Please im losing my patience here FINGERPRINTS and Public Keys

Hi Ive posted a few encrypted messages and have been able to communicate back and forth with encryptors using their Public keys. But some give me their KEY FINGERPRINT. I dont know how to use this to find out thier Public Key, wich is the only way i know how to communicate

help

πŸ‘︎ 3
πŸ“°︎ r/GPGpractice
πŸ’¬︎
πŸ‘€︎ u/anshelanimal
πŸ“…︎ Dec 27 2020
🚨︎ report
So this is my Reddit PGP public key, nothing more to see here. Fingerprint: 9f2dd837e2c5ab90ba0edcbc6da64b6a017d23d3

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF7Nf8oBDADBiflVhPWj7OatudHUFRSWmOP6/0w3RC3JnejY4YtOHsIc5iQ3

F1JqAEuuOn3KWbG55QUhfz/30qIJSOiXdCxz37BNQ6tTmR/AN2oAlxtj4+DwtJDJ

EdVZG381f/gim3F4n4ogxwTj4m/D88Luju3EvAVuD6D82PppWwpE69oQ/yrir8Aa

5KKToMXJqWb5eSyqzllzdQg/0b38MqJh5kvohVzjZsdjq+4LVo0KXHPwtNvDab0u

M9WqsReuhBKkZlsvUp7HfLxC6bsX31nmstN0bso6c/wt92c4CzVtr53mCMczScUw

ui+xmGYWAVHnpdFkigtZsP9aEo1hIUYJCx3TFmf8so6jH86rR7DaC7pFVk7BCnMt

/WOr/IX2FbK424vn2Qxnq0zF6X8UgcmsPlyBu3Odxb7JlYVZfOvjtD/bztkXZCDG

+JehUmHkYZtnFF5bmicBhg9D0b21E00gq/4PQc+owM3CzopiA68gWDz5RAlW2txH

FbyktsPWdJrC6AsAEQEAAbQudS9Mb29zZVVwc3RhaXJzIDxMb29zZVVwc3RhaXJz

QHJlZGRpdC5ub2VtYWlsPokBsAQTAQoAGgQLCQgHAhUKAhYBAhkBBYJezX/KAp4B

ApsDAAoJEG2mS2oBfSPTKpwL/2VcrkCEcsbFWImXiA3bYg13pupg02GIUzpud33q

m68oaJY5MEZr50JDp2EaXmQ4uTHt4KJkbmuCattqykcZB16Q5su6L3qlMpKr6Ttq

8jU8989D9CrBwpE8BUyKSMuyhvF8UOMat0+Y7WhpU3c66MlKpQCvDOcCWuEF10xG

frzVZIssylBQskoB+ah6aOM7RYv9l8Vmrsg785T/gM4tvPFpPzxM7o+VthrKBil0

/dTtyIECd4tBxS2n1wsSfN+hWsl2YKuRvxfDlvxczjO+KIL7RepyKiLCBeAJsxUV

AbP+Limou83751xGj4JRiJW5GlPJcl6am8+l4EwtC8MTEy+2jxSJvl7kPKQ+pa0w

VuMJROjv3S6V5Cy77SgRyvfi3G8aKAP/DlTEsIpFyRfMJBlfY9oj6PBzvgc/B5Pr

wYaKvFoP/fiWhDmeK3jarvnMnE6Fc5pEsYpGaFD2Rm/dOuCeLNzr2KYfLqcifocR

VTQb5mO+Oct9I5wbOePgij9bUrkBjQRezX/KAQwAvvvMgje5Djbk9006XSa0Mq5u

eXmJKAHyvTvx7i6CkknE3lmiQ47em91isGpPH3/js05xv6Nl/b8Orug5CquqwY5h

QmuURqpnm6MmhYrmkrnAhnxTSOS8gToi/EFF4QqdkhJ8jSZLtM3N755nnl5EOSeb

SsNoa+4X5UHQmzd2STjh0NKMqyI9z6yb3n4KPb46GXLo+KbEj1naJIjbt9r2lntT

/8+EMS+l6ssTPkjMeKFia95UXV1vqoS46OrpItEpT7LkMmfNQ+6F9sKWHQTlq3BX

OJJR8Rf78vbAfwXD9JYcCAxDhGagEGoh8aBpWQnCte8bGsjQ4+GSgVsbtoV+UeXq

xSHzUyqjOJ4yGHNA2LXkAwRHMG+7+DHmOo4LAFNUNomboEQDEBNMDINe75VVA79h

IBurtXzoDhdME2nHAf3Fu2iX37SdFUL227H8STmyhrZSfOVhCrUOXXAd7Kt0GPaT

kLOj9hRsPzJU4at8l8NOcVmTdp7iqhehQaUPY1iLABEBAAGJAZ8EGAEKAAkFgl7N

f8oCmwwACgkQbaZLagF9I9M8Jgv7BUXHn5btUZguNZZLmK4qg+/gSsgKHttLL4bF

07p4c304BRhwMqp8CkC8ntvYjyQHaB4bp3VstMZmHaeNkosgWcuTqmW758MzbRyY

+09fDsvfqEG7iCWMk2c8hDVzk7ejW5COCGLEV18ugXyjspTfwM7Xe3aYJm9ndbTF

QK2CWIUNfXx7SffoseHCsd7I+cbXdMFWO7sJ1gp97ohKZrBogVkerZPjMGlcMaXo

IScbMTHke8UZh+EnrAZJT3h+spaRKLafd9gQaZHNnx7P/ssWngI6jRlpzmTspGtL

WzeK6hEtQk2oYJxWjgFK/ody+Q4tdC6IX0N+vmVVcL6JAfEmLTaxaLnO1/8m9KFc

PFSqEJvdmR5JtkCcLBj24Ab3Xbpe6BKBFjDXBeyXqVEK6Ds99+khMrFpisC9ZJRv

RIcC+odk5KbUXEqqhtRgzUeLz3lGCF4BWc7vo8YltJtwXk4SHX5OrzclTUmC67tV

Y308MQpS1dOVvq7xeHX1Q1lbFSNz

=mHb0

-----END PGP PUBLIC KEY BLOCK-----

πŸ‘︎ 2
πŸ“°︎ r/PGPkeys
πŸ’¬︎
πŸ‘€︎ u/LooseUpstairs
πŸ“…︎ Jul 06 2020
🚨︎ report
Amazon EC2 Linux instances hold only the SSH public key, not a private key. How can I be confident I'm connecting to my instance? How do 'fingerprints' help?

Here is Amazon's page on their use of key-pairs.

Also, do fingerprints mean I should be protective of my instance's 'public' key? Surely, to be confident I'm connecting to my destination machine and not a man-in-the-middle, the destination machine must hold a secret of some sort, to prove this. Am I mistaken here?

