featured image

Securing Postgres connections using Let's Encrypt certificates

Introduction I’m on a quest to SSL all the things on my local network. I work in IT security, and am more than paranoid when it comes to my homelab (shout-out to r/homelab and r/selfhosted). For my web applications, everything is accessed through a Nginx reverse proxy that uses Let’s Encrypt wildcard certificates (using the DNS challenge) for encryption. It provides a single choke-point for all my traffic, all using one wildcard certificate, and all my clients accept it with the green lock....

October 22, 2020 · 6 min · Logan Marchione
featured image

I just setup WireGuard, and I'll never go back to OpenVPN

Introduction WireGuard released their official iOS app today, and I wasted no time jumping on setting up a WireGuard server at home (based mostly on this guide). This is not going to be a tutorial, but instead, I’m going to talk about why WireGuard is a game-changer. OpenVPN drawbacks For years, I’ve used OpenVPN to connect back to my home network. Don’t get me wrong, OpenVPN is great, especially compared to dated, insecure alternatives like PPTP or L2TP/IPSec....

December 20, 2018 · 3 min · Logan Marchione
featured image

Let's Encrypt wildcard certificates with Certbot on Nginx

Introduction In March of 2018, Let’s Encrypt (the free Certificate Authority) announced they added support for wildcard certificates through the upgraded ACMEv2 protocol. I’ve been hosting most of my services on subdirectories (e.g., loganmarchione.com/rss) but have been wanting to move them to subdomains (e.g., rss.loganmarchione.com), and thought this was the perfect chance to do just that. What are wildcard certificates? Wildcard certificates cover any subdomain of a specific domain. For example, I own loganmarchione....

September 27, 2018 · 6 min · Logan Marchione
featured image

Backblaze B2 backup setup

Introduction Recently, I’ve been thinking more and more about backups for my small (but growing) homelab. The golden rule is to follow the 3-2-1 method for backups: 3 backups 2 different types of media 1 backup offsite Current setup Currently, I keep an encrypted external HDD at home and another at work. Every couple weeks, I perform a backup to both and rotate the drives (this covers a 2-1-1 backup)....

July 6, 2017 · 4 min · Logan Marchione
featured image

A brief introduction to GPG

Introduction Put on your tinfoil hats, boys and girls! Today, we’re talking about security, encryption, and GPG! PGP vs OpenPGP vs GPG PGP Pretty Good Privacy (PGP) was a program created to encrypt/decrypt data in 1991 by Phil Zimmermann. Zimmermann formed PGP Incorporated, which was acquired serveral times and is now owned by Symantec. Fun fact - in 1993 the US government charged Zimmerman with “munitions export without a license”. At the time, cryptography systems with keys over 40 bits were considered a weapon, and since PGP used 128 bit keys, Zimmerman was in violation of the law....

December 31, 2015 · 12 min · Logan Marchione
featured image

Encrypted external drive with LUKS

Update: LUKS2 is out, use it instead! LUKS2 was released in 2018, you should double-check the documentation for it before you blindly follow this guide :) Introduction Since TrueCrypt is no longer under active development, I’ve decided to wipe my external drives and re-encrypt them with LUKS and dm-crypt. These are standard Linux tools that are available by default in most distributions. I’ve used LUKS and dm-crypt in the past, when I installed Arch Linux on my laptop....

May 6, 2015 · 7 min · Logan Marchione
featured image

UPDATE: TrueCrypt may not be secure

Ever since TrueCrypt disappeared a few days ago, there has been a lot of speculation as to what happened. There are plenty of theories on r/netsec, r/linx, and r/crypto. Even Bruce Schneier doesn’t know what’s going on. There is a theory that the developer threw in the towel, however, the most popular theory going around is that the NSA/FBI/other-three-letter-organization was involved and this is TrueCrypt’s warrant canary. Because they would not legally be allowed to divulge the fact that they were being forced to backdoor their software, they decided to suggest alternatives known to be backdoored, knowing that users would understand the secret message....

June 2, 2014 · 2 min · Logan Marchione
featured image

TrueCrypt may not be secure

Recently, I posted three articles of a four-part series showing how to encrypt an external drive with TrueCrypt on Fedora 20. As-of today, May 28th, TrueCrypt may not be secure after-all. The truecrypt.org website now redirects to truecrypt.sourceforge.net. A warning is displayed that reads, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues” and it directs users to alternative encryption packages for Windows, Mac, and Linux....

May 28, 2014 · 2 min · Logan Marchione