John Graham-Cumming's blog

Although I work for CloudFlare there are some products that I haven't experienced as a customer and it's always fun and useful to actually behave as a customer and try them out. I like to do this to make sure the experience is good and try to spot bugs.

CloudFlare recently released a feature called Origin CA that generates a certificate you can drop onto your web server to ensure that the connection between CloudFlare and the server is secure. CloudFlare also offers a feature called Universal SSL that offers free SSL connections for the connection between a web browser and CloudFlare. Put the two together and you've got SSL from browser to CloudFlare and CloudFlare to the origin web server. Neat.

One of my domains, plan28.org, had a web site that was served over HTTP and I decided to SSL it using CloudFlare. I'd seen it demoed but there's nothing like trying it out for yourself. It was really quick to get set up. plan28.org is on CloudFlare's free tier.


Here are the steps I took starting from logging into my account and verifying that I didn't have any SSL set up for this web site:

Then I clicked the Crypto button to get to the settings for Universal SSL and Origin CA.

And I enabled SSL for the site by clicking the SSL button from Off to Full (Strict). That makes CloudFlare issue a certificate for plan28.org and start serving it publicly and at the same time ensure that it will secure the connection from CloudFlare to my web server by using SSL and checking the validity of the certificate that my web server presents.

Boom. plan28.org was now available over http:// and https:// (although the latter wouldn't work until I had a valid certificate on the server). Next stop was a quick scroll down to find the Origin Certificates settings on the same page.

Clicking Create Certificate gave me a pop up where I could select the certificate type (RSA or ECDSA), validity period and add SAN names as needed.



With those selected hitting Create resulted in the very fast creation of a certificate and the corresponding private key.

The writers have tried to make this look more complicated by using a bunch of typedefs and deliberately messing with indentation so that the main() function is kind of hidden.  After a bit of clean up the code looks like this:

#include <stdio.h>
#include <stdlib.h>

void _ctx_iface(__int28_t s, int i){
	int c = (((s & ((__int128_t))0x1FULL << i * 5)) >> i * 5) + 65);
	printf("%c", c); 

}

void main() {
	for (int i=0; i<17; i++){
		_ctx_iface(0x79481E6BBCC01223 + ((__int128_t)0x1222DC << 64), i);
	}
}

So, main() calls _ctx_iface() 17 times with i set to 0, 1, ... 16 and passed in a weird looking number 0x79481E6BBCC01223 + ((__int128_t)0x1222DC << 64) which seems to have been obscured a bit with a left shift of 64 bits and an addition. The parameter is actually just 0x1222DC79481E6BBCC01223. Still looks odd but it's pretty simple: that's DREAM_ON_ASSHOLES encoded where each 5 bits indicating one upper case character or symbol (A = 0, B = 1, C= 2, ...).

If you express that number in binary you can separate it out into five bit chunks like this: 10010 00100 01011 01110 00111 10010 10010 00000 11110 01101 01110 11110 01100 00000 00100 10001 00011. You can even manually discover that this represents S E L O H S S A _ N O _ M A E R D if you take a guess that 11110 (30 = _).

The _ctx_iface() function extracts each character of DREAM_IN_ASSHOLES (17 characters) one by one and prints them. If does that with the code (((s & ((dcf_t)0x1FULL << i * 5)) >> i * 5) + 65) which uses i to indicate which 5 bits to extract and then shifts 0x1f (which is 11111 in binary) to the right position in the string, does a binary AND to extract just those five bits and then shifts the five bits back so that they become a number between 0 and 31.

The +65 turns a number between 0 and 31 into the characters ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ because 65 is the ASCII character for A. Note that this encoding also explains why the program outputs DREAM_ON_ASSHOLES and not DREAM ON ASSHOLES. There's no way for the encoding to result in a space (which is ASCII 32).

All a bit of a disappointment really.

The rest of the code is more fun. There's a function called HammingCtr which computes the Hamming Weight of a binary string and even references and uses bit twiddling tricks from seander to make the code run quickly.

The other function is ConvolutedMagic which I have yet to decipher. Readers?

I guess it makes me boring but I try to get people to use stronger passwords.

People love to use the same password over and over again, or they invent some amazing scheme like the same single word followed by their birth year, or replacing a's with 4's. And no matter how many password database get hacked the idea that password security matters doesn't seem to really sink in.

When I do get someone to listen I tell them to use diceware generated passwords and them write them down in a little book and guard the book jealously (actually, I tell them to use a password manager but most people seem to balk at using software I think for fear of losing their passwords).


So I advise them to buy something like this and then keep a record of their passwords generated using diceware. Usually people seem happy to have something that creates them passwords like this:


But then they often ask the sensible question: "What if someone steals that book?" And so I suggest a 'two factor' solution. Two factor authentication is often characterized as a combination of something you know (e.g. a secret password) and something you have (for example, a smartphone with an app on it that generates a unique number valid for a few seconds).

In my two factor paper passwords scheme these are reversed: the something you have is the password (since it's written down and not something you can remember) and the something you know is how to transform the password into what you actually type in.

For example, suppose the password written down is anger lunar greek worry brown hole. The second factor might be that the second letter of each word will be capitalized. So the user would type in aNger lUnar gReek wOrry bRown hOle.

Or maybe it's that the first vowel in each word is omitted: the user types in nger lnar grek wrry brwn hle.

Or that the first and last letters of each word are swapped: rngea runal kreeg yorrw nrowb eolh.

Or the letters at the end and start of each word are swapped: angel runag rreew korrb wrowh nole.

Or that the password is followed by digits giving the number of consonants in each word: anger lunar greek worry brown hole333442.

Or that the number of consonants in each word is multiplied together to create a number added at the end: anger lunar greek worry brown hole864.

There are all manner of schemes someone can use to make possession of the book useless and it's a good way to get a user who isn't interested in password security engaged in the topic. The goal should be something easy to remember that's reasonably easy to compute in your head.

Of course, this doesn't protect against an attack where a single password has leaked and someone has access to the book because they may be able to figure out the scheme used, but this is a huge advance on the poor habits of most users.

PS If you are planning to do this... please consider using a password manager first.

PPS This will not protect the user against disclosure of an individual password. Two factor systems like Google Authenticator do help there. Always enable two factor authentication if it is available.

PPPS If you read this blog post and only take one action... go make sure your email is secured.