Skip to main content

Posts

Showing posts from November, 2007

Steve Gibson's PPP... new version 3 in Java and C

If you've been following along you'll know that I've implemented Steve Gibson's PPP system in Java and C. The Java code is in the form of a CLDC/MIDP project for cell phones and the C code is a command-line tool. Steve's made a major change to the algorithm which he's calling PPPv3. My updated code is here: The C source code is available in ppp3-c.zip . The Java source code is available in ppp3-java.zip . The compiled Java is available in ppp3.jar . Read my original blog posts for details.
2 comments
Read more

Cryptographically and Constantly Changing Port Opening (or C3PO)

In another forum I was just talking about a little technique that I came up with for securing a server that I want on the Internet, but to be hard for hackers to get into. I've done all the right things with firewalling and shutting down services so that only SSH is available. But that still leaves port 22 sitting there open for someone to bang on. So what I wanted was something like port knocking (for an introduction to that you can read my DDJ article Practical Secure Port Knocking ). To avoid doing the classic port knocking where you have to knock the right way to open port 22 I came up with a different scheme which I call Cryptographically and Constantly Changing Port Opening or C3PO. The server and any SSH client who wish to connect to it share a common secret. In my case that's just a long passphrase that we both know. Both bits of software hash this secret with the current UTC time in minutes (using SHA256) to get 256 bits of random data. This data changes ev
10 comments
Read more

PPPv2 in Java and C

Recently, I released C and Java versions of Steve Gibson's PPP system for password generation. Steve updated the algorithm to PPPv2 which uses a different hash (SHA256 instead of SHA384) and a slightly different plain text generation algorithm (see the PPP pages for details). I've now updated my code to PPPv2 and am releasing it here. The C source code is available in ppp-c.zip . The Java source code is available in ppp-java.zip . The compiled Java is available in ppp.jar . Read my original blog posts for details. All source code is released under the BSD License .
2 comments
Read more