connecting home securely

It has been probably close to a decade that I run a small server at home. At first it was only because I could not find a web hosting company that would serve my fcgi libwt apps at an affordable price. Then I added this blog to it. In the meantime I added a lot of other stuff as well. One of the more important things became ssh. Not only for remote shell sessions, but also for securely copying files and tunneling. In fact I use ssh tunnels instead of a more traditional VPN.

Discovery

Static IP addresses are expensive in Switzerland. So I used dyndns from the start. At first the free offering, and then switched to a paid plan long before they discontinued the free offering. Just last week I received a note that they grabed the annual fee from my (scheduled to be deactivated) credit card. Generally I strongly dislike services that automatically grab money from my accounts. They didn’t even mention that the fee doubled. That’s one side of the story, the other is that dyndns is an American company. They could take my domain name hostage without even telling me.  So there has to be a better alternative. In fact there is one. It’s good technology wise, but not generally available to the unintroduced yet.

DyName for namecoin

I wrote about namecoin in a previous blog post. One of its main uses is a censorship resistant domain name registration. And the simple python script from DyName is to namecoin what dyndns and ddclient are to traditional domain names. Just prepare your registered name to include a dd entry, edit your config file, and call the script periodically from cron. That way you separate the private key where your name is registered from the hot wallet on the server. My provider used to reassign new ip addresses more frequently, now it’s about once every two months I would guess. The transition with namecoin was very smooth the last two times. I have a script that queries namecoin for the current ip address and then connects. There are dns resolvers and browser plugins or even public dns servers that would resolve namecoin domains. My experience with them was not as smooth as with the namecoin core itself. But I’m sure these parts will improve as well. So, with namecoin we have high confidence, that the ip address is correct that we are connecting to, but it can’t protect against man in the middle attacks. SSH has means to protect from that. The ssh client has a list of known ip addresses or host names and corresponding key fingerprints. But after an ip address change, there is no entry for the new destination, so ssh prints an error message and refuses to connect until you accept to add a new entry to your known_hosts file.

ssh known hosts

When you search for the error with your preferred search engine, you’ll find advices to delete offending lines in your known_hosts file. This of course is not what we need here. Just accepting to add a new entry the next time you connect would circumvent the protection against MITM that ssh provides. Since we already have the key fingerprint from the previous address, there is another more secure solution. If you have only one entry in your known_hosts file, you can skip the next few lines. Maybe you know which fingerprint is valid, for example because the file already contains a couple of lines with the same key fingerprint because the ip address changed a couple of times, and you just accepted it.

If you are not sure, which fingerprint you need, ask the server what it provides:

$ ssh-keyscan 85.3.164.135
# 85.3.164.135 SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
85.3.164.135 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7WE5vtqSxUnQRX5CjOzEzUAdewqHRV5MXcSCQcylcKanpnDHRE4yVlEn770MFP6EfJ61ukdNYMDnSO9eoRiZY=

Now search for this fingerprint in your known_hosts file, and copy the whole line. On the new line, you replace the first hash with the actual new ip address in clear text. You could leave it like that, but you can also hash it with the following command.

$ ssh-keygen -H -f ~/.ssh/known_hosts

After writing all this I started wondering if it would be possible to keep the host key on an external hardware device like a NitroKey or a YubiKey. I already keep my client key for authenticating to the ssh server on one of these.  That’s something to find out in a future post maybe.

The phone book of the internet age

When I was a kid, the main means of communication with remote friends was using telephones. If I didn’t know the phone number of their parents, I looked them up in the phone book. The phone books also contained the postal address. So if I wanted to send a letter or a packet, I could also consult the same source for where exactly to send it.

Nowadays we have many more means of communication (mobile phones, email, xmpp, IRC, BitMessage, Twitter, Skype, WhatsApp, ICQ, FaceBook, Hangout, Forums…), but in this plethora of options, discovery is sometimes more difficult. On some services you just search for name, on others you have to know the user handle beforehand. But most important, you need to know on which service to look in the first place. In addition, an increasing number of people choose not to be listed in the phone book, or their online counterparts any more. So when I recently wanted to send a package to a friend who just received a child, I couldn’t find his postal address anywhere and had thus to ask him.