πŸ‘︎ 14
πŸ“°︎ r/cryptography
πŸ’¬︎
πŸ‘€︎ u/Wootery
πŸ“…︎ Dec 27 2019
🚨︎ report
Problem authentication using root Public Key or fingerprint

I'm using the example BearSSL_Validation under ESP8266WiFi , I've extracted the root public key using openssl x509 -pubkey -noout -in cert.pem, but the connection failed same for the root fingerprint. I'm curious why only when I use the root cert it validates.

πŸ‘︎ 2
πŸ“°︎ r/esp8266
πŸ’¬︎
πŸ‘€︎ u/ThisIsaac
πŸ“…︎ Jul 04 2020
🚨︎ report
Want to look at fingerprint before importing public key

Using Linux Ubuntu I installed gpg (GnuPG) 2.2.4. I then downloaded veracrypt's public key to my home/<name> directory. I then ran the following in the terminal:

gpg --with-fingerprint VeraCrypt_PGP_public_key.asc

Instead of giving me a fingerprint of the file it gives me the following: "WARNING: no command supplied. Trying to guess what you mean..."

I'm sure as a newbie I'm making some basic error. If someone would point it out I'd appreciate it. Is this a simple "cd"-type error?

πŸ‘︎ 5
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/Jack15911
πŸ“…︎ Aug 22 2018
🚨︎ report
"Confirm your fingerprint" gives "RSA private or public key is null"

I tried to pay for something online and had to confirm payment.

Has anyone else seen this error using the beta? I'm not sure it's just an oddity in general, or a new issue because I'm testing the OS beta.

https://imgur.com/FmzNiY4

πŸ‘︎ 2
πŸ“°︎ r/android_beta
πŸ’¬︎
πŸ‘€︎ u/chizcw
πŸ“…︎ May 13 2019
🚨︎ report
meCoin: A biometric proposal for using your fingerprints/retinas as seeds for public/private keys at participating retailers.

I was mulling over the realities of having bitcoin stored on our mobile phones (theft, loss, damage) when I realized how completely unnecessary it is.

With a blockchain linked retail terminal, the ideal way to give customers access to their funds already exists: their own biometrics.

An individual would simply need to create a public address using their right index finger, using a method that reliably produces the same address each time when the same fingerprint is presented.

The private key to this public address would then just need to be generatable from a combination of your retina/left fingerprint (or another bio indicator).

Testing would need to be done to find the easiest combination of.... Whoa.


I just made the concept even better, just in case of fingerprint theft. Give the user a PIN, right? And have the private key simply be generated from both the 4-digit PIN plus the users left fingerprint (if you don't want to get into expensive retina scans for low level transactions).

So now you truly can never be without your wallet. Because you are your wallet.

For everyday transactions, you use your wallet with a public address created from your right index fingerprint. Your private key to this is generated from a 4-digit pin + your left index fingerprint.

For larger amounts of bitcoin, a custom public/private key can be generated with your retina, and a multi-bio-sig solution can even be set up in case of a massive, organ damaging accident (using passwords and other access tokens).


The only way to make this even better is to figure out a system that lets me use my fingerprints to generate private keys, but renders even stolen fingerprints useless to thieves in the recreation of those keys.

Adding a pin number helps, but isn't perfect.

Anyway, I have a beautiful vision of walking up to a food counter, ordering, and placing my two fingers on the device and it saying "Ding - thanks for your purchase."

Basically achieving the ultimate convenience for retail payments.

πŸ‘︎ 4
πŸ“°︎ r/Bitcoin
πŸ’¬︎
πŸ‘€︎ u/americanpegasus
πŸ“…︎ Apr 11 2015
🚨︎ report
Calculating a SSH Fingerprint From a (Cisco) Public Key blog.didierstevens.com/20…
πŸ‘︎ 76
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/sanitybit
πŸ“…︎ Jan 02 2012
🚨︎ report
Calculating a SSH Fingerprint From a (Cisco) Public Key blog.didierstevens.com/20…
πŸ‘︎ 3
πŸ“°︎ r/UIC
πŸ’¬︎
πŸ‘€︎ u/evilcry
πŸ“…︎ Jan 02 2012
🚨︎ report
Checking download hash question and public key
  1. I have generated the hash of the downloaded file and have a result. However, I cannot find on the Manjaro site what the hash is supposed to be. Link, please? Resolved, at least at the SHA-1 level.

  2. I was able to download Philip MΓΌller's Public Key using the key identifier on the Manjaro website, but I cannot find on the website his full public key fingerprint to compare against the one I downloaded. Another link, please?

πŸ‘︎ 4
πŸ“°︎ r/ManjaroLinux
πŸ’¬︎
πŸ‘€︎ u/Jack15911
πŸ“…︎ Jul 23 2019
🚨︎ report
Setup difficulties

Newbie. Have some Bitcoin in a paper wallet, and want to transfer it to my new Trezor. Research suggests I need to first transfer it to something like Electrum.

Kleopatra downloaded. In 'Downloads' I have electrum-3.3.8-setup, electrum-3.3.8-setup.exe.asc (but no 'lock' icon - maybe that's a problem?) and gpg4win-3.1.11.

Running Kleopatra, entering Thomas' GPG public key fingerprint and following the other steps doesn't achieve signature verification.

Any help will be greatly appreciated (I'm 73, and way out of my depth with this stuff). Also, considering that as soon as I get the Bitcoin into the Electrum wallet I will straight away be transferring it to my Trezor, what risk would I run if I didn't verify the signature?

Thanks.

πŸ‘︎ 2
πŸ“°︎ r/Electrum
πŸ’¬︎
πŸ‘€︎ u/Hank1402
πŸ“…︎ Jun 15 2020
🚨︎ report
Yet another warrant canary thread

I was on vacation when the warrant canary was changed but jesus, it's still done improperly

https://socialistra.org/canary/

While this is a much better step than a footer image, it seems the point was still missed.

This block of text should, itself, be signed. Including the public key's fingerprint itself does nothing if the rest of the message (including the key) can be modified without anyone noticing.

https://www.cs.rutgers.edu/~watrous/pgp-sat.html

Here is an example for a beginner using PGP, which the org might need to read. Notice how there is a block for the PGP signature. This is the whole point of the canary using PGP.

Fortunately, this is easy to fix and it literally just requires them to copy the text into GPG, sign it, and update the page to include the signature block.

Let's see if this can get done without waiting 6 months.

πŸ‘︎ 39
πŸ“°︎ r/SocialistRA
πŸ’¬︎
πŸ‘€︎ u/JMV290
πŸ“…︎ Nov 28 2018
🚨︎ report
Can't seem to restore public key authentication on an Ubuntu 18.04 server for the life of me

I had a bit of an accident when re-organising storage on my Ubuntu 18.04 server and I lost my home directory on it. It's in a datacentre, so I can only access it via SSH and can also SSH into a rescue system booted over the network. I can mount the drive and chroot into it from the rescue system. I can get console access if needed.

