yDNS receives some updates

Today I spent another update to yDNS: The support for multiple records per host. Before the update happened, only one record per host was allowed due to implementation restrictions. Now you can add an arbitrary number of records to each of your hosts. I also added support for three additional record types: CNAME, MX and TXT. The update resource for API calls has been updated as well: It now supports two new parameters:

  • content (alias for ip, can hold any content value for the record, not just IP adddresses)
  • record_id (if specified, the specific host is updated directly instead of guessing which record has to be updated)

I have plans to add support for custom domains. But that’s not final yet. Everyone is invited to test the new features in yDNS and report issues/suggestions by creating an issue on the project’s Github site.

python-rrdtool 0.1.1 released

An update to python-rrdtool was released today. Version 0.1.1 adds support for Python 2.x and fixes some minor issues that came up when porting the original Python binding for Python 3.

You can find more information at the project page on Github.

Installation

The installation of the module is pretty easy. All you need is to have rrdtool installed (and its headers) and of course the header files for your Python version.

Assuming you want to install it via pip, use

# pip install https://github.com/commx/python-rrdtool/tarball/master

You can also install it from sources by downloading the source and run

# python setup.py install

About python-rrdtool

python-rrdtool is a Python binding for rrdtool. It works with both Python 2.x and 3.x and comes with an object-oriented interface as well.

python-rrdtool 0.1.1 released

An update to python-rrdtool was released today. Version 0.1.1 adds support for Python 2.x and fixes some minor issues that came up when porting the original Python binding for Python 3.

You can find more information at the project page on Github.

Installation

The installation of the module is pretty easy. All you need is to have rrdtool installed (and its headers) and of course the header files for your Python version.

Assuming you want to install it via pip, use

# pip install https://github.com/commx/python-rrdtool/tarball/master

You can also install it from sources by downloading the source and run

# python setup.py install

About python-rrdtool

python-rrdtool is a Python binding for rrdtool. It works with both Python 2.x and 3.x and comes with an object-oriented interface as well.

AES encryption with Python

For a current project I had to encrypt arbitary data with AES. AES is a symmetric-key algorithm that is even used by the U.S. government. That cipher is approved to be used for top secret information at the National Secret Agency (NSA). It offers key sizes of 128, 192 and 256 bits.

To encrypt a message with AES, you’ll first have to install PyCrypto. Its considered as the “standard” cryptography library for Python and is widely used. The easiest way to install PyCrypto is using pip:

# pip install pycrypto

Encryption of a message

You first have to decide which key size you’d like to use. The higher the key size, the more secure is the encryption, but it takes more computing resources to encrypt your message. While this is almost irrelevant for small usage, it might have a big impact if you plan to encrypt large amount of data with AES. In the following example we’ll use AES-256 with a key size of 256 bits.

from Crypto import Random
from Crypto.Cipher import AES

def encrypt(message, key=None, key_size=256):
def pad(s):
x = AES.block_size - len(s) % AES.block_size
return s + (bytes([x]) * x)

padded_message = pad(message)

if key is None:
key = Random.OSRNG.posix.new().read(key_size // 8)

iv = Random.OSRNG.posix.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)

return (iv + cipher.encrypt(padded_message), key)

The encrypt function expects the message as parameter, which is a bytes object. If your message is a string, you can convert it to a bytes object by using ‘my string’.encode(‘utf-8’). The second parameter is optional: The key you’d like to use for encryption. It must be a bytes object as well; if no key is specified, a random one will be generated. The third and last parameter specifies the key size in bits.

Since we’re using the CBC mode for AES, the message must be a multiple of key size / 8 . If your message is of length 3 and the key size is 256 bits, it must be padded with 29 bytes (256 bits / 8 = 32 bytes – 3 bytes of the message length). The padding is performed by appending the integer representation of the number of bytes that have to be appended to the message. In case if the message is 3 bytes long, we’ll append 29 times the byte x1d (hexadecimal representation of 29) to the message to get the padded message.

