Tuesday, February 12

Do you carry sensitive data on your laptop?

Do you carry sensitive or confidential data on your laptop on a daily basis? Have you ever thought what would happen if you got it robbed?

Despite the obvious loss of the laptop, it's the data loss that matters. Because I usually carry source code and other information that is supposed to be confidential on my laptop, I use Mac OS X's Filevault to keep the contents of my home folder encrypted. In Apple's marketing dept. words:
FileVault secures your home directory by encrypting its entire contents using the Advanced Encryption Standard with 128-bit keys. This high-performance algorithm automatically encrypts and decrypts in real time, so you don’t even know it’s happening.
Although Filevault uses 3DES effective 112bit, AES-128, and RSA-1024, it has some limitations. Firstly, it is vulnerable to dictionary attacks. But you probably are using a 'secure' password, don't you? Secondly, some proof-of-concept Filevault attacks have been developed by hackers, although certain special conditions must be met and it would be very rare for a thief to have enough knowledge to use them on your laptop.

If you want to know more about he internals of Filevault and how good it is from a security standpoint, be sure to check the following resources:

Unlocking Filevault: An analysis of Apple's disk encryption system
http://crypto.nsa.org/vilefault/23C3-VileFault.pdf

Secure Your Mac workshop at METALAB
http://metalab.at/wiki/SYMWorkshop

Saturday, February 9

Using hash_map on GCC

If you have tried to use some STL containers with GCC, such as hash_map:

// error: hash_map: No such file or directory
#include <hash_map>

int
main()
{


// error: ‘hash_map’ is not a member of ‘std’
std::hash_map<int,int> hm;

return
0;
}

Then you have realized that the code above does not compile. That's because on GCC, hash_map is not regarded as a standard container, but rather as a extension included in the __gnu_cxx namespace. In order to use hash_map and other extended containers with a minimum impact in your code (which is very important if it's intended to be cross-platform), you can use the following solution:

#ifdef __GNUC__
#include <ext/hash_map>
#else
#include <hash_map>
#endif


namespace
std
{

using namespace
__gnu_cxx;
}


int
main()
{


std::hash_map<int,int> hm;

return
0;
}
Hope that helps.