The server was configured to be accessible with only SSH keys, and with no SSH access to root users. For some reason, my private key keeps getting denied and I can't figure out why. Here is what I have done so far:

  • System is up to date
  • Confirmed the following in sshd_config: PubkeyAuthentication yes, ChallengeResponseAuthentication no, UsePAM no, PasswordAuthentication no, and no AllowUsers or AllowGroups parameters
  • Confirmed that AuthorizedKeysFile is pointing to the right place, and I can see in auth.log that it is going for the right file. I am 100% that the path is correct, the spelling isn't wrong, not using a hyphen in authorized_keys or anything like that
  • Tested with UsePAM yes
  • Re-created my user with the same uid and a /bin/bash shell
  • I had to re-create the home dir after the data loss, so I copied what's in /etc/skel into the new one and manually created the .ssh folder and authorized_keys file
  • 700 permissions on my home dir and ~/.ssh, and 600 on authorized_keys. Everything owned by my user. Tried 644 perms on authorized_keys too
  • Checked same permissions on client-side too. Home dir is 700, ~/.ssh is 700, private key is 600, and .pub key is 644
  • Confirmed no encryption on home dir
  • Checked /etc/fstab against actual UUIDs, and checked logs to confirm that /home is mounting
  • Confirmed SELinux is not enabled
  • Confirmed that the public key fingerprints on the client-side, what I'm seeing in auth.log, and what's stored in authorized_keys are all the same

Here's what I get when running ssh -vvv:

> debug1: Authentications that can continue: publickey > debug3: start over, passed a different list publickey > debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: RSA SHA256:redacted /home/DatOpenSauce/.ssh/myKey > debug3: send_pubkey_test > debug3: send packet: typ

... keep reading on reddit ➑

πŸ‘︎ 3
πŸ“°︎ r/linux4noobs
πŸ’¬︎
πŸ‘€︎ u/DatOpenSauce
πŸ“…︎ Dec 10 2018
🚨︎ report
Ninki Wallet is now in Beta on MainNet (Sign up and I'll send you coin)

Getting late here, will resume the testing in 10 hours or so. Thanks to everyone who tested so far!

  • A payments social network
  • 2 of 3 multi-sig wallet (you have 2 keys we have 1)
  • BIP32 HD chains
  • Create your own payment network using PGP to hand off nodes on your HD chain
  • Validate the authenticity of your contacts via a "Ninki phrase" out-of-band exchange (public key fingerprint represented using bip39 mnemonics)
  • Send and receive funds on your network without exchanging Bitcoin addresses (with ZERO address re-use)
  • Bitcoin as easy as email!
  • Create invoices for contacts on your network (via PGP)
  • Prevent address spoofing when sending within your network- we validate the address you are sending to is correct on the server side before we counter-sign
  • Set account limits
  • 2 factor authentication

Add NinkiBen as a contact and email me your username and "Ninki phrase" ([email protected]) and I'll send over some coin for Beta testing (until i run out)

My Ninki phrase is:

exhaust lumber tone tribe poem glide alpha vendor select morning maze tongue vote rain clock

Please only use small amounts until we come out of Beta testing and be sure to backup all your keys and passwords. The site will be down for maintenance during the beta test between 9-10pm Tokyo time.

The url is: https://ninkip2p.com


Client side code is open sourced here: (i will do my best to keep it in sync with the site during the beta test)

https://github.com/Ninkip2p/NinkiWallet

the recovery tool (very alpha version!) is here:

https://github.com/Ninkip2p/ninki-recover

You can use this tool to recover funds in the event our service is/becomes unavailable. It uses chain.com for the blockchain queries and so works completely independently of our service.

any questions happen to answer.

πŸ‘︎ 53
πŸ“°︎ r/Bitcoin
πŸ’¬︎
πŸ‘€︎ u/Ninki-Ben
πŸ“…︎ Aug 23 2014
🚨︎ report
Every few months I remember that I need to practice PGP and I've forgotten what to do

Public Key Fingerprint: BB869888ECEA88F7C539A9CA865057CA2551D5BB

So I remember the general concept of PGP. If you send me something encrypted with my public key, only I can decrypt it with my private key.

And vice versa, if I send you something encrypted with your public key, only you can decrypt it with your private key.

...Right?

But suppose I just wanted to post a message here, not to any particular person but just to whoever wanted to reply to the thread.

Do I encrypt with my private key, and then you guys decrypt with my public key?

EDIT: Reviewed this video for like the 12th time, I think I got it.

So if I post a message here encrypted with my private key, you should be able to decrypt it with my public key ;)

-----BEGIN PGP MESSAGE-----

owGbwMvMwMHYFhB+SjXw6m7GNauThApKk3Iyk3VzU4uLE9NT9UoqSmK8TfZ6pObk
5HNxReaXKmQklqUqFJcmJwNVpJXm5FQqpKQmF1UWlKSmKORWKkA1KpQWZ+algwQg
Bipkp1ZycTnn56UXJZaU5iSWZObnFXNxueZl5VcqVOaXFinkpZan5ZfmpSjkZKal
KuSnKWTn5ZeDzMjIL1coyQcamKoQ4B6gkAhUkl6QztXJaMzCwMjBICumyLK7bUbH
m1cd349arjwF8w0rE8jhDFycAjCRyz/Yf7NIKd/vml7rKbgieIdy1TmVwzECS7+x
TeadyiTzTo8t94JA7bRPp3UiRCwvviheFptn9/PnpyWJysvDf0tturTh76WfPs4F
L08xNfjM/Vl0JLeZ4dmF/CnvYj3df+63CGi9wlm72vRbaLDGAn7B6/Gm09+Frn9y
KfelRR2n2PPl39I/NoWqvyjpTJ51TV7zgd5m3/4/UZoP8lc3mU7XKCxRWcokxXBZ
b0WE6IxVB7oN3pl2Xvl22P+5g59w4sWjN2x8Zt6/MI2Tr+DSVos4/UPuK37G6Wnv
ifr1p1olyzo+e1O0/rGHfJU59+RZu87y/1m4MNBr1zKHDbNXXWh6LXxkf+t/foFG
k++P/8idcQEA
=EGih
-----END PGP MESSAGE-----

In case it helps anyone else, apparently encrypting something with your own private key is called signing in gpg terminology:

https://stackoverflow.com/questions/14434343/how-to-encrypt-a-file-using-private-key-in-gpg

So I just did gpg --sign --armor /path/to/message.txt

πŸ‘︎ 2
πŸ“°︎ r/GPGpractice
πŸ’¬︎
πŸ‘€︎ u/mon0theist
πŸ“…︎ Jan 25 2019
🚨︎ report
I've created a Protonmail account

That would be dredmorbius <at> protonmail <dot> com

Which may well test the system against spam....

