're done.
What we've created is two keys, a public and secret key.
These are stored on the aptly named "keyrings". Check out
your public key ring, which is where you'll store all your
friend's public keys (for encrypting to them, and checking
signatures)
$ gpg --list-keys
pub 1024D/FE257047 2001-10-26 Sean Walberg (Linux News) <swalberg@cramsession.com>
sub 1024g/07DA80CE 2001-10-26
Of interest is my name, so I know that this is my key, and
the key IDs (FE257047 and 07DA80CE). Remember that at the
beginning, we chose to create a DSA and an ElGamal key,
which is why we have two key IDs. The "sub" lets us know
that they're together.
For that matter, I can look at my secret key ring:
$ gpg --list-secret-keys
sec 1024D/FE257047 2001-10-26 Sean Walberg (Linux News) <swalberg@cramsession.com>
ssb 1024g/07DA80CE 2001-10-26
Don't mix those two up! We want to give out our public keys
so that people can encrypt email to us. We'll use our secret
key to decrypt those incoming messages, and no one else should
ever see it!
Speaking of which, you can export your public key to a text
file with
$ gpg --export -a "swalberg@cramsession.com" > mykey.asc
-a makes sure that the output is in ASCII, which makes it easier
to send in emails. Specifying my email address is one way of
referring to my key, I could have also used "Walberg", anything
else that differentiates my key from the rest in my public key
ring, or the key ID.
$ gpg --import hiskey.asc
is how I'd import someone else's public key into my keyring.
Right now, you've got a good idea of how GPG works to secure
email, you've got a keypair, and you know how to import keys.
Next week, we'll learn how to encrypt and decrypt messages,
and some shortcuts for distributing keys.
I encourage you to look around the http://www.gnupg.org website,
as there are front ends for many of your favourite email
clients (even Windows versions!). The documentation is also
very good. Anyone looking to work ahead can find my key on
the keyservers, my fingerprint is at the bottom for
verification.
Long live the Penguin,
Sean
mailto:swalberg@cramsession.com
D5C8 A7CF 106E 08A7 A1CA
392A 13A3 CB51 FE25 7047
-------------------------
2) Linux News
-------------------------
-----------------
Upgrade OpenSSH!
-----------------
OpenSSH is wonderful software for securely connecting to
other machines, and to tunnel services over your encrypted
connection. Many versions have been found to have a
significant bug, so go here for an upgrade.
http://www.openssh.com
----------------------------
More on the Loki Bankruptcy
----------------------------
It seems that the owners of Loki, the former company devoted
to porting Windows games to Linux, fared much better than
the employees. While the owners got a sizable salary, every
one else was left with several months of unpaid salary and
expenses, as much as $350,000! At the end of the deal, Loki
owed over $2 million, and had assets of only $20,000. Ouch.
http://www.linuxandmain.com/news/loki.html
----------
Zlib Bugs
----------
Zlib is a library used when you need compression. Due to some
programming errors, it's possible to cause applications that
use it to crash, or possible overwrite the stack and elevate
privileges. The RedHat advisory has good details on the
effects and dependencies, even if you're not a Red Hat user
I'd urge you to read this before going to your distribution's
site for upgrades. kvanhaaren also dug up the Debian advisory.
http://www.redhat.com/support/errata/RHSA-2002-026.html
http://www.debian.org/security/2002/dsa-122
----------------------
AOL and RedHat, Again
----------------------
This time it's not about mergers, though. AOL has hired Red Hat
to help move some of their servers to Linux in order to save
costs. This article also shows the complete misunderstanding
the press has about the GPL. Nothing in the GPL says you have
to share your changes if you don't intend to redistribute the
software. It also ignores AOL's Open Source experience with
Netscape.
http://zdnet.com.com/2100-1104-857681.html
-------------------------
3) Linux Resources
-------------------------
-------------------
Performance Tweaks
-------------------
This article gets into some good ways to squeeze some more
speed out of your machine. There are some ones here I hadn't
thought of before, such as changing the options used to mount
your filesystems. In particular, the tips having to do with
disks are well worth implementing.
http://linuxjournal.com/article.php?sidX86&mode=thread&order=0
-----------------------------
Supercharging Your Web Pages
-----------------------------
While I've been using the Apache Toolbox to build Apache for
the longest time, it's helpful to know what it's doing behind
the scenes. This article explains the process behind adding
PHP to an Apache setup, along with a little bit about PHP itself.
http://www.linuxplanet.com/linuxplanet/tutorials/1374/1/
---------------------------
NAT for the Home or Office
---------------------------
This is a great tutorial for those looking to use Linux as a
gateway for a small site. The instructions cover both iptables
and ipchains, and are more concise than the LDP's HOWTO. It
also has the settings you'll need to get those pesky Windows
boxes online.
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworkGateway.html
-------------------
Keeping Your Red Hat System Updated
-------------------
Red Hat offers various levels of the Red Hat Network, which
lets you keep your systems up to date with patches. The free
version is good for one system. Here are the instructions on
how to set yourself up to take advantage of this.
http://www.redhat.com/docs/manuals/RHNetwork/ref-guide/index.html
-----------------------
XP and Linux, Together
-----------------------
This article shows how to get Linux and XP playing together
on the same system. If you've tried to do anything similar
with LILO, you'll appreciate just how easy GRUB makes it look.
http://www.linuxorbit.com/modules.php?op=modload&name=Sections&file
=index&req=viewarticle&artidG0
-------------------------
4) App o' the Week
-------------------------
So, you've got a Microsoft SQL server, but want to use PHP or
Perl to access the data. What do you do? Does Microsoft make
a SQL driver for Linux? Nope, but these guys do! FreeTDS
marks itself as "Making the leap to SQL Server". The
instructions are very good, showing you how to install and
use the driver in PHP, Perl, C, and Java.
http://www.freetds.org
-------------------------
(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.
-------------------------
-------------------------
This message is from CramSession.com.
You are currently subscribed to the
Hottest Linux News and Resources
as: sean@ertw.com
To un-subscribe from this newsletter by e-mail:
send a blank email message to:
mailto:leave-linuxnews-3825955Y@list.cramsession.com
-------------------------------------------------------
To Subscribe to this newsletter by e-mail:
send a blank email message to:
mailto:join-linuxnews@list.cramsession.com
-------------------------