Masayuki Hattahttps://www.mhatta.org/2018-12-11T17:36:00+09:00a rogue researcher & hacker wannabe from JapanGood ciphers in OpenJDK 102018-12-11T17:35:00+09:002018-12-11T17:36:00+09:00Masayuki Hattatag:www.mhatta.org,2018-12-11:/good-ciphers-in-openjdk10.html<p>Until recently, I didn’t know the list of supported Cipher Suites in OpenJDK is widely different between <span class="caps">JDK</span> versions. I used getSupportedCipherSuites() on OpenJDK 10 to get the following list, and check the strength of encryption.</p>
<p>My criteria is:</p>
<ol>
<li>At least 128bit.</li>
<li>No <span class="caps">NULL</span> ciphers.</li>
<li>No anonymous auth ciphers …</li></ol><p>Until recently, I didn’t know the list of supported Cipher Suites in OpenJDK is widely different between <span class="caps">JDK</span> versions. I used getSupportedCipherSuites() on OpenJDK 10 to get the following list, and check the strength of encryption.</p>
<p>My criteria is:</p>
<ol>
<li>At least 128bit.</li>
<li>No <span class="caps">NULL</span> ciphers.</li>
<li>No anonymous auth ciphers.</li>
</ol>
<p>Then I got the following. The red ones are supposed to be weak.</p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Encryption</th>
<th>Mode</th>
</tr>
</thead>
<tbody>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_256_GCM_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_128_GCM_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_256_CBC_SHA256</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</td>
<td>256bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_RSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</td>
<td>128bit</td>
<td></td>
</tr>
<tr>
<td>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</td>
<td>0bit</td>
<td></td>
</tr>
<tr>
<td><font color="Red">TLS_DH_anon_WITH_AES_256_GCM_SHA384</font></td>
<td>256bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_DH_anon_WITH_AES_128_GCM_SHA256</font></td>
<td>128bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_DH_anon_WITH_AES_256_CBC_SHA256</font></td>
<td>256bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDH_anon_WITH_AES_256_CBC_SHA</font></td>
<td>256bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_DH_anon_WITH_AES_256_CBC_SHA</font></td>
<td>256bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_DH_anon_WITH_AES_128_CBC_SHA256</font></td>
<td>128bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDH_anon_WITH_AES_128_CBC_SHA</font></td>
<td>128bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_DH_anon_WITH_AES_128_CBC_SHA</font></td>
<td>128bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> SSL_RSA_WITH_DES_CBC_SHA</font></td>
<td>56bit</td>
<td></td>
</tr>
<tr>
<td><font color="Red"> SSL_DHE_RSA_WITH_DES_CBC_SHA</font></td>
<td>56bit</td>
<td></td>
</tr>
<tr>
<td><font color="Red"> SSL_DHE_DSS_WITH_DES_CBC_SHA</font></td>
<td>56bit</td>
<td></td>
</tr>
<tr>
<td><font color="Red"> SSL_DH_anon_WITH_DES_CBC_SHA</font></td>
<td>56bit</td>
<td>anon</td>
</tr>
<tr>
<td><font color="Red"> TLS_RSA_WITH_NULL_SHA256</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDHE_ECDSA_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDHE_RSA_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> SSL_RSA_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDH_ECDSA_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDH_RSA_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_ECDH_anon_WITH_NULL_SHA</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> SSL_RSA_WITH_NULL_MD5</font></td>
<td>0bit</td>
<td>null</td>
</tr>
<tr>
<td><font color="Red"> TLS_KRB5_WITH_DES_CBC_SHA</font></td>
<td>56bit</td>
<td></td>
</tr>
<tr>
<td><font color="Red"> TLS_KRB5_WITH_DES_CBC_MD5</font></td>
<td>56bit</td>
<td></td>
</tr>
</tbody>
</table>2nd Denousen: Abe vs. Shueso2013-03-24T04:50:00+09:002017-05-18T11:49:00+09:00Masayuki Hattatag:www.mhatta.org,2013-03-24:/2nd-denousen-abe-vs-shueso.html<p><a href="http://ex.nicovideo.jp/denousen2013/">The 2nd Shogi Denousen</a> has began. This is the first cut-throat match between top-notch professional Shogi players(yes, there are <a href="http://www.shogi.or.jp/player/index.html">such people</a>) and the best crop of computer Shogi engines, 5 on 5.</p>
<p><a href="http://en.wikipedia.org/wiki/Shogi">Shogi</a> is a distant cousin of Chess. Unlike Chess, you may re-use captured pieces anywhere on the …</p><p><a href="http://ex.nicovideo.jp/denousen2013/">The 2nd Shogi Denousen</a> has began. This is the first cut-throat match between top-notch professional Shogi players(yes, there are <a href="http://www.shogi.or.jp/player/index.html">such people</a>) and the best crop of computer Shogi engines, 5 on 5.</p>