I'm looking to see if this can have PGP/GPG key support as well. That's presently ... problematic under Android for various reasons.

Public key fingerprint: 2bc99703180feaa203b473c56aa6cfe9181a28ff (Uploaded to https://pgp.mit.edu keyserver.)

This will quite probably be my preferred future email contact, given Google's failure to address its Kristallnacht problem, among other sins, though for the moment I'm giving the service a shake-down.

I'm retaining my similarly-identified gmail account for the time being.

I encourage others, most especially enterprise and organisational users, to consider Protonmail or similarly secured communications.

πŸ‘︎ 3
πŸ“°︎ r/dredmorbius
πŸ’¬︎
πŸ‘€︎ u/dredmorbius
πŸ“…︎ Mar 10 2017
🚨︎ report
How do i verify the fingerprint the first time i SSH in the box?

First, i configured SSH on the IOS 15.X router >>

hostname R1
ip domain name x-corp.com

crypto key generate rsa modulus 2048 label SSH

username admin privilege 15 sec cisco
enable secret cisco

aaa new-model
aaa authentication login default local
aaa authorization config-commands
aaa authorization exec default local
aaa authorization commands 1 default local
aaa authorization commands 15 default local

&nbsp;

Now if i SSH in using PuTTY i will get prompted the PuTTY Security Alert >>

The server's host key is not cached in the registry.  
You have no guarantee that the server is the computer you think it is.  
The server's rsa2 key fingerprint is:
ssh-rsa 2048 3c:65:fc:fa:c7:3e:5b:f2:6c:62:64:5d:17:c5:ef:b1
If you trust this host, hit Yes to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, hit No.
If you do not trust this host, hit Cancel to abandon the connection.

&nbsp;

On router from show crypto key mypubkey rsa >>

% Key pair was generated at: 14:53:55 UTC Jan 23 2017
Key name: SSH
 Storage Device: private-config
 Usage: General Purpose Key
 Key is exportable.
 Key Data:
  30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
  00B84E3D 8CD4FF75 82B0FE65 8D0B77D5 48E4DB38 1D76152E B5B3F7A0 4FEA1D7C
  F837646C 52016FB1 900C3BA6 3B0BC892 C9182251 B73B0570 B5998B1D 04EEDD30
  AA71A38D 8E27E155 F0A16187 F4414CF6 B875F562 F29F16BB D50A8753 541937A3
  9CFC8CC8 89FCB141 E77BA727 D4B85670 7334238B 6C5CCF04 07055E99 32DE3154
  B5AB044B 27551E5E 7D2514FB A5BFB3FF 011625F5 55B7589C 3EB3E1CE A94B28BF
  E0708345 5E1A6B89 0C819F61 6AEC1982 A0C7FB7F 7984BB44 6EE0703F 74FF3952
  A9013186 9CE55D2F 66DE77FD 20CFD12C 8A91894E 55F67C1A 14568030 32DE14FC
  F5B5EACC 78D34849 75B89FF9 C18AE2BB A725509F E2F47815 B3B74E67 E53C4E86
  AF020301 0001
% Key pair was generated at: 14:53:57 UTC Jan 23 2017
Key name: SSH.server
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 009D86B8 727B48C2
  EBE5E540 E8781E6C F58EC4D8 ED29ECAD 065B2E29 7D563537 2F331842 AC94D854
  F8E1E538 3F4EF1DC 44192214 0EDA6573 E4F9F63C AF140F27 3143FC23 2E742468
  BF8A6D43 64225548 35E2EAAD
... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/ccnp
πŸ’¬︎
πŸ‘€︎ u/xDizz3r
πŸ“…︎ Jan 24 2017
🚨︎ report
Requesting community feedback on Armory 0.94.1 by "goatpig"

In the past several months, "goatpig" has released a forked and updated version of "etotheipi's" Armory. "etotheipi's" Armory slowly screeched to a halt over the past several years (and was finally announced to be a defunct project earlier in the winter).

This new fork can be found here: https://github.com/goatpig/BitcoinArmory

So far, "goatpig" appears to have made some notable positive changes, and I'm excited to see some renewed effort with this wallet:

  1. Removed "phone home code".
  2. Added changelogs to the git repository.
  3. Reduced database size to a manageable level and increased initial startup speed.
  4. Removed torrent blockchain download mode.
  5. DB corruption detection and auto repair
  6. and more....

However, it seems like git commit tags are no longer signed? I am getting the following error when trying to verify:

$ git tag -v v0.94.1 
error: 811798a9282d216e0a450fe342d8a4671fee01d3: cannot verify a non-tag object of type commit.
error: could not verify the tag 'v0.94.1'

I found a PGP public key for "goatpig" at the following URL: https://raw.githubusercontent.com/goatpig/BitcoinArmory/master/PublicKeys/goatpig-signing-key.asc

It has a public key fingerprint of

745D 707F BA53 968B DF63 AA8D 8C52 1176 4922 589A

however it was created recently (2015.11.22), and has no signatures from others vouching for its authenticity. I have not seen any public, cryptographically signed indicators of "etotheipi" giving any endorsement of "goatpig" either. Can anyone vouch for the authenticity of this PGP public key?

There are releases published using github's release file storage feature: https://github.com/goatpig/BitcoinArmory/releases

There is a sha256sums file included which does have a valid signature and the hash that is signed does match up with the .deb file that is included in that release. I'm not sure why the release package is signed but not the git repository's release tag.

If anyone has any knowledge on why git tags are not signed or what I may be doing wrong when trying to verify a signed git tag, that would be appreciated. Also, if anyone has any comments or experience with this new fork of Armory, I would appreciate to know what you have to say. As with any bitcoin software, public scrutiny is critical, regardless of how well intended the author, because everyone is human and can make mistakes. I don't think Armory has nearly the eyes or users that larger projects like "Bitcoin Core" have. At the same time, "B

... keep reading on reddit ➑

πŸ‘︎ 10
πŸ“°︎ r/Bitcoin
πŸ’¬︎
πŸ‘€︎ u/andyschroder
πŸ“…︎ May 07 2016
🚨︎ report
How Practical Is Two-Channel PGP Public Key Verification In A Digital Age?

I’m slowly getting up to speed on All Things Crypto. PGP is my next project. I’d like to do it with several people I’ve met on Reddit. I’ll use GPGTools. They’ll use their OS variant. Maybe, OTR next.

But in reviewing the materials, to verify their keys we’d need to read off each others’ Public Key fingerprints using a different channel than the one we usually use (Reddit).

Umm. It’s Reddit. We don’t even know each others’ emails.