I’m sure in addition to the online versions of the regular phone books, there are lots of registry services where people can sign up to be listed. The problem is though that they are scattered all over the place, and mostly for local communities. There is one notable global directory, but that is for domain names rather than for people. DNS has problems of its own. As I experienced recently first hand, you’re at the mercy of the registrars if something unusual happens. And if you forget to renew, or lost access to the account your friend registered your domain (don’t get me started on passwords), some troll may catch your domain and use it for blackmailing.

Namecoin is here to solve both problems. It is a descendant of BitCoin, the famous cryptocurrency. Namecoin is a decentralized store of information such as domain name registrations, personal information… you name it. As it uses a block-chain it is completely tamper- and censorship-resistant. The rules are very clear. The first one to grab a name gets it. When a name expires it is available again. Registration or update is very cheap, in the range of a few cents. Since it is merge-mined with bitcoin itself, it inherits the protection against 51% attacks.

All you need is an installation of a namecoin full node (I’m not aware of any thin clients). The block chain is a lot smaller than that of bitcoin, so it is no problem to run it on your notebook. Once installed, you can register your domain. The GUI has fields for the required information. If you have a static IP address, you can just use that for registering and skip all the DNS stuff. The client side is a bit harder at the moment. To get the full security the system offers, you need to install a browser plugin, that is still a bit clunky. But there are already DNS providers that resolve .bit domains. That can be a lot more convenient at the cost of some security.

But the reason I’m writing about namecoin is an alternative usage, namely as a kind of modern phone book. I can’t remember how I found the site  nameid.org. I think it was from some guy writing about integrating it with the BitMessage client. As BitMessage addresses are hard to remember, that makes a lot of sense. Using namecoin for OpenID is also a nice idea, but I don’t use that part. I’m still looking for an OpenID solution based on OpenPGP where I can use my OpenGPG Smartcard. There was a great project started in this direction called EnigForm, too bad it has been stalled for some time. But I’m diverting again.

So, you can pick a short name (“ulrichard” in my case), and register selected information about you (email, blog, phone number, postal address…) with namecoin. The process is not as straight forward as with domain names, as the GUI has no fields for that yet. So you have to construct the json string yourself. The wiki documents the various fields and their types. You then only have to provide your short name as kind of digital, updateable business card. Yes, and updateable business card, isn’t that cool? Since not all people have namecoin installed, instead of the short name alone, you can provide a link to a website that nicely formats the information : https://nameid.org/?name=ulrichard . Once namecoin is integrated with other services, you no longer need to send mass-messages to all your friends when you change your eMail-address or phone number, you just update your namecoin id record.

Trezor BitCoin HardwareWallet

Today I received my Trezor BitCoin HardwareWallet. When I ordered it in June 2013, the expected delivery Date was October. But as it happens all that often with BitCoin related hardware, the dates get pushed back. They offered a device with plastic case for XBT 1 and one with an alloy case for XBT 3. After the Bitcoin price skyrocketed end of last year, they stopped taking pre-orders. The devices we early backers received, have a nice “First Edition” label at the back.

The trezor is the first hardware wallet for BitCoin that is mass produced. It has a small screen, two buttons and a microUSB connector. So it is actually a lot more secure than if you just stored the private key on a SmartCard, as could be done with a HW1 or a YubiKey NEO if the software was finally released. You can see the balances on the different addresses in the client on the computer. When you want to send some coins, you see the receiving address and the ammount on the small screen of the trezor. Once you confirm using two button presses, the trezor signs the transaction, and the client on the computer propagates it to the BitCoin network.

Build quality and form factor look quite nice. It is actually a bit smaller than I expected, which is a good thing. Fifteen Swiss Francs in Coins would require about the same space. I guess it helps in that regard that it doesn’t require a battery, but is powered from USB.

The first thing I did was setting it up with the browser plugin from https://mytrezor.com. It’s an easy process where you have to write down the seed which consists of 24 words. Then I sent a small amount back and forth. Only after seeing this succeed, I transferred bigger amounts to the addresses of the device.
Then I wanted to test the electrum plugin that slush recently noted, would be merged soon. I found it in a pull request on github. It didn’t work initially, but several people were quick to help. After all issues were sorted out, also sending with the trezor from electrum works fine.

