Using Cloudflare Workers to identify pwned passwords
Last week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme.
The following simple code can check if a password exists in Troy's database without sending the password to Troy. The details of how it works are found in the blog post above.
use strict;
use warnings;
use LWP::Simple qw/$ua get/;
$ua->agent('Cloudflare Test/0.1');
use Digest::SHA1 qw/sha1_hex/;
uc(sha1_hex($ARGV[0]))=~/^(.{5})(.+)/;
print get("https://api.pwnedpasswords.com/range/$1")=~/$2/?'Pwned':'Ok', "\n";
It's just as easy to implement the same check in other languages, such as JavaScript, which made me realize that I could incorporate the check into a Cloudflare Worker. With a little help from people who know JavaScript far better than me, I wrote the following Worker:
addEventListener('fetch', event => {
event.respondWith(fetchAndCheckPassword(event.request))
})
async function fetchAndCheckPassword(req) {
if (req.method == "POST") {
try {
const post = await req.formData()
const pwd = post.get('password')
const enc = new TextEncoder("utf-8").encode(pwd)
let hash = await crypto.subtle.digest("SHA-1", enc)
let hashStr = hex(hash).toUpperCase()
const prefix = hashStr.substring(0, 5)
const suffix = hashStr.substring(5)
const pwndpwds = await fetch('https://api.pwnedpasswords.com/range/' + prefix)
const t = Continue reading4 Reasons Why Kubernetes Is Hot
Interop expert Brian Gracely explains why the container orchestration platform is so popular.
Data Center IPS Products Put to the Test
NSS Labs releases its test results for intrusion prevention systems, including products from Juniper and Fortinet.
Ericsson CEO Says Cisco Partnership Isn’t Dead Yet
The companies are looking for new areas to work together.
Intel Plans ‘World’s Largest’ 5G Commercial Network by 2020
Intel will partner with NTT DoCoMo on 5G at the 2020 Olympics in Tokyo.
Anti-Automation from the Antimatter Universe
One of my readers sent me a vivid description of his interactions with one of the so-called next-generation firewall vendors. Enjoy!
We’re using their highly promoted Next Generation Firewall (NGFW) management solution. New cutting edge software, centralized manager… but no CLI for configuration (besides some initial bootstrap commands). "You don't need that because everything is managed from our centralized manager GUI", says $vendor sales managers.
Read more ...Telenor-Led Container PoC Found Success, But More Work Needed
The PoC used components from five vendors to support containerization over a mobile network.
Improving Routing Security: Introducing Six New MANRS Tutorials
Routing outages or attacks – such as hijacking, leaks, and spoofing – can lead to stolen data, lost revenue, reputational damage and more, all on a global scale. Routing security is therefore vital to the future and stability of the Internet, and the Mutually Agreed Norms for Routing Security (MANRS) initiative implements crucial fixes. Today, we are pleased to announce a series of six new MANRS tutorials that will help network operators improve both the Internet’s routing security and their own network’s operational efficiency.
These tutorials are intended for network administrators, network engineers, and others with a working knowledge of routing and security who are looking for steps to improve their network’s routing security and to join the growing list of MANRS participants.
About the Tutorials
Module 1: Introduction to MANRS
What is MANRS, and why should you join? MANRS is a global initiative to implement crucial fixes needed to eliminate the most common routing threats. In this module you will learn about vulnerabilities of the Internet routing system and how four simple steps, called MANRS Actions, can help dramatically improve Internet security and reliability.
Module 2: IRRs, RPKI, and PeeringDB
This module helps you understand the databases and repositories Continue reading
CI/CD For Networking Part 3
Gitlab installation.CI/CD For Networking Part 3
Gitlab is an open source platform for collaborating around code development that is managed via Git. Gitlab presents a nice and friendly web interface that makes it easy to view and track the changes made to a code base. Gitlab have a SAAS offering at https://gitlab.com and also release a...Nokia CEO: We Are Signing 5G Deals and China Mobile Is the Latest
Suri also hinted about a soon-to-be-announced 5G deal with a U.S. operator.
CI/CD: What does it mean for the network engineer?
The continuous integration/continuous delivery (CI/CD) process is very popular in the DevOps industry. CI/CD creates a more agile software development environment, which provides benefits including the faster delivery of applications. As a network engineer, are there any aspects of this I can benefit from to improve network operations and achieve the same goal: design and deploy an agile network that provides customers access to those applications as fast as they are deployed? After all, quick, reliable application delivery is only as fast as customers can access it.
This blog post outlines how treating infrastructure as code and implementing a CI/CD workflow can ease the life of a network engineer. It also describes how using Cumulus VX and Cumulus NetQ can simplify this process further.
What does “infrastructure as code” mean?
Generally, it means treating all your network node configurations as code that you manage externally to the nodes. The program identifies each individual node and renders or produces all the configurations for all the nodes in the network in one step. This also means all configuration changes happen in this code, and the code itself accesses the box to deploy the configurations, not the engineer. Configuration deployment can be done Continue reading
Filtering EVPN Routes with PyEZ
Hi,
From the previous EVPN Blog post, the next logical thing was to do is to filter out EVPN routes from the device and have them analyzed for a task.
I have made the program to analyze Type 2 and Type 3 routes
Things to take-away:
-> Understand what module has what advantages – For example OP here has route-table level calls which can extract routing information from the device, while Device has the specific usecase of opening a connection to the device.