My questions:

a) if I read it properly, I’d need to call them or meet them in person. Using a different digital means (chat, email, Reddit PM) could be at risk of being Man In The Middled. Correct?

b) Would we be able to use OTR Chat as a second channel, or would we face similar same-channel verification problems and MITM exposure?

c) How serious is this different requirement for security for people not having the last name of β€œSnowden,” β€œGreenwald” or β€œPoitras”?

It seems really impractical in this digital age. I know more online friends than analog ones, and I have a lot of analog ones.

Are there any solutions to this, either existing or planned?

πŸ‘︎ 24
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/trai_dep
πŸ“…︎ May 31 2014
🚨︎ report
Help me understand Cicada's PGP

Verifying with PGP seems a very important step to verify one's following the right path but I don't really get how it works. I found this pastebin from 05/01/2012, supposedly from Cicada: http://pastebin.com/sJiGQEPM

They say to go to the mit servers (why MIT servers and not other?) and get the public key with Key ID 7A35090F. So I go to https://pgp.mit.edu/, (important 'HTTPS'), and search for 0x7A35090F and I get one result, okay so far. https://pgp.mit.edu/pks/lookup?search=0x7A35090F&op=index

But the result has two different links, first one leads me to https://pgp.mit.edu/pks/lookup?op=get&search=0x181F01E57A35090F The title says: Public Key Server -- Get "0x181f01e57a35090f "

My first question is, where does "0x181f01e57a35090f" come from?

Is it just the public key fingerprint?

Then if I click on the second link it leads me to: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x181F01E57A35090F

Why are there so many results? Why do those results even show up?

Also why searching for 0x671DDEB1 leads me to 0x7A35090F?

I think 671DDEB1 is just the subkey, what's it used for?

Then there's this link, HTTPS not working for this one, I got it from http://uncovering-cicada.wikia.com/wiki/Verifying_PGP_signatures http://pgp.mit.edu:11371/pks/lookup?search=cicada+3301&op=index

There are 4 results that caught my attention: >pub 4096R/7A12F5F6 2014-01-05 Cicada 3301 (845145127)

>pub 4096R/14929049 2014-01-03 Cicada 3301 (845145127)

>pub 4096R/7A35090F 2012-01-05 Cicada 3301 (845145127)

>pub 4096R/26AB20B7 2012-01-05 Cicada 3301 (845145127)

*What's 845145127? What are those public keys? Are all 4 from Cicada?

Also in the last twitter image they say "Verify OpenPGP", I understand they refer to gpg command, but why gpg and not other program? Is it relevant that they specified OpenPGP?

Where does the Key ID, Subkey, and PGP fingerprint come from exactly? How many of each can there be?

Thanks

πŸ‘︎ 13
πŸ“°︎ r/cicada
πŸ’¬︎
πŸ‘€︎ u/zakaria44
πŸ“…︎ Jul 24 2016
🚨︎ report
GPG Key Signing Basics

GPG Key Signing Basics

To print out your key fingerprint

gpg --fingerprint keyID &gt; file_name

gpg --fingerprint D8BF00E3 &gt; my_key_fingerprint

To search for keys on a public keyserver:

gpg --keyserver keyserver_name --search-keys search_term(s)

gpg --keyserver pgp.mit.edu --search-keys Bob Jones

To Import keys from a public keyserver:

gpg --keyserver keyserver_name --recv-keys keyID

gpg --keyserver pgp.mit.edu --recv-keys D8BF00E3

To Verify the Fingerprint of the key:

gpg --fingerprint keyID

Note: you should confirm the public key's fingerprint via phone, email, etc. prior to signing it.

To Sign the key:

gpg --edit-key keyID

Type 'sign' at the prompt ( >) in the edit key sub-menu. You can also type '?' to get a list of all commands available in the sub-menu.

Type 'save' to save and quit the sub-menu or 'quit' to exit without saving.

Update the public key on the keyserver:

gpg --keyserver pgp.mit.edu --send-keys keyID

Verify the signature on the keyserver:

gpg --keyserver pgp.mit.edu --list-sigs keyID
πŸ‘︎ 2
πŸ“°︎ r/njlinux
πŸ’¬︎
πŸ‘€︎ u/jerrynj
πŸ“…︎ Jul 29 2014
🚨︎ report
January 4th, 1985 was the last sighting of Boris Weisfeiler, an American vacationing in Chile. 15 years later, declassified US documents showed that he may have been taken to a notorious Chilean cult-turned-prison camp, the Colonia Dignidad, and killed. What actually happened to Boris Weisfeiler?

The Andean foothills of southeastern Chile contain some of the last patches of untouched wilderness in the world. At the base of the Andes mountain range, the foothills overflow with verdant greenery, with small pedestrian roads sneaking their way through the foliage. Trickling mountain streams, fed by melting snow high in the Andes, turn into coursing rivers in the foothills, racing through thickets of trees, while vineyards and haciendas, cut into the rolling countryside like steps in an immense staircase, flourish in the fertile soil.

Boris Weisfeiler was a mathematics professor at Pennsylvania State University. Born and raised in the Soviet Union, Weisfeiler was a gifted mathematician, and showed his potential from a young age. He received his Ph.D. from the prestigious Steklov Institute in Leningrad (St. Petersburg) in 1970, and progressed rapidly in his career. In 1973, however, he was unfairly blocked from a promotion, allegedly due to unofficial antisemitism in Soviet academia. Seeing that there wasn't a future for himself where he was, he defected to the USA. Weisfeiler arrived in America in 1975, and in 1976, he joined Penn State as a professor. In 1981, he was naturalized as a US Citizen.

In December of 1984, Boris Weisfeiler had decided to take a solo backpacking trip through southeastern Chile. Even after a lifetime in Russia, Weisfeiler dreaded the long northeastern winters, and sought respite in more temperate climes during Penn State's winter break. He was an experienced trekker, having previously taken solo trips in Peru, Alaska, China, and Siberia, and so wasn't fazed by the remoteness of his chosen destination or the rugged terrain of his proposed route.

Weisfeiler boarded a flight from Penn State to Pittsburgh on December 24th, 1984. From Pittsburgh, he flew to JFK Airport in New York, and from there, to Santiago, where he landed at 10 PM. From Santiago, Weisfeiler took a bus south to the town of San Fabian, in the Nuble region of Chile, where he began his trek to the Andes. From here, the exact details of Weisfeiler's route are hazy, as he was traversing sparsely inhabited forest, eating from his own stores and sleeping wherever he could find cover, with occasional stays in the villages he passed through.

We do know, however, that on January 3rd, Weisfeiler had crossed th

... keep reading on reddit ➑

πŸ‘︎ 3k
πŸ’¬︎
πŸ‘€︎ u/logicx24
πŸ“…︎ Feb 25 2021
🚨︎ report
Soulless Victories - 44

Head Arbitration


"Prickles, we're hitting our limit over here. You got anything to send?"

"Some injured reserves. Nothing else. Water pressure is out, can't wash them away. Sorry, Hale."

