Page 1 of 1
Problem with cloaking
Posted: Sat Dec 25, 2004 11:32 pm
by woodencross
Just reinstalled ircd on another shell, but now it says:
* Loading IRCd configuration ..
[error] unrealircd.conf:212: set::cloak-keys: (key 2) Keys should be mixed a-zA-Z0-9, like "a2JO6fh3Q6w4oN3s7"
[error] unrealircd.conf:213: set::cloak-keys: (key 3) Keys should be mixed a-zA-Z0-9, like "a2JO6fh3Q6w4oN3s7"
[error] 2 errors encountered
[error] IRCd configuration failed to pass testing
Possible error encountered (IRCd seemily not started)
but I typed in 3 different keys - what to do?
Posted: Sat Dec 25, 2004 11:53 pm
by Syzop
but I typed in 3 different keys - what to do?
You could start by reading the error message ;).
[hint: it's not about different keys]
Posted: Sun Dec 26, 2004 4:13 pm
by woodencross
hm, i don't get it, sorry. I also checked if the cloak-keys are commented out, but they aren't....
Posted: Sun Dec 26, 2004 4:26 pm
by Stealth
As Syzop said, read the error.
It is not saying it can't find the cloak keys, it is saying all the cloak keys should have a mixture of CAPITAL letters, lowercase letters, and numbers. It is saying key 2 and key 3 do not have those!
Posted: Sun Dec 26, 2004 4:30 pm
by woodencross
Hm, coul b that there are no numbers in it... gonna check that
Posted: Sun Dec 26, 2004 4:33 pm
by woodencross
oh man, that's it. there are no numbers in the 2nd and 3rd one.
soorryyyy
Posted: Mon Dec 27, 2004 4:41 am
by aquanight
There's a great way to get a string of very decent length with a suitable mixture of letters, digits, and even symbols!
It's called ./unreal mkpasswd
. I recommend using sha1 on 3 keywords of your choice through unreal's passcrypter. Then you get 3 salted sha1 hashes that make
wonderful cloak keys!
@syzop: Is it possible for this method be referenced in the FAQ? 
Posted: Mon Dec 27, 2004 4:41 pm
by Syzop
@syzop: Is it possible for this method be referenced in the FAQ
There's a feature request in the bugtracker, #1924 (marked private) " cloak key generator, like './unreal gen-cloak' "... granted, it's been there since July, I think it's a better idea to code that.
Still, the method you described isn't too bad.. If you ignore the 2 predictable '$'s in the strings you get pretty much securely randomized output I think.
I could put it in the FAQ but I think people would be a tad confused, and most people probably won't read it anyway ;).
Posted: Mon Dec 27, 2004 4:45 pm
by aquanight
True, though even before the salting, mkpasswd is a good tool for the job, thanks to unreal's base64 encoding. The only difference is prior to salting you'd have to make sure not to give out the original keywords used or someone can regenerate your cloak keys
. With the salting, it hardly matters.
Posted: Mon Dec 27, 2004 10:33 pm
by Stealth
I have made a simple VBScript that can generate completely random cloak keys.
Instructions:
1. Copy the following into Notepad.
2. Name it cloak.vbs
3. Find and execute it.
NOTE: VBScripts can only be executed on Windows, but the output can be easily copied to a shell.
-- moderator: do not use, see replies below! --
Code: Select all
Randomize
Dim nType
Dim nBox
Dim nRes
Dim nState
nRes = ""
nState = ""
Do While nState = ""
For nBox = 0 To 2
For nPos = 1 To 10
nType = Int((3 - 1 + 1) * Rnd + 1)
If nType = 1 Then
nRes = nRes & Chr(Int((57 - 48 + 1) * Rnd + 48))
ElseIf nType = 2 Then
nRes = nRes & Chr(Int((90 - 65 + 1) * Rnd + 65))
Else
nRes = nRes & Chr(Int((122 - 97 + 1) * Rnd + 97))
End If
Next
nRes = nRes & "; "
Next
nState = InputBox("These are your randomly genertated cloak keys." & vbCrLf & "If you like them, click OK, otherwise, click Cancel.", "Cloak key generator", nRes)
nRes = ""
Loop
Posted: Mon Dec 27, 2004 11:18 pm
by codemastr
Stealth wrote:I have made a simple VBScript that can generate completely random cloak keys.
When you're dealing with stuff for encryption, saying things like "completely random" is a bad idea. There is no such thing as "completely random" in the computer world. Even random number generators that are based on such things as heat emitted by a CPU have shown to be less than "completely random." The VB PRNG is far from "completely random."
Posted: Mon Dec 27, 2004 11:30 pm
by Stealth
Ok, not-so-random generator, but it is still random enough to come up with nice looking cloak keys.
The "randomize" keeps the output from being predictable, without it, it would be the same every time.
Posted: Mon Dec 27, 2004 11:35 pm
by Syzop
I would really NOT suggest using that, cloak keys should really be very unpredictable and some simply RND() INT() stuff cannot meet these requirements... yes, they would be random, but not unpredictable.
The 'Randomize' thing isn't as random as you might suspect (not at all, it uses the timer for the seed). It is not unpractical at all to retrieve the cloak keys then.
If someone really can't wait for this feature, I suggest using aquanights idea (and ofcourse a long password string).
*edit* did I say AngryWolf? Poor aquanight ;) */edit*
Posted: Mon Dec 27, 2004 11:42 pm
by aquanight
codemastr wrote:Stealth wrote:I have made a simple VBScript that can generate completely random cloak keys.
When you're dealing with stuff for encryption, saying things like "completely random" is a bad idea. There is no such thing as "completely random" in the computer world. Even random number generators that are based on such things as heat emitted by a CPU have shown to be less than "completely random." The VB PRNG is far from "completely random."
Let's not forget that not all systems can run VBScript! Anyway, I'm willing to bet there is some VBScript implementation of a generator that's more random, but... blah.
Syzop wrote:If someone really can't wait for this feature, I suggest using AngryWolfs idea (and ofcourse a long password string).
...huh?!