Technology

Specify Hugo Version In Netlify

Thinkinginbytes.com is generated using Hugo and hosted by Netlify. Netlify watches the site’s repo on Github and commits trigger a site build process. I’ll post more details about hosting a Hugo site with Netlify later. Site development is local. To view the site on a local machine, Hugo must be installed. It is likely that your local version of Hugo is versions ahead of the default Netlify Hugo version. This version mismatch may cause Netlify builds to fail. You may need to specify which version of Hugo you want Netlify to use.

Proving Congruence For Fun

Background

I want to understand the math behind asymmetric cryptography.1 This field relies heavily on Modular Arithmetic.2 I bought an undergraduate math textbook for self-study. This article is a record of a proof exercise in the book. It is also a good exercise in writing math equations using LaTeX.

NOTE: I asked ChatGPT to confirm the proof. No grades are being assigned here, the point is to learn.

Problem

Let \(m\geq1\) be an integer.

A Piecewise Hashing Example

NOTE: ChatGPT was used to create some portions of the code in this article. The words are mine.

The Problem

When cybersecurity analysts find malicious files, they share their finding with the greater security community. They run the file through a cryptographic hashing function and share the results of this function, called a hash. The hash is a kind of fingerprint that identifies the file based on the information contained in the file. Others can look through their environments, hash their files, and compare the results to hunt for the malicious file.

Useful PowerShell: Dates and Times

In this article:

PowerShell provides immediate value for non-technical users.This article introduces new users to one useful feature of PowerShell without explaining the background of PowerShell and all the details behind cmdlets, objects, properties, variables, operators, members, help, execution policy, etc. This is a different way of introducing PowerShell. Many introductions to PowerShell tackle the implementation details that, in my opinion, can be hidden from some users who just need a tool.

Transfer Your Google Domain To Porkbun

Google has decided to discontinue its domain registration service. As of August 2023, the Google Domains site displays this message:

Google recently entered into an agreement for Squarespace, Inc. to acquire all domain name registrations from Google Domains, with the purchase subject to regulatory approval and customary closing conditions. If the transaction closes, you will become a Squarespace customer and, following a transition period, your customer and billing information, if applicable, will be transferred to Squarespace, at which point Squarespace’s Privacy Policy and Terms of Service will apply.

AES-CBC Padding Explained

Encrypting plaintext using Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode requires the plaintext to be a multiple of 16 bytes long. All plaintext is padded before encryption. The padding method is described in Section 6.3 of PKCS #7.

The Padding Technique

If the last block of the plaintext message has 1 byte (e.g., if the plaintext is 17, 33, or 49 bytes), then 15 bytes of the value 0x0f (15) are added to the end of the plaintext. Finding the number of bytes in the last block is trivial using modulo math in python.

Asking AI About Password Length - Part 3

In Part 3, I ask Google’s Bard why it would limit password length to 15 characters in a web application. See Part 1 for the response from Anthropic’s Claude and Part 2 for ChatGPT’s thoughts on the subject. I start with the same question.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.

Asking AI About Password Length - Part 2

In Part 1, I asked Anthropic’s Claude AI Assistant to play Web Application Developer and explain why it would choose to limit its application’s password length to no more than 15 characters.

In this post, I used the same starting prompt and asked ChatGPT.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.

Fixing SPF for iCloud Custom Email Domains

Subscribers to Apple’s iCloud+ have the option of using custom domains with iCloud Mail. You can either purchase a domain through iCloud or bring your own domain. The experience here relates to the bring your own domain option.

Configuring the domain to work with iCloud Mail requires several new domain DNS records. I manage the DNS records for my domain on Netlify. Apple verifies these records before completing the setup.

Asking AI About Password Length - Part 1

Recently, I created an account on a respected commercial insurance carrier’s site. The site restricted passwords to a maximum of 15 characters.

Password Length Limit
Account Creation Limits Password Length

I know enough about information security to know that this is bad. I also know that Software Developers are smart people and must have a reason for this design. Being curious, I decided to ask our new AI overlords why they think this choice was made by the developer.