"Well, shit. I was kinda hopin', not going to lie."

"Starting to look like we'll be a headline on tomorrow's news."

"Maybe my handsome mug, but your bony face? Footnote, tops."

"Uh, hello. This is Francis. We're out of the, um, shock bat things. Can anyone help?"

"Harland here. Still got yer throwables? Yank the pin, chuck 'em them as far as you can. Don't blow your face off."

"Okay. Sure. Um, what then?"

"Got hands?"

"Yeah?"

"Use 'em."


Aldi retreated from the embedded drone, expecting an attack at any second.

He knew systems. Several kinds, actually, with the certifications to prove it covering a wide variety of fields. He just didn't have a deep understanding, the kind required to build one from scratch. That would require a lot more focus and effort than he was willing to invest. Prior to the last few weeks that was the most enjoyable way to get through life: Drift in, learn enough to pass a placement test, then work off whatever immediate financial need was at hand. Then drift out again to find something else.

It was a tactic that worked well for him in general. With enough passable scores it was entirely possible to get temporary worker status on just about anything, at least for a bit. There was always some sort of temp work going on with an enormous station habitat and Aldi did a fair bit of roaming. Which meant in one form or another he'd experienced every possible kind of system there was, from hardware- to software-based. Physical to digital, even some of the nascent bioengineering down in the ill-funded Corporate sectors.

So he knew, without a doubt, what he was looking at shouldn't be possible.

Aldi eased completely away from the GravComm array, retreating to just outside the broken door while he thought. The hallway was reassuringly, depressingly Corporate-- something he felt naturally comfortable being around. A predictable kind of environment where things made sense. Because whatever was going on inside the comms room was decidedly not, in multiple ways. In his experience drone systems were physical things: Microcontrollers, servos, power sources, hardware. With some sort of operational software, certainly, but it was hardlocked to the physical reality of the system it ran on.

Which meant drone softwar

... keep reading on reddit ➑

πŸ‘︎ 59
πŸ“°︎ r/HFY
πŸ’¬︎
πŸ‘€︎ u/Susceptive
πŸ“…︎ Apr 03 2021
🚨︎ report
Did a Group of San Diego Police Officers Get Away With Multiple Murders?: The Story of Donna Gentile and Cynthia Maine

I’ve been captivated by this one for a while. It’s a shocking saga that exposes a lot of corruption in law enforcement and I’ve never seen it discussed on Reddit, so I figured it warranted a write-up. This is extremely long (I like to go super in depth and include as many details as possible), but it’s worth the read IMO so check it out when you’ve got some spare time. Feel free to skip straight ahead to Donna and Cindy’s murders if you’re in a rush or aren’t interested in the background info.

Background In the mid to late 1980’s, there was an alarming amount of women being murdered in the western states. The Green River Killer, Southside Slayer, and Night Stalker dominated all of the headlines. But through it all, a similar pattern was quietly unfolding in San Diego and receiving almost no media coverage outside of the city.

The string of cases involving missing and murdered women in San Diego during this time period grew to around 43 total, most of which were what law enforcement called β€œfringe women” - meaning women who were prostitutes, addicts, exotic dancers, homeless, or involved with biker gangs. Detectives still do not know exactly how many perpetrators were involved in all of these slayings and disappearances. In the following years, police hypothesized that an ex-marine named Ronald Elliot Porter (who was already in prison for another murder) was responsible for approximately thirteen of the murders, though he has never been formally charged with them. Another three murders are believed to have been the work of Blake Raymond Taylor who was also already in prison for murder - and just like Porter, has never been formally charged with the suspected slayings. Around nine further cases were solved and lead to the convictions of multiple individual murderers, none of which with any apparent connections to the other San Diego murders. The remaining 17+ murders/disappearances are still considered unsolved. Today I want to tell you guys about two of these women - Donna Gentile and Cynthia Maine - who I firmly believe were not murdered by johns, pimps, or an elusive serial killer, but were in fact killed by the San Diego police officers themselves.

The Complicated Relationships between the Prostitutes and the Police:

To start, it’s important to go over the sometimes hostile - yet often co-dependent - relationship that many members of the San Diego police force had with local prostitutes during this timeframe. One disturbing note is that wh

... keep reading on reddit ➑

πŸ‘︎ 3k
πŸ’¬︎
πŸ‘€︎ u/DreamsAndChains
πŸ“…︎ Feb 09 2021
🚨︎ report
How Law Enforcement Gets Around Your Smartphone's Encryption

This recently released research paper: Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions by Matthew Green and his team which is also covered by WIRED talks about design flaw in data encryption of android and iOS. Wired brushes off most of the technical details and the paper didn't cover android's File Based Encryption very well which I think needs some clarity on it. The paper draws the correct conclusion though and what should be improved in successor android versions.


In android 7+, /data partition is encrypted by File Based Encryption (FBE) on first boot by default. FBE keys are generated in hardware-backed keystore. FBE keys are encrypted in keystore with the key derived from user's screen lock password. So unless you enter correct password, keystore cannot decrypt FBE keys. When you reboot your device, it is in Before First Unlock (BFU) state which means the user has yet to unlock screen first time since reboot. In this state, if someone calls you or messages you, their name won't show up unless you unlock your screen. That's because the device is waiting for your lock screen password which is to be used to decrypt FBE keys and FBE keys are encrypting your contact names.

Once you unlock your screen first time since reboot, it goes to After First Unlock (AFU) state which means the user has unlocked the device first time since reboot. Further locking and unlocking won't revert the state unless you reboot again which throws you back on BFU.


Temporary per-boot key: In AFU state, FBE keys are decrypted by the keystore and are immediately re-encrypted again by a temporary per-boot key. Per-boot key is generated & stored by keystore and its validity is until next reboot. Encrypted FBE keys blob is then cached in /system/vold. This ensures that FBE keys are never in plain text when cached by the OS.


As FBE keys are cached though encrypted, you can now use your biometric to unlock screen and kernel can request keystore to decrypt FBE keys on demand means whenever an application wants to read and write, kernel will load FBE keys in memory and they will remain in memory until next reboot. That's because running a

... keep reading on reddit ➑

πŸ‘︎ 3k
πŸ“°︎ r/Android
πŸ’¬︎
πŸ‘€︎ u/crawl_dht
πŸ“…︎ Jan 18 2021
🚨︎ report
two pgp keys

hi, i have two pgp keys and when i encrypt a file, it uses the first one. i can't figure out how to use the second one. can someone teach me? thanks in advance.

πŸ‘︎ 2
πŸ“°︎ r/pgp
πŸ’¬︎
πŸ‘€︎ u/Bath-Brief
πŸ“…︎ Feb 08 2021
🚨︎ report
Necessary fingerprint length etc. when Alice wants to send multiple pseudonymous messages in public to Bob and keep option of proving her authorship later

Alice wants to send Bob messages. She has the following requirements.