If no key has been specified in the function arguments, a random one will be generated. The key must be of size key size / 8  (32 bytes for AES-256, 16 bytes for AES-128). If you have a key that is shorter or longer than this, you could hash your key using SHA to get the appropriate number of bytes you need.

Next, we need an initialization vector (IV). We’ll use a random IV here. The IV must be block_size  bytes long (which is always 16 bytes). Once we’ve got the IV, we can create an AES object with the key, mode and IV. That AES object must be created later again when you want to decipher the message.

In the last step, we’ll encrypt the padded message. The encrypt function above will return a tuple that contains two items:

  1. The ciphertext of the padded message. The IV has been prepended to the ciphertext as we need the IV to decipher the message again
  2. The key that was used to encrypt the message

Decryption of a previously encrypted message

To decrypt AES encrypted ciphertext, you need to know how it was encrypted (which AES mode was being used, the IV and of course the key). For messages that were encrypted using the above function, this is easy, since we know all these parameters. For AES ciphertext that was generated by other programs, its rather hard to find out how it was encrypted to get the original message from it – unless you know the encryption parameters.

def decrypt(ciphertext, key):
unpad = lambda s: s[:-s[-1]]
iv = ciphertext[:AES.block_size]
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = unpad(cipher.decrypt(ciphertext))[AES.block_size:]

return plaintext

Start decrypting the ciphertext by passing the ciphertext (from encrypt()’s first return parameter)  and the key that was used for encryption (from encrypt()’s second return parameter).

We first define the unpad lambda function: It will basically remove the padding bytes from the original message. The length of bytes to remove from end has been specified in the padding function when the message was encrypted.

The IV has to be extracted from the ciphertext, as its a required parameter for the AES object initialized when using the CBC mode. The IV is the first 16 bytes of the ciphertext. Now we can reconstruct the AES object that was used to encrypt the original message.

To get the original message (also called plaintext in the code above), we have to decrypt the ciphertext with the reconstructed AES object. Then, the message is un-padded to remove the bytes that have been appended when the message was encrypted. Finally, only use bytes after the IV to get the original message.

A complete example

#!/usr/bin/env python3.3

from Crypto import Random
from Crypto.Cipher import AES

def encrypt(message, key=None, key_size=256):
def pad(s):
x = AES.block_size - len(s) % AES.block_size
return s + (bytes([x]) * x)

padded_message = pad(message)

if key is None:
key = Random.OSRNG.posix.new().read(key_size // 8)

iv = Random.OSRNG.posix.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)

return (iv + cipher.encrypt(padded_message), key)

def decrypt(ciphertext, key):
unpad = lambda s: s[:-s[-1]]
iv = ciphertext[:AES.block_size]
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = unpad(cipher.decrypt(ciphertext))[AES.block_size:]

return plaintext

if __name__ == '__main__':
message = b'my secret message'

encrypted = encrypt(message)
decrypted = decrypt(*encrypted)

assert decrypted == message

The example will encrypt a message and validate whether the decrypted version of the encrypted message will match the original message.

Python 2.x

Please note that the code will only run on Python 3. To use it with Python 2, you’ll have to use other (un)padding functions to achieve that. Below is the full program example as from above that will use with Python 2.x.

#!/usr/bin/env python2.7

from Crypto import Random
from Crypto.Cipher import AES

def encrypt(message, key=None, key_size=256):
def pad(s):
x = AES.block_size - len(s) % AES.block_size
return s + (chr(x) * x)

padded_message = pad(message)

if key is None:
key = Random.OSRNG.posix.new().read(key_size // 8)

iv = Random.OSRNG.posix.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)

return (iv + cipher.encrypt(padded_message), key)

def decrypt(ciphertext, key):
unpad = lambda s: s[:-ord(s[-1])]
iv = ciphertext[:AES.block_size]
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = unpad(cipher.decrypt(ciphertext))[AES.block_size:]

return plaintext

if __name__ == '__main__':
message = b'my secret message'

encrypted = encrypt(message)
decrypted = decrypt(*encrypted)

assert decrypted == message

 Useful links

  1. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
  2. https://www.dlitz.net/software/pycrypto/
  3. http://kyleisom.net/downloads/crypto_intro.pdf

yDNS: A free dynamic DNS service

I am proud to announce to beta operation of yDNS, a free dynamic DNS service. It allows you to define a unlimited number of hosts for use. With the time being, new domains may be added for the use with the service. The service works with the Dynamic DNS of AVM Fritz!Box routers without any problems.

