Cramsession Linux Newsletter

home

Mar 14 2002

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, March 14, 2002

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

Upgrade OpenSSH!
More on the Loki Bankruptcy
Zlib Bugs
AOL and RedHat, Again

3) Linux Resources

Performance Tweaks
Supercharging Your Web Pages
NAT for the Home or Office
Keeping Your Red Hat System Updated
XP and Linux, Together

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Free Quizzer for all Cramsession subscribers. Your Choice of Win2K Professional, A+, Network+, CCNA, CCNP, or MetaFrame. Hundreds of Free multiple-choice questions/answers and detailed explanations, and lots of free reference material in our adaptive simulation test engine. Limit one per Cramsession subscriber. Download your FREE Quizzer at:

http://ad.brainbuzz.com/?RC06&AIP05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp

1) Sean’s Notes

With all the news about Network Associates dropping the PGP product line, I thought that it would be a good time to do an article or two on GPG, the GNU Privacy Guard, a free replacement for PGP (Pretty Good Privacy). PGP has been around for ages (well, over 10 years at least).

GPG and PGP are programs designed primarily to send encrypted mail, though they have been used to solve other problems such as verifying the authenticity of an RPM. Sending encrypted mail isn’t as simple as it sounds, as there are many factors to take into account. Keeping your email secure hinges upon something called Public Key Cryptography.

In the Public Key scheme, you get two keys, one called your private key, the other is your secret key. Together, they make up a key pair. Use one key to encrypt data, and only the other key can decrypt it. The problem with this is that it is very slow compared to other methods at our disposal, even with today’s fast computers.

Into the mix we’ll throw in good old conventional cryptography, where one key is used to both decrypt and encrypt. Encrypt something with a certain key, only someone with that key can decrypt it. Nice and fast, and certainly simple. However, how do you securely transmit the key so your recipient can decrypt the message?

So, we’ll merge both conventional cryptography and public key cryptography. Make up a random key and encrypt your message with it. Encrypt it using public key cryptography and throw away the key. Presto, only the person at the other end can decrypt the key, and thus decrypt the message.

When we talk about keys, we talk in terms of bits. With conventional cryptography, pretty much any integer forms a valid key, so we can get away with keys around 128 bits long. Those with a bit of a math background will realize that this gives 2^128 combinations (that’s around 40 digits if you wrote it out). Trying every key with a billion computers, each capable of trying a billion keys per second, you’ll still be running your program long after the Sun has burned out. With a scheme like this, adding a bit to the key length doubles the search space for the key, and thus doubles the difficulty of a brute force crack.

Public key cryptography, on the other hand, usually needs much bigger numbers, since not every integer forms a key. Some algorithms rely on huge prime numbers being multiplied, or that an attacker be able to calculate logarithms in a finite field (a finite field is like a clock… Go past 12 and you wrap around to 1). Easy stuff with small numbers, but as you increase the size of the numbers involved, you increase the complexity exponentially. Cryptographers love these types of situations, because they can continually double the effort an attacker has to put in by simply adding a few bits. With ElGamal (used by GPG), the keys are between 1024 and 2048 bits.

Chances are that GPG is already installed on your computer, but if it isn’t, you can easily download it from http://www.gnupg.org. Our first step is to create a key:

$ gpg –gen-key

The first thing you’ll be asked is what kind of key to generate. Since we’re going for simplicity here, we’ll select option 1 to generate both a DSA and ElGamal key. Then, you’ll be prompted for the size of your ElGamal keypair. I wouldn’t do anything less than 1024 bits. Once that’s over with, choose an expiry date for your key. ‘0’ means it’s good until revoked, which is what I always choose.

Next, you’ll be asked to identify your key with your name, email address, and an optional comment. With “Sean Walberg” as my name, “Linux News” as the comment, and “swalberg@cramsession.com” as my email, my key would show up as:

Sean Walberg (Linux News) <swalberg@cramsession.com>

After that, choose a passphrase. Note that I used “passPHRASE”, not “passWORD”. What you’re typing in is going to protect your key from being misused if stolen, so make sure you’re protecting it with something good (don’t use anything you normally use to log in, or any of the obvious birthdays, pet’s names, etc).

Finally, your computer will churn for a while, and you’ll see

“public and secret key created”

so you know you’re done.

What we’ve created is two keys, a public and secret key. These are stored on the aptly named “keyrings”. Check out your public key ring, which is where you’ll store all your friend’s public keys (for encrypting to them, and checking signatures)

$ gpg –list-keys pub 1024D/FE257047 2001-10-26 Sean Walberg (Linux News) <swalberg@cramsession.com> sub 1024g/07DA80CE 2001-10-26

Of interest is my name, so I know that this is my key, and the key IDs (FE257047 and 07DA80CE). Remember that at the beginning, we chose to create a DSA and an ElGamal key, which is why we have two key IDs. The “sub” lets us know that they’re together.