  1. She plans to send him messages that are sequentially numbered, pseudonymous, and sent to him publicly over a period of time.

  2. Each message will take the form of a single text file.

  3. She wants Bob (and indeed anyone else who is interested) to be able to verify soon after he receives each message that it is from the same sender as all previous messages, but right now she does not want him know that she is that person.

  4. She wants to be able to prove at a later date, if she feels like it, that she is that person.

  5. She does not trust online key servers.

  6. She does not trust sites such as 4chan.

  7. She wants to start by publishing a PGP RSA-1 fingerprint publicly, e.g. perhaps she will get it into a photograph in a large-circulation hardcopy newspaper and then make it "common knowledge" that that edition contained the right fingerprint.

  8. She wants that fingerprint to be as short as possible but long enough not to be hackable, meaning that nobody else can feasibly make a key pair in which the public key has the same fingerprint.

  9. She does not want to be defeated by Chuck. Chuck is a bad guy who will certainly read the genuine messages and who is capable of sending fake messages to Bob. For example Chuck may try to swamp Alice's messages by sending Bob fake messages (perhaps a large number of them)

a) through the same public channel as genuine messages,

b) that purport to be in the sequence,

c) that are divided into three parts just like genuine messages,

d) that have a content quite close to the "kind of thing" that Alice would write, but have subtle differences that serve Chuck's wicked purposes,

e) that use a public key with a fingerprint that is as close to Alice's fingerprint as Chuck can get, and

f) that verify as legitimate using a public key (included in his messages) that has that fingerprint.

How should Alice proceed?

In particular, what length of public key and password will be sufficient? Am I right that the answers are "4096 bits" and "40 characters"? And will the following advice included in each genuine message be sufficient?


TO BOB FROM ALICE: VERIFICATION INSTRUCTIONS:

This document is in three parts: P (main text), Q (public key), and R (signature). To verify its authenticity, take the following steps.

A. Retrieve the 40-character fingerprint X from [presumed unfakeable place, e.g. a

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/pgp
πŸ’¬︎
πŸ‘€︎ u/marydonald33
πŸ“…︎ Mar 06 2021
🚨︎ report
r/Neoliberal elects the British Prime Ministers - Part 18: Gordon Brown vs David Cameron vs Nick Clegg vs Lord Pearson vs Nick Griffin in 2010
πŸ‘︎ 34
πŸ“°︎ r/neoliberal
πŸ’¬︎
πŸ‘€︎ u/Woodstovia
πŸ“…︎ Mar 26 2021
🚨︎ report
Is there a single thing or bit of knowledge that you think would help to swiftly solve this case if discovered?

I know iterations of this question get bandied about in different threads, and as always any suggestion is probably easier said than done. My low-tech solution to these murders, one that could entail a lot of man hours -- or person hours --and some legal maneuvering (for search warrants) is:

Find the blue jacket.

Where it's discovered would be key: in someone's trunk or closet or in the woods under rocks; it could be accompanied by other items related to the crime; there could be DNA on the jacket; there could be fingerprints, etc. At the very least, we'd know who BG is. And if he hid the jacket never to be worn again after the murders, then he's most probably a killer even if he had help. LE could even ask the public to focus on the jacket, a jacket they used to see but have not seen since the murders, or perhaps a jacket they find crammed in a box in an attic. That could be the kind of tip that could really help.

πŸ‘︎ 18
πŸ“°︎ r/DelphiMurders
πŸ’¬︎
πŸ‘€︎ u/CambridgeBrad
πŸ“…︎ Mar 21 2021
🚨︎ report
I need to write an encrpyted message to send to someone, they have a pgp key fingerprint, I assume I take that number and place it on the top line in the pic? Then sign with myself? And copy and paste the results to the vender?
πŸ‘︎ 4
πŸ“°︎ r/encryption
πŸ’¬︎
πŸ‘€︎ u/ScotlandsBest
πŸ“…︎ Jan 27 2021
🚨︎ report
Evidence of an Intruder

I see people often stating that there’s β€˜no evidence of an intruder’... so, thought I’d share some:

DNA:
Foreign male DNA was first found in 1997 in JonBenet’s panties and under her fingernails. In 2003, the Denver crime lab was able to obtain enough of the male profile to meet the strict standards for CODIS submittal. This male DNA was found in the victim’s underwear, mixed in with JonBenet’s blood. It was not present on the fabric between the blood stains.

In 2008, JonBenet’s long johns were sent to BODE laboratories for more current and sensitive DNA tests to be performed. These long johns had not been tested prior to this. Not surprisingly, the same unknown male profile was found on the waistband area of JonBenet’s long johns. This is what is publicly known about the current UM1 aka forensic sample number GSLDPD99178617:
CSF1PO: 12+
FGA: 22, 26
TH01: 7, 9
TPOX: 8
VWA: 18, 19
D3S1358: 15, 16
D5S818: 10, 12
D7S820: 12+
D8S1179: 13, 14
D13S317: 11, 13
D16S539: 11+
D18S51: 11, 16
D21S11: 29, 31.2

Section from BODE report: β€œNotably, the profile developed by the Denver PD, and previously uploaded to the CODIS database as a forensic unknown profile and the profiles developed from the exterior top right and left portions of the long johns were consistent.” DA11-0330

Although the DNA found under JonBenet’s fingernails showed signs of contamination, there is evidence to suggest that the same unknown male profile was also present there as well.

Tape and cord:
Black duct tape was placed over JonBenet's mouth. The source of the duct tape was never found.

White cord (olefin) was used to make the neck ligature/ garrote and to bind JonBenet's hands together. The source for the white cord was never found.

White olefin fibers were found on JonBenet’s sheets that are consistent with the white olefin fibers of the wrist ligatures and the garotte.

Stun gun:
Sets of stungun marks were located on JonBenet's body. A stungun was not found inside the Ramsey's home nor is there any information indicating the Ramsey family ever owned a stungun.

β€œSue Ketchum of the CBI [Colorado Bureau of Investigation] is shown the photos of the marks and she indicated that they could very well be made from a stun gun.” (BPD Report #26-58.)

β€œWhen they had gathered sufficient information, Ainsworth, Pete Hofstrom, Trip DeMuth, and Detective Sgt. Wickman met with the

... keep reading on reddit ➑

πŸ‘︎ 97
πŸ“°︎ r/JonBenet
πŸ’¬︎
πŸ‘€︎ u/Mmay333
πŸ“…︎ Feb 24 2021
🚨︎ report
How do I verify my LibreWolf .AppImage with the .sig file?

Hi.