-> Understand there are many more efficient ways of doing the same thing, but goal here is to make the script work, there is no impact on the Device as the script parses the data offline once we get it, so even if there was a better way, just do the things the way you want.
Below is the sample program which is written to analyze the routes from vQFX series
Am not a Programmer by any stretch of imagination as you can see my code ;), but this helps and gets my tasks done, if any one of you want to download this here is the below github link
https://github.com/r2079/JDC/blob/master/evpn_pyez.py
Regards
How Does Your Organization Value Technology?
Just a quick thought here today. Thinking about the organization you work for or the organizations you work with, how would you say they view technology?
- Key to Success – Technology is an enabler AND a primary differentiator
- Important – The core business requires a commitment to technology to succeed
- Just Another Budget Item – Technology is a necessary evil
It is important to realize how valuable technology is to your organization or organizations we work with. If the business views our skills as key differentiators, work will be much more rewarding. If technology is just a necessary evil, it will be cut with everyone else’s budget.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
How Does Your Organization Value Technology?
Just a quick thought here today. Thinking about the organization you work for or the organizations you work with, how would you say they view technology?
- Key to Success – Technology is an enabler AND a primary differentiator
- Important – The core business requires a commitment to technology to succeed
- Just Another Budget Item – Technology is a necessary evil
It is important to realize how valuable technology is to your organization or organizations we work with. If the business views our skills as key differentiators, work will be much more rewarding. If technology is just a necessary evil, it will be cut with everyone else’s budget.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
How Does Your Organization Value Technology?
Just a quick thought here today. Thinking about the organization you work for or the organizations you work with, how would you say they view technology?
- Key to Success – Technology is an enabler AND a primary differentiator
- Important – The core business requires a commitment to technology to succeed
- Just Another Budget Item – Technology is a necessary evil
It is important to realize how valuable technology is to your organization or organizations we work with. If the business views our skills as key differentiators, work will be much more rewarding. If technology is just a necessary evil, it will be cut with everyone else’s budget.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
MPLS, L3VPN, Multicast, and mVPN Fun in the Lab: Building a MPLS L3VPN Unicast and Multicast Cloud (6 Part Blog Series)
I needed to build a MPLS cloud for something. Thought I’d invite you along for the fun in the lab. Party on!**
Ultimately what I want to do is have a multicast source up in the upper left in Headquarters and multicast receivers down in Site11 and Site 12 joining those groups.
For this blog series that will mean 6 blogs, plus zip files of the varying configs as we build them, plus sniffer traces for you to download and refer to.
MPLS Fun in the Lab: Building the MPLS Cloud – Part 1 of 6
Create the MPLS cloud and prep it for MPLS L3VPN Unicast for One L3VPN Customer
- OSPF area 0
- MPLS LDP neighbors between the PEs and the P
- BGP VPNv4 peers from all PEs to the VPNv4 Route Reflector
MPLS Fun in the Lab: Connect a Customer – Part 2 of 6
- Create a VRF in each PE.
- Apply the VRF and IP addresses on the interfaces in each PE towards the CEs.
- Create the BGP neighbors in the PEs towards the CEs.
- Ping from HQ to Site 11
- Look at the sniffer trace of the above Ping
MPLS Fun in the Continue reading
OPL2LPT: an AdLib sound card for the parallel port
The AdLib sound card was the first popular sound card for IBM PC—prior to that, we were pampered by the sound of the PC speaker. Connected to an 8-bit ISA slot, it is powered by a Yamaha YM3812 chip, also known as OPL2. This chip can drive 9 sound channels whose characteristics can be fine tuned through 244 write-only registers.
I had one but I am unable to locate it anymore. Models on eBay are quite rare and expensive. It is possible to build one yourself (either Sergey’s one or this faithful reproduction). However, you still need an ISA port. The limitless imagination of some hackers can still help here. For example, you can combine Sergey’s Xi 8088 processor board, with his ISA 8-bit backplane, his Super VGA card and his XT-CF-Lite card to get your very own modernish IBM PC compatible. Alternatively, you can look at the AdLib sound card on a parallel port from Raphaël Assénat.
The OPL2LPT sound card?
Recently, the 8-Bit Guy released a video about an AdLib sound card for the parallel port, the OPL2LPT. While current motherboards don’t have a parallel port anymore, it’s easy to Continue reading
It Takes a Village to Raise a Child
It takes a village to raise a child. Or so the old saying goes. Creating a product is the same. It takes more than small group of developers (or parents) to raise a product. There’s a lot more to creating a product than writing an application. Don’t mistake a feature or application for a product.
Look, Six Engineers Created a Product!
People hear about new applications or protocols, or small companies selling for millions. They then leap to conclusions:
“Why is it that big vendors like Cisco need thousands of people to create a product? Facebook can put 6 engineers on a project and produce something like Open/R. It’s easy, right? We don’t need big vendors any more!”
“Look at Instagram - they only had a dozen people and they sold their company for $1 billion dollars! You don’t need any more people than that.”
Let’s look a bit closer at Instagram. How much revenue did they have? Zero.
How long were they in business for? A couple of years. So how many generations of product were they supporting? One. And did they have complete support structures for users? No. How many products had gone through end of Continue reading
Worth Reading: The Thankless Life of an Analyst
Stumbled upon a great article explaining behind-the-scene details of large analyst firms like Gartner. I guess it nicely explains my mixed feelings: on one hand I hate Gartner quotes, on the other hand I know amazing people working there that I quote all the time.
