Pozdrav svima,

predstavio bih vam domaci tehnoloski showcase - generatora jedinstvenih samounistavajucih linkova za osjetljive poruke.

Za one koji ne znaju o cemu se radi, postoje servisi u koje mozete ubaciti komad teksta i od njega stvoriti samounistavajuci link koji postaje nedostupan po otvaranju te iste poruke. Osobno koristimo ovakav servis za slanje podataka poput passworda, privatnih enkripcijskih kljuceva ili ostalih osjetljivih podataka koji ne bi smjeli biti vidljivi unutar sredstava komunikacije kao sto su mailovi, poruke ili slicno - jednom rjecju, za bilo koji podatak koji nije sigurnosno mudro prenijeti kao plain tekst. IOW, podatci su kriptirani, link je kriptiran, i nitko osim imatelja linka ne moze pristupiti podatcima. No, kada je podatak jednom dekriptiran, nestaje iz sustava i ne moze se vise dobaviti. Ukoliko link ne bude aktiviran unutar 15 dana od kreiranja, sustav ce ga sam izbrisati.

Za one koji su se vec upoznali s takvim servisima, ovaj je malo drugaciji, pa kopiram detalje ispod, no ukratko - podatci i linkovi ne drze se u nikakvoj bazi ili na bilo koji nacin na DASD uredjaju na serveru, nego su pohranjeni u RAM:

• Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.
• Memory allocation is using system calls to query the kernel for resources directly.
• Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
• Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
• Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
• Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
• Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
• Accidental memory leaks are mitigated against by automatic destruction of containers that hold your data once that become unreachable.
• After your data is decrypted and sent to client, it is overwritten with cryptographically-secure random bytes and additionally overwritten with zeros before being completely destroyed from RAM.

Usluga je besplatna i (nadam se :)) produkcijski spremna, interno je testiramo vec 10ak dana i nismo se susreli s bilo kakvim problemima - pa ako nekome bude zgodno - slobodno koristite.

https://1time.link

Jel to hostano na serverima sa intel procesorima? 

Svaka čast BTW

Pa nece valjda na AMD-u, nismo bas takva sirotinja. :D :p

Ali brige nema:

[~]# grep 'model name' /proc/cpuinfo | uniq
model name : Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
[~]# grep -c processor /proc/cpuinfo
24
[~]# uname -srvp
Linux 3.10.0-957.12.2.vz7.96.21 #1 SMP Thu Jun 27 15:10:55 MSK 2019 x86_64

https://virtuozzosupport.force.com/s/article/VZA-2019-059

A cini mi se da su Spectre/Meltdown patchevi izasli u drugom kvartalu 2018.