I just downloaded these files:

  • LibreWolf-84.0.2-2.x86_64.AppImage
  • LibreWolf-84.0.2-2.x86_64.AppImage.sig

Any help is much appreciated, thanks. :-)

πŸ‘︎ 5
πŸ“°︎ r/LibreWolf
πŸ’¬︎
πŸ‘€︎ u/Royaourt
πŸ“…︎ Jan 24 2021
🚨︎ report
The Mad Butcher of Kingsbury Run AKA The Torso Murders

Kingsbury Run Murders or the Cleveland Torso Murders

Kingsbury Run is a gully, sixty feet deep, that runs across Cleveland, Ohio. It is covered mainly with railroad tracks, dirt, and an occasional bush or tree. But in the 1930’s it was home also to a shifting population of homeless men and women driven out of doors by the Great Depression as well as an impromptu play yard for nearby children. It was here and at this time that a serial killer prowled, attacked, and mutilated several victims. Some of the victims, whose remains were usually only carefully cut up parts and pieces, were identified, but some never were. There were many suspects, but the case is still unsolved. Notably, Eliot Ness was, at that time, Cleveland’s director of public safety and took a role in the investigation. It is understood that he had one suspect who he believed was guilty but was unable to bring charges against him. Much has been made of this in the few writings about the subject and the main book, In the Wake of the Butcher, spends large amounts of time talking about Eliot Ness’s biography and his battle against Al Capone.

It began on September 5, 1934, when a driftwood hunter found the lower portion of a woman’s torso buried in sand at Euclid Beach on Lake Erie eight miles east of Cleveland. The legs had been severed at the knees and the skin was damaged from some chemical preservative. On September 23, 1935, two boys found two headless male bodies in Kingsbury Run, nude except for stockings on one of the bodies. The genitals had been removed from each body and their heads were found nearby. The older victim’s skin was damaged by preservatives. The younger man was identified as Edward Andrassy, a 29-year-old petty criminal. The cause of death for both victims was decapitation.

January 26, 1936, a butcher found a basket behind his shop with two human thighs, one arm, and the lower half of a woman’s torso inside. The victim was identified by fingerprints as 41-year-old prostitute Florence Polillo. Four months later boys found the head of an unidentified victim in Kingsbury Run. Over a month later a headless body was found by Big Creek, across town from Kingsbury Run. A few months later a hobo found a partial body once again in Kingsbury Run, floating in a murky pond. February 23, 1937, the upper half of a woman’s torso was found again at Euclid Beach. A month later pieces of a male body were found in the

... keep reading on reddit ➑

πŸ‘︎ 131
πŸ’¬︎
πŸ‘€︎ u/AYoung_History
πŸ“…︎ Mar 16 2021
🚨︎ report
During the night on January 12, 1976, eight-year-old Eloise Anne Worledge was abducted from her home in Beaumaris, Victoria, Australia, meters away from where her parents slept. Where is Eloise now, and who took her?

Background

Patricia Ann Watmuff was a student-teacher when she met her future husband. Lindsay Worledge, three years older than her, was building an academic career at the Caulfield Institute of Technology. By the time that Eloise Anne Worledge, their first child, was born in 1967, the small family had moved into a four-bedroom weatherboard home in the suburbs of Beaumaris. The home was perfect: it was 500 meters from the popular Beaumaris beach, with light traffic and close to shops, schools, and work.

They went on to have two more children, Anna and Blake, in 1969 and 1971, respectively. However, regardless of the new children in their lives, the decade-long marriage between Patsy and Lindsay was falling apart. While Patsy immersed herself in her children, local friends, and arts & crafts, Lindsay spent more time at the Caulfield Institute of Technology, where he was a lecturer and completing his MBA at Monash University.

According to friends, Linday's comments to his wife were becoming increasingly sarcastic. Patsy tried to convince Lindsay to try counseling, which he refused--but Patsy went ahead alone and, while it didn't improve their marriage, it helped her to recognize the irrevocable state of her relationship with Lindsay.

By 1975, the couple's marriage was virtually over. They began to build independent lives and sought comfort in others. In September of that year, Patsy began talking to Linday about a separation.

The couple agreed to split, but Lindsay asked if he could wait to move out until he completed his final exams in November. They agreed that Patsy would stay in the marital home with the three children, and he would have the freedom to visit and have access to the kids at any time. Regardless of their own problems, Patsy and Lindsay wanted to put their children first and do everything in their power to protect them.

But, once Lindsay's exams were over, he told Patsy that he needed more time. They agreed to stay together over Christmas for the sake of the children, and then he would move out. They set the date for Patsy's 33rd birthday, January 10th of 1976.

Patsy's birthday came. She had been preparing the children for the

... keep reading on reddit ➑

πŸ‘︎ 431
πŸ’¬︎
πŸ“…︎ Feb 15 2021
🚨︎ report
Can't seem to restore public key authentication on an Ubuntu 18.04 server for the life of me

I had a bit of an accident when re-organising storage on my Ubuntu 18.04 server and I lost my home directory on it. It's in a datacentre, so I can only access it via SSH and can also SSH into a rescue system booted over the network. I can mount the drive and chroot into it from the rescue system. I can get console access if needed.

The server was configured to be accessible with only SSH keys, and with no SSH access to root users. For some reason, my private key keeps getting denied and I can't figure out why. Here is what I have done so far:

  • System is up to date
  • Confirmed the following in sshd_config: PubkeyAuthentication yes, ChallengeResponseAuthentication no, UsePAM no, PasswordAuthentication no, and no AllowUsers or AllowGroups parameters
  • Confirmed that AuthorizedKeysFile is pointing to the right place, and I can see in auth.log that it is going for the right file. I am 100% that the path is correct, the spelling isn't wrong, not using a hyphen in authorized_keys or anything like that
  • Tested with UsePAM yes
  • Re-created my user with the same uid and a /bin/bash shell
  • I had to re-create the home dir after the data loss, so I copied what's in /etc/skel into the new one and manually created the .ssh folder and authorized_keys file
  • 700 permissions on my home dir and ~/.ssh, and 600 on authorized_keys. Everything owned by my user. Tried 644 perms on authorized_keys too
  • Checked same permissions on client-side too. Home dir is 700, ~/.ssh is 700, private key is 600, and .pub key is 644
  • Confirmed no encryption on home dir
  • Checked /etc/fstab against actual UUIDs, and checked logs to confirm that /home is mounting
  • Confirmed SELinux is not enabled
  • Confirmed that the public key fingerprints on the client-side, what I'm seeing in auth.log, and what's stored in authorized_keys are all the same

Here's what I get when running ssh -vvv:

> debug1: Authentications that can continue: publickey > debug3: start over, passed a different list publickey > debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: RSA SHA256:redacted /home/DatOpenSauce/.ssh/myKey > debug3: send_pubkey_test > debug3: send packet: typ

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/linuxquestions
πŸ’¬︎
πŸ‘€︎ u/DatOpenSauce
πŸ“…︎ Dec 10 2018
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.