Walter Soldierer’s Blog

For one of our current projects I was looking for a way to validate strong passwords with regular expressions. Form field validation requirements are defined as a regex in the database properties for the field, so the easiest way to set up secure passwords was using this method. I found many examples for regular expressions but they all lacked one important feature. To avoid SQL injection issues or html formating issues we need to limit the characters allowed in passwords, and all regular expressions that I found on the web would not allow us to do this. Many of the examples posted also contained useless or redundant patterns. Here is my own pattern, which works in Perl, PHP, Java, and .Net. Needless to say that regex engines based on the old POSIX standard will not support something cryptic like this (read as one line):

(?=^[\w ,\.;:/\!@\#\$%&\*=\-\+\(\)\[\]\{\}\|]{10,}$)
(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*\W)

- ten or more characters long
- one or more a-z
- one or more A-Z
- one or more 0-9
- one or more    ,.;:/!@#$%&*=-+()[]{}|   (includes space)

You can easily test this pattern using online tools for different languages:

Perl (PCRE, surround pattern by ” “)
PHP (surround pattern by # #)
Java
.Net

MS finally released Win XP SP3. Windows Update didn’t work, probably too many downlaods are attemted from this server. Downlaod SP3 at Microsoft’s Download Center and install manually.

Since version 5, released on February 8, 2008, Truecrypt can encrypt an entire drive or partition, including the one that contains the operating system installation. Truecrypt’s implementation of strong drive encryption is particularly impressive. Listen to Security Now episode 133 for more information. Finally high quality free open source software is available for encrypting an entire hard disk. I immediately encrypted my Laptop’s hard disk. Truecrypt 4 was already installed and all private data was stored in an encrypted volume. Full disk encryption with pre-boot authentication is a much better solution though. Now the entire hard disc contains nothing that anyone could ever read. The encryption ran as a background process while I was surfing the web and took 2.5 hours on an 80 gb hard disk.

Don’t leave the data on your portable computer unprotected. Download Truecrypt for your PC, Linux box or Mac.

Free encryption software (1): Introduction
Free encryption software (2): File encryption on USB flash drives
Free encryption software (4): GNU Privacy Guard

I am a PGP user since 1996 and I still use Ståle Schumacher’s international DOS version 2.63i to encrypt files on my USB flash drives. All I need is PGP’s small exectutable file (pgp.exe, 237.737 kb). On first use, PGP will create a second small file that contains some random seed data for the encryption. With this minimal setup, PGP will warn you about a missing configuration file, but this does not affect the strength of encryption. The USB drive on my key ring contains an encrypted passwords file and pgp.exe, providing easy access to the many cryptic passwords I use. All I need is one strong master pass phrase to decrypt the file and get instant access to more passwords than I could ever remember.

(more…)

All data on my laptop’s hard drive is encrypted. If the machine gets stolen, no one will be able to boot the operating system without entering the correct pass phrase beforehand. Nothing on the drive looks like a file of has any readable information. My letters, photos, and all other private information are no more than an cryptic stream of random bytes.

I also set up encrypted hard disk drives for private data on my desktop machines at home. I once had to send a defective hard disk back to the manufacturer for repair. A nosy mechanic would not have found anything other than a boring C: drive with Windows XP and some programs on it.

On the USB mass-storage device that I always carry on my key ring at least one file is encrypted. It contains many different login passwords and other secret information that I need to have access to no matter where I am.

Great free software is available to encrypt entire hard disks, partitions, folders, files, and emails. This is the first post of an encryption series that will explain what software I use on my Windows XP machines. The programs I use are available for Linux and Macintosh computers, too. And they are all open source which to me is the most important reason for not using commercial software for encryption. I trust that many cryptographers have already inspected the code to make sure that it does not contain any weaknesses or backdoors.

Free encryption software (2): File encryption on USB flash drives
Free encryption software (3): Hard disc encryption
Free encryption software (4): GNU Privacy Guard

You’ve probably met some wise computer veterans who constantly tell you that they started computing decades ago. And usually they talk about their first Atari or Commmodore 64, and how they wrote cool Assembler code to get it to do what they wanted it to do. I can’t impress anyone with my first 80286 desktop PC, but take a look at my first Laptop… (more…)