For that matter, I can look at my secret key ring:

$ gpg –list-secret-keys sec 1024D/FE257047 2001-10-26 Sean Walberg (Linux News) <swalberg@cramsession.com> ssb 1024g/07DA80CE 2001-10-26

Don’t mix those two up! We want to give out our public keys so that people can encrypt email to us. We’ll use our secret key to decrypt those incoming messages, and no one else should ever see it!

Speaking of which, you can export your public key to a text file with

$ gpg –export -a “swalberg@cramsession.com” > mykey.asc

-a makes sure that the output is in ASCII, which makes it easier to send in emails. Specifying my email address is one way of referring to my key, I could have also used “Walberg”, anything else that differentiates my key from the rest in my public key ring, or the key ID.

$ gpg –import hiskey.asc

is how I’d import someone else’s public key into my keyring.

Right now, you’ve got a good idea of how GPG works to secure email, you’ve got a keypair, and you know how to import keys. Next week, we’ll learn how to encrypt and decrypt messages, and some shortcuts for distributing keys.

I encourage you to look around the http://www.gnupg.org website, as there are front ends for many of your favourite email clients (even Windows versions!). The documentation is also very good. Anyone looking to work ahead can find my key on the keyservers, my fingerprint is at the bottom for verification.

Long live the Penguin,

Sean mailto:swalberg@cramsession.com D5C8 A7CF 106E 08A7 A1CA 392A 13A3 CB51 FE25 7047

2) Linux News

Upgrade OpenSSH!

OpenSSH is wonderful software for securely connecting to other machines, and to tunnel services over your encrypted connection. Many versions have been found to have a significant bug, so go here for an upgrade.

http://www.openssh.com

More on the Loki Bankruptcy

It seems that the owners of Loki, the former company devoted to porting Windows games to Linux, fared much better than the employees. While the owners got a sizable salary, every one else was left with several months of unpaid salary and expenses, as much as $350,000! At the end of the deal, Loki owed over $2 million, and had assets of only $20,000. Ouch.

http://www.linuxandmain.com/news/loki.html

Zlib Bugs

Zlib is a library used when you need compression. Due to some programming errors, it’s possible to cause applications that use it to crash, or possible overwrite the stack and elevate privileges. The RedHat advisory has good details on the effects and dependencies, even if you’re not a Red Hat user I’d urge you to read this before going to your distribution’s site for upgrades. kvanhaaren also dug up the Debian advisory.

http://www.redhat.com/support/errata/RHSA-2002-026.html http://www.debian.org/security/2002/dsa-122

AOL and RedHat, Again

This time it’s not about mergers, though. AOL has hired Red Hat to help move some of their servers to Linux in order to save costs. This article also shows the complete misunderstanding the press has about the GPL. Nothing in the GPL says you have to share your changes if you don’t intend to redistribute the software. It also ignores AOL’s Open Source experience with Netscape.

http://zdnet.com.com/2100-1104-857681.html

3) Linux Resources

Performance Tweaks

This article gets into some good ways to squeeze some more speed out of your machine. There are some ones here I hadn’t thought of before, such as changing the options used to mount your filesystems. In particular, the tips having to do with disks are well worth implementing.

http://linuxjournal.com/article.php?sidX86&mode=thread&order=0

Supercharging Your Web Pages

While I’ve been using the Apache Toolbox to build Apache for the longest time, it’s helpful to know what it’s doing behind the scenes. This article explains the process behind adding PHP to an Apache setup, along with a little bit about PHP itself.

http://www.linuxplanet.com/linuxplanet/tutorials/1374/1/

NAT for the Home or Office

This is a great tutorial for those looking to use Linux as a gateway for a small site. The instructions cover both iptables and ipchains, and are more concise than the LDP’s HOWTO. It also has the settings you’ll need to get those pesky Windows boxes online.

http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworkGateway.html

Keeping Your Red Hat System Updated

Red Hat offers various levels of the Red Hat Network, which lets you keep your systems up to date with patches. The free version is good for one system. Here are the instructions on how to set yourself up to take advantage of this.

http://www.redhat.com/docs/manuals/RHNetwork/ref-guide/index.html

XP and Linux, Together

This article shows how to get Linux and XP playing together on the same system. If you’ve tried to do anything similar with LILO, you’ll appreciate just how easy GRUB makes it look.

http://www.linuxorbit.com/modules.php?op=modload&name=Sections&file

4) App o’ the Week

So, you’ve got a Microsoft SQL server, but want to use PHP or Perl to access the data. What do you do? Does Microsoft make a SQL driver for Linux? Nope, but these guys do! FreeTDS marks itself as “Making the leap to SQL Server”. The instructions are very good, showing you how to install and use the driver in PHP, Perl, C, and Java.

http://www.freetds.org

(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

     This message is from CramSession.com.

You are currently subscribed to the Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail: send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To Subscribe to this newsletter by e-mail: send a blank email message to:

mailto:join-linuxnews@list.cramsession.com

github.com/swalberg
twitter.com/seanwalberg