Archive for August, 2012

Quick Sample of Password Hashing in C#

August 27, 2012 11 comments

Since it seems like passwords are getting leaked way too often these days, I thought I’d throw a super quick sample out there for anyone with a need to store user passwords in their system.  Some important rules:

1. Don’t use reversible encryption, like 3DES or AES.
2. Always use a SALT for each set of credentials, otherwise you’re open to dictionary attacks should your hashes be compromised.  You’ll want to store this alongside your hash in whatever password store you’re using.
3. Don’t invent your own algorithms – use a proven one written by experts that write them professionally, like PBKDF2.

Some recommended reading on why you should follow these rules:

And on to the code sample.  Six lines of C# that work on Windows and Linux / Mono will get you a solid method for generating secure hashes.  Enjoy.  I hope this helps people out and gets more developers to use effective password security measures.

var rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
byte[] salt = new byte[8];
rng.GetBytes (salt); // Create an 8 byte salt
var iterations = 1000; // Choose a value that will perform well given your hardware.
var pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(pwd, salt, iterations);
var hash = pbkdf2.GetBytes (16); // Get 16 bytes for the hash

Categories: Uncategorized

RabbitMQ Clustering on CentOS 6.2

August 6, 2012 1 comment

RabbitMQ takes a little extra effort to get it working on CentOS 6, particularly if using clustering.  After you’ve installed, you need to do the following before trying to set up the cluster.

Edit /etc/hosts to ensure all cluster nodes can resolve the hostnames of each other.  These hostnames need to match what is displayed after `rabbit@` in rabbitmqctl status.

Next, you need to take care of the ports needed for distributed Erlang processes to communicate. If you don’t do this, then no matter what you do, when you try to create the cluster it will give you ‘error_no_running_cluster_nodes’.

RabbitMQ runs on Erlang, and tor the nodes to talk, they need a few extra ports open beyond the standard 5672 that AMQP uses.  One is for epmd (Erlang Port Mapper Daemon) and that is a standard 4369.  Then you have a port range that Erlang nodes to communicate. You need to define this range so you can open these ports on your firewall.

To tell RabbitMQ to instruct Erlang to communicate on a certain range of ports, create a file at /etc/rabbitmq/rabbitmq.config with the following contents:

{kernel, [{inet_dist_listen_min, 9100},{inet_dist_listen_max, 9105}]}

This will force the nodes in the cluster to only communicate over these ports.  Restart RabbitMQ with `service rabbitmq-server restart` so the change takes effect.  Now for the iptables configuration.  Update /etc/sysconfig/iptables with the following rules:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4369 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9100:9105 -j ACCEPT

After those changes, reload iptables with `/etc/init.d/iptables restart` so the new rules take effect.  At this point, you should be good to follow the RabbitMQ clustering guide step by step.

Categories: RabbitMQ Tags: , , ,