PSA: Yes, 64-byte key file is OK

Michał ‘mina86’ Nazarewicz | 4 kwietnia 2017

In an earlier entry I’ve changed generated key file used for disk encryption from 4096 to meagre 64 bytes. I gave no mention of that adjustment considering it unimportant but have since been enquired about security of such a short password.

Rest assured, a 64-byte key file is sufficient for any symmetric encryption (disk encryption being one example) and anything more does not improve security.

Czytaj dalej »

Go: string↔[]byte

Michał ‘mina86’ Nazarewicz | 28 lutego 2017

Yes… I’ve started coding in Go recently. It lacks many things but the one feature relevant to this post is const keyword. Arrays and slices in particular are always mutable and so equivalent of C’s const char * does not exist.

On the other hand, strings are immutable which means that conversion between a string and []byte requires memory allocation and copying of the data¹. Often this might be acceptable but to squeeze every last cycle the following two functions might help achieve zero-copy implementation:

func String(bytes []byte) string {
	hdr := *(*reflect.SliceHeader)(unsafe.Pointer(&bytes))
	return *(*string)(unsafe.Pointer(&reflect.StringHeader{
		Data: hdr.Data,
		Len:  hdr.Len,
	}))
}

func Bytes(str string) []byte {
	hdr := *(*reflect.StringHeader)(unsafe.Pointer(&str))
	return *(*[]byte)(unsafe.Pointer(&reflect.SliceHeader{
		Data: hdr.Data,
		Len:  hdr.Len,
		Cap:  hdr.Len,
	}))
}

Depending on the length of the strings, the difference in performance might be noticeable:

Czytaj dalej »

PSA: Creating world-unreadable files

Michał ‘mina86’ Nazarewicz | 5 lutego 2017

I’ve been reading tutorials on using key files for disk encryption. Common approach for creating such a file is:

Step 1: Create a random key file

head -c 4096 /dev/urandom >keyfile

Step 2: Make the file readable by owner only

chmod 400 keyfile

*sighs* Please, stop doing this and spreading that method. The correct way of achieving the effect is:

Step 1: Create a random key file readable by owner only

(umask 077; head -c 64 /dev/random >keyfile)

Or if the file needs to be created as root while command is run by a different user:

Step 1: Create a random key file readable by root only

sudo sh -c 'umask 077; head -c 64 /dev/random >keyfile'

The first method creates the file as world-readable¹ and before its permission are changed anyone can read it. The second method creates the file as readable only by its owner from the very beginning thus preventing the secret disclosure.

Czytaj dalej »

Generating random reals

Michał ‘mina86’ Nazarewicz | 26 grudnia 2016

A well known way of generating random floating point numbers in the presence of a pseudo-random number generator (PRNG) is to divide output of the latter by one plus its maximum possible return value.

extern uint64_t random_uint64(void);

double random_double(void) {
	return random_uint64() / (UINT64_MAX + 1.0);
}

This method is simple, effective, inefficient and wrong on a few levels.

Czytaj dalej »

Poradnik wyboru prezentów

Michał ‘mina86’ Nazarewicz | 25 listopada 2016

Tak, ponownie nadeszła ta pora raku. Musisz się postarać, jeśli chcesz być/pozostać ulubioną ciocią, wujkiem, bratem, siostrą lub rodzicem. Ale jak z szerokiego asortymentu zabawek, wybrać najlepszy prezent?

Niestety nie mam odpowiedzi na wszystkie pytania, ale poniższy diagram może pomóc w przynajmniej jednym aspekcie:

Diagram „Czy zabawka jest dla chłopców czy dziewczynek?”

Czytaj dalej »

Strach

Michał ‘mina86’ Nazarewicz | 28 września 2016

English version available on The Codeless Code.

Niedawno przyjęty do świątyni mnich zbliżył się do mistrza.

― Otrzymałem zadanie dodania kilku nowych funkcji do systemu obsługi zamówień Cesarskiego Szewca, ale nie jestem w stanie zrozumieć, jak on działa. Logika jest rozproszona pomiędzy wiele aplikacji zaimplementowanych przy użyciu najróżniejszych technologii. Zamiast stworzyć wspólne biblioteki, autorzy najzwyklej skopiowali fragmenty kodu pomiędzy różnymi miejscami, często wprowadzając subtelne rozbieżności. Zadania pracujące w tle wyszukują i modyfikują rekordy w bazie danych bez żadnego udokumentowanego powodu. Sama baza danych wydaje się spiskować przeciwko mnie: prosta modyfikacja jednej tabeli może wyzwolić kaskadę zmian w wielu innych.

Czytaj dalej »

Python tips and tricks

Michał ‘mina86’ Nazarewicz | 1 września 2016

Python! My old nemesis, we meet again. Actually, we meet all the time, but despite that there are always things which I cannot quite remember how to do and need to look them up. To help with the searching, here there are collected in one post:

Czytaj dalej »

Website move

Michał ‘mina86’ Nazarewicz | 1 kwietnia 2016

Photo of a truck on a road.

(photo Ikiwaner, CC-BY-SA)

Some regular visitors of the web site may be aware that the page used to run on Jogger.pl platform. Some will also be aware that the service closes shop, an act which forced me to move to another hosting.

In moving the page, I’ve tried to keep old URLs work so even though canonical locations for posts have changed, the old links should result in a correct redirect.

This is also true for feeds but while Jogger provided customisation options (RSS and Atom, excerpts only, no HTML and posts count), currently only full-content HTML Atom feeds limited to newest ten entries are provided.

If anything broke for you, please do let me know at mina86@mina86.com.

I have not yet figured out what to do with comments which is why commenting is currently unavailable. Since I want my whole page to be completely static, I’m planning on using a third-party widget. So far I’ve narrowed the choice down to HTML Comment Box and the new hotness, Spot.IM. Any suggestions are also welcome.

Graph showing drop in response time from 300 ms to 60 ms

On the bright side, the page now loads five times faster! Jogger.pl took its sweet time when generating responses. A static page and better optimised infrastructure of my current provider allows to drop response time from 300 to 60 ms.

On Unicode

Michał ‘mina86’ Nazarewicz | 25 października 2015

There are a lot of misconceptions about Unicode. Most are there because people assume what they know about ASCII or ISO-8859-* is true about Unicode. They are usually harmless but they tend to creep into minds of people who work with text which leads to badly designed software and technical decisions made based on false information.

Without further ado, here’s a few facts about Unicode that might surprise you.

Czytaj dalej »