I’ve created this service because the free service of DynDNS ceased. They also changed their SLA last week that requires you to login each 30 days to keep your host, otherwise it expires. Other services like afraid.org do not offer the functionality to work with Fritz!Box routers.

Please test this service and report bugs. You can also recommend new features if you like.

Get your free account at https://ydns.eu

Update 2013/05/21: API docs and a updater script is now available. You’ll find the at my github repository for yDNS.

Behaviour of Yaourt has changed

I’ll do system updates at least one time in a week, most notably to get more recent version of software installed. My zbox is powered by an Arch Linux installation, which does a fantastic job. Very reliable and fast. In the past I used yaourt (inofficial frontend to Arch’s package manager pacman) to update the system by using yaourt -Syu but this only updates the packages that are inside the official repositories, not the packages that are in AUR. AUR packages were updated with this syntax some time ago as well, but now I have to use yaourt -Syua to do the job.

Waiting for Bitwig Studio

Many music producers out there use probably one of the big DAWs: Cubase, Pro Tools, Ableton, Logic or even Reason, FL Studio. Almost all of them are available for the Microsoft Windows platform and for Mac. Logic was available for Windows as well until Apple acquired its manufacturer – so it became a Apple-only product. All of these DAWs have its specific strenghts and are hard to compare – because some of them fit better for live performance and others fit better for large arrangements.

Last year, a new start-up from Berlin called Bitwig announced that they’re producing a new DAW called Bitwig Studio. The interface of Bitwig Studio has heavy influences from Ableton. This is not a surprise, yet are the founders of Bitwig some ex-employees of Ableton (another Berlin-based company known for building the excellent Live performance DAW). Bitwig introduces some very interesting new features. Another advantage is the fact that Bitwig will be the very first professional commercial DAW which supports the Linux operating system.

There is just one problem: the waiting for the product itself. They’ve launched a closed beta long time ago and there are absolutely no news about when the product is about to be released. While they showed up some new features at the Frankfurter Musikmesse two weeks ago, there were no news about the release date. Well – let’s keep waiting for it. The preview looks promising.

Daft Punk brings back the disco era

Usually I don’t write about other musicians, but I should! Especially about them who I like. Daft Punk is one of them. While I got first in touch with their sound by my brother back in the 90s, I followed their musical career in the past 13 years and they have become unquestionably one of the most awarded artists ever.

Now, eight years since their last studio album Human After All, they’re gonna release their new Album Random Access Memories on 21st May, 2013 on Columbia Records. It contains a phenomenal set of guest appeareances, such as Giorgio Morauder, Pharrell Williams, Nile Rodgers, Todd Edwards and some more. Some of these people had big influence in the disco era in the 70s. First single of that album might be “Get Lucky” featuring Pharrell Williams (Vocals) and Nile Rodgers (Guitar). The time couldn’t be better to release an album with this kind of music – in a world, where synthetic sound is everywhere, but no groove anymore. This could become the best-selling Daft Punk album ever.

Daft Punk | Random Access Memories | The Collaborators: Giorgio Moroder (Episode 1)

Daft Punk | Random Access Memories | The Collaborators: Todd Edwards (Episode 2)

Daft Punk | Random Access Memories | The Collaborators: Nile Rodgers (Episode 3)

Daft Punk | Random Access Memories | The Collaborators: Pharell Williams (Episode 4)

 

Update 2013-04-24: Get Lucky was released a few days ago and got the most streamed song on Spotify of all time – within 24 hours. Btw, you can listen to it on Spotify for free.