It wouldn’t be a security device if it worked without entering some kind of secret. Entering the secret on the computer would make it less secure, as some malicious software could record it. Entering it on the device with only two buttons would be cumbersome, as not that many people these days are fluent in morse code. So, I was curious, how they solved that problem. The solution they came up with is actually quite nice. They display a 3×3 grid of buttons with question marks on the cumputer, while the trezor shows a 3×3 grid with digits 1 to 9 in random positions. That way, you enter your pin on the computer using a mouse or touch screen, using the positions found on the trezor screen. Even after playing with the trezor for only some hours, it’s evident that a lot of thought went into it.

I wonder what will happen next in that space.
I was not fully convinced by the HardBit. Indeed it turned out, somebody found out how to activate WiFi and bluetooth of the repurposed SmartPhone. That makes it way less secure. The developers seem eager and friendly, but it might be just not the most secure platform to begin with.
Recently I backed an interesting project called PRISMicide on Indiegogo, but with only 8% funding after half the time, it looks as if they won’t make it.
The picture and description of the BitSave from ButterflyLabs look really slick. But they have a history of overpromising and delivering late.
And finally, I’m sure SatishiLabs, the creators of trezor, will work on a follow up device that is even smaller and communicates with SmartPhones.

key signing

I have been using gnupg for a couple of years for digitally signing emails and debian packages and occasionally for encrypting files as well for ssh authentication. I wanted to participate in the web of trust for a while. But so far, all key-signing-parties in my region were on dates, that I couldn’t attend. Then I met the organizer of the last key signing party that I could not attend, on the last BitCoin meetup in Zug. Hence, we exchanged Id’s and key signatures, to sign the keys later. He briefly explained the procedure to me. Back at home, I wanted to sign his key, but was presented with an error message indicating that parts of my private key were missing. A quick search revealed that it was because of my setup, where I have the private sub keys on an OpenPGP smartcard, and the private primary key on an air-gapped machine in a secret place, guarded by orcs. Everything else can be signed using the signing subkey on the card, but other keys have to be signed using the primary key. Now, I began to think about moving all keys that I want to sign to that air-gapped machine and back using qr-codes. I didn’t like that Idea, and found a better solution: store the private primary key on a second smart card. Once it’s done, it works very well, I just insert the second smartcard when I want to sign someone’s key. But the procedure to get there is cumbersome to say the least. Luckily there was a concise description of what steps to perform.

We have been using passwords for too long

Every time I have to register to a website using a password, I grow more annoyed. Passwords were fine when you only had one, to log in to your corporate mainframe. But these days, computers are better at cracking passwords than humans at remembering them.

It only gets worse with the more sites you maintain profiles. You shouldn’t use the same password all over. If it was hacked, your entire online identity could be compromised. And nobody can remember good strong passwords for every site he visits. Password managers are no solution. You need to have them with you all the time. They are protected by a master password. So if an attacker can get hold of your database and your master password, which is easily attainable with a trojan, then good luck. He even gets a list of sites to visit.

OpenId and OAuth are a step in the right direction. In theory, you could maintain your identity with a central entity, and use it as a proxy to authenticate you. You have to choose that central entity that manages your identity well, as is can now track your every move. Hence, It would be best, if you could host it yourself. But it is usually still only protected by a password. Since you now only have to remember one, it’s easier to choose a strong one. But again, if an attacker gets hold of your password, he can impersonate you.

So, we need hardware based two factor authentication (something you have and something you know). For about one and a half years I’ve been using a CryptoStick for said two factor authentication. It works great for email, files, ssh, package signing, full disk and disk image encryption, but I couldn’t figure out so far how to use it for web authentication. They mention a service for a SmartCard backed OpenId. That would be just what I want, but I couldn’t figure out how to make it happen. Continue reading “We have been using passwords for too long”

Playing with Smart-Cards

Ever since reading the book “Kryptographie und IT-Sicherheit” where I first learned about how SmartCards work, I wanted to do some SmartCard programming. In the book it describes some inner workings of Smart Cards, and that some of them have a small Java VM inside. But it turned out that the entry was not as easy as in many other fields. First of all, you have many smart cards (SIM of your mobild phone, Credit Card, Debit Card, Health insurance card, …), but usually they are protected so you can’t install anything of your own. Technically, it would be possible to have many applications on the same card, like CreditCard, DebitCard, HealthInsurance, PublicTransport, and so on. But with very few exceptions, the issuers don’t feel confortable sharing a card with someone else. Then there seem to be many different standards, and the companies seem to bee keen to obscure as much as they can. And then you also need kind of specialized hardware, but that’s the easier part.

Continue reading “Playing with Smart-Cards”