Skip to main content

Evan Summers

Evan Summers lives in Cape Town and plays Java, PostgreSQL and Linux. Most interested in crypto, systems monitoring and BI right now. Past interests include Swing, and future interests include mobi web.


evanx's blog

Private Certificate Authority

Posted by evanx on March 24, 2015 at 5:04 AM PDT

In a recent blog entry, I publicized my Final Quadrilogy of articles on Java SSL.

Explicit trust manager for self-signed certificates

Posted by evanx on February 13, 2015 at 8:26 PM PST

We consider client devices (e.g. Android) connecting to a Java server for secure networking. Say we have stringent authentication requirements, and so decide to use client-authenticated SSL sockets, using self-signed client certificates.

My "Final Quadrilogy" on Java crypto, featuring Dual Control for PCI compliance

Posted by evanx on February 7, 2015 at 9:03 AM PST

In 2013, I was a Linux sysadmin, PostreSQL DBA, and erstwhile Java developer for a payment switching company, who was preparing for their first PCI assessment. Besides securing and virtualising their infrastructure - with KVM, virtual firewalls, and ssh forced commands - which kept me quite busy, there was this PCI requirement for "dual control" and "split knowledge" which was a show-stopper.

What is Redis?

Posted by evanx on December 31, 2014 at 8:47 PM PST

Redis is good for prototyping, shared memory, messaging, caching and maximum performance. It might be used orthogonally and/or complementary to your SQL relational store, and/or NoSQL document store. For example, Redis might be used to cache dimensional aggregates of relational data for analytical purposes.

Password Rehash

Posted by evanx on May 1, 2013 at 5:42 AM PDT

We continue our Password Salt adventures with PBKDF2, in order to store multiple revisions of the crypto parameters, and migrate hashes on the fly.

On Ubuntu, Unity and Windows

Posted by evanx on March 21, 2013 at 10:48 PM PDT

This morning i enjoyed an article entitled "There Is Ubuntu, There Is Linux And Then There Are Others", and here i rehash my comment there.

Password Salt

Posted by evanx on January 24, 2013 at 6:50 AM PST

This provides a long overdue update to "Password Hash" from the Enigma Prequels (2007), where that article neglected to add salt, which is embarassing for whoever wrote that article... which was unfortunately me.

Timestamped Millis

Posted by evanx on November 21, 2012 at 8:23 AM PST

We present a miniscule Millis utility class for handling intervals, in milliseconds, not least because we record timestamps as per System.currentTimeMillis, i.e the number of milliseconds since the Unix epoch. As such we can skirt around the issue of the time as seen on clocks, with their time zones and calendars and what-not.

Google Authenticator thus enabled

Posted by evanx on November 7, 2012 at 8:30 AM PST

The Google Authenticator mobile apps implement an IETF time-based one-time-password standard. This hashes the time, with a shared secret using the HMAC-SHA1 algorithm, to generate a one-time password.

But besides enabling multi-factor authentication for our personal Google account, how would we employ Google Authenticator clients for our own websites?!

Deque shredder

Posted by evanx on August 1, 2012 at 1:21 PM PDT

Last time we introduced the trivial namesake Timestamped interface, and used the excellent ArrayDeque of Java6 to collect such things, imposing a time-based capacity and some external synchronization. Now let's test this with some threads.