aviate, navigate, communicate

openssh and keys - secure ones

somewhere around 2013 (and precisely - for ‘small’ Santa Claus, so 6th of December), OpenSSH was extended to provide new way of storing keys. it’s important because the old format - MD5 hash - can be cracked veeeeery quickly. developers decide to use modification of bcrypt, that will slow down GPU-assisted cracking attempts in hashcat from gigahashes per second, to at most kilohashes. what you need to do to upgrade your defenses? Read more →

use keys, not passwords

it’s subject old as world (password-protected world, that is). i had to do some of cleanup on my devices and i hit a problem with 4096 bit keys. so, just as a reference that may be helpful somewhere for someone - you import keys to Cisco IOS without any special problems: for Cisco ASA, keys that are longer than 2048 bits need to be prepared using pkfformat, as command line has limit of 512 bytes. Read more →

ASA 9.2(1)

…supports BGP and it’s already out. do you like BGP on your firewalls? I don’t. should we have the tool in hand, just in case? well, sometimes it’s handy. but going back again - do you like BGP on your firewalls? ;) Read more →