.
Bitland.Net Security Notes            Comments? email jwilkins-at-bitland*net
More information on the author at Jonathan Wilkins's home page
RSS feed available at http://www.bitland.net/index.rss               Add to Google
Archives: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000
Sites that archive exploits  |  (2003/05/03 17:20)

Packetstorm is the largest site and longest running site that's still alive.
Hack.co.za seems to have made a welcome reappearance after a long hiatus.
xfocus.org has a nice collection.
Securityfocus has exploits archived and searchable at http://www.securityfocus.com/bid The search on the main page is unusable but that url works.
+digg  |  +del.icio.us   |    [Exploits ]   |   Permanent link
Cryptographic Filesystems  |  (2003/05/03 10:50)

Linux's LoopAES is currently my favorite disk crypto system. I've been using it on my main fileserver for about 6 months with no problems. I run Mandrake and it comes with support for LoopAES out of the box.
When I was initially investigating disk crypto, I found a Survey of disk crypto systems which, while a little old, was quite helpful.
I used to use CFS on FreeBSD but had some trouble with corruption. Also, since I had a large RAID array, fscking after a reboot sometimes took hours.
Other people claim to have had better luck with TCFS
OpenBSD's disk crypto is fairly primitive at the moment. The FAQ recommends that you use vnconfig, but that's limited to 2GB, which is really too small.
However, when I was at CanSecWest this year, Theo told me to ask Ted Unangst (one of the OpenBSD guys) about disk crypto and he pointed me at his page on Cryptographic Disk Device for OpenBSD which is supposed to support large disks. I haven't tried it yet but figured I'd link it in case someone else finds it useful.
UPDATE:
CGD for OpenBSD is based on CGD for NetBSD which was written by Roland Dowdeswell. You might want to read his USENIX paper on CGD
+digg  |  +del.icio.us   |    [Crypto ]   |   Permanent link
A bunch of password cracking links  |  (2003/05/03 10:10)

Medussa is a distributed password grinder that does MD5, regular unix crypt and NTLM among others.

COTSE has a few lists of wordlists Wordlist collection 1 and Wordlist collection 2

You can also build your own grinder with the Password Cracking Library

And no list of password grinders would be complete without mentioning John the Ripper

If you're just curious about how good your password is, CertainKey has a Password Strength Analyser which runs as a Java applet.

+digg  |  +del.icio.us   |    [Passwords ]   |   Permanent link
RSS feed available at http://www.bitland.net/index.rss