<p><a href="http://en.wikipedia.org/wiki/Shogi">Shogi</a> is a distant cousin of Chess. Unlike Chess, you may re-use captured pieces anywhere on the board anytime. It brings quite lot of additional complexities, and even after <a href="http://en.wikipedia.org/wiki/Deep_Blue_versus_Garry_Kasparov">the defeat of Garry Kasparov</a> in 1997, many considered that (at least top-level) human Shogi players have a great lead on computer Shogi engines.</p>
<p>The situation had changed dramatically when a newcomer Shogi engine called <a href="http://ja.wikipedia.org/wiki/Bonanza">Bonanza</a>, developed by a Japanese chemist Kunihito Hoki, won <a href="http://www.computer-shogi.org/wcsc16/index_e.html">the 16th World Computer Shogi Championship</a>. Bonanza appeared totally out of the blue —- Hoki incorporated some new ideas developed in the field of computer Chess, and Bonanza beated existing engines with no mercy. Bonanza could even corner some professional Shogi players in 2007. Later Hoki released(but not strictly open-source) <a href="http://www.geocities.jp/bonanza_shogi/">the source code of Bonanza</a>, and the standard of computer Shogi has risen considerably since then. Finally, in the 1st Denousen last year, <a href="http://en.wikipedia.org/wiki/Kunio_Yonenaga">Kunio Yonenaga</a>, long retired but possibly one of the greatest Shogi players in the history, was defeated by Bonkras, a clustered version of Bonanza developed by Eiki Itoh of Fujitsu. </p>
<p>The first match of Denousen this year was held yesterday between <a href="http://ja.wikipedia.org/wiki/%E9%98%BF%E9%83%A8%E5%85%89%E7%91%A0">Kouru Abe</a>, an 18-year old prodigy from Aomori, and Shueso, which finished in 5th at <a href="http://www.computer-shogi.org/wcsc22/index_e.html">the 22nd World Computer Shogi Championship</a>. I hoped a close game, but <a href="http://live.nicovideo.jp/watch/lv118753162">Abe could beat Shueso quite easily</a>. Shueso somehow could not bring its ability into full play, to my great disappointment. Next weekend(Mar. 30), we will see <a href="http://live.nicovideo.jp/watch/lv118754300">the second match</a> between <a href="http://ja.wikipedia.org/wiki/%E4%BD%90%E8%97%A4%E6%85%8E%E4%B8%80_%28%E6%A3%8B%E5%A3%AB%29">Shinichi Sato</a>, another young pro, and Ponanza, developed based on Bonanza by <a href="http://www.graco.c.u-tokyo.ac.jp/~issei/">Issei Yamamoto</a> of The University of Tokyo.</p>
<p><span class="caps">BTW</span>, Debian already has <a href="http://packages.debian.org/ja/source/sid/gpsshogi">the package of <span class="caps">GPS</span> Shogi</a>, which won <a href="http://www.computer-shogi.org/wcsc22/index_e.html">the 22nd World Computer Shogi Championship</a> and considered by many the strongest Shogi engine available now (there is also <a href="http://packages.debian.org/ja/source/sid/gnushogi">gnushogi</a> in Debian, but gnushogi is quite weak).</p>
<p>You may have fun with</p>
<div class="highlight"><pre><span></span><code> $ xshogi -fsp gpsshogi
</code></pre></div>
<p>Unfortunately, we don’t have good modern <span class="caps">GUI</span> for Shogi yet…</p>Recipe for Debian Haskell packaging2013-03-21T06:12:00+09:002017-05-16T10:47:00+09:00Masayuki Hattatag:www.mhatta.org,2013-03-21:/recipe-for-debian-haskell-packaging.html<p>The following is what I usually do when I want to debianize a Haskell stuff from Hackage. This is a personal recipe, by no means official procedure or such. I may be wrong, badly at that.</p>
<ol>
<li>
<p>Check <a href="http://anonscm.debian.org/darcs/pkg-haskell/">pkg-haskell repository</a> whether your intended package already exists or not. Somebody might work …</p></li></ol><p>The following is what I usually do when I want to debianize a Haskell stuff from Hackage. This is a personal recipe, by no means official procedure or such. I may be wrong, badly at that.</p>
<ol>
<li>
<p>Check <a href="http://anonscm.debian.org/darcs/pkg-haskell/">pkg-haskell repository</a> whether your intended package already exists or not. Somebody might work on it already.</p>
</li>
<li>
<p>Find the webpage of your intended package at <a href="http://hackage.haskell.org/packages/archive/pkg-list.html">HackageDB</a>, then download “Cabal source package”. Untar it. The tarball filename should be changed to fit the Debian source package convention. For example, if the original name is something like foobar-1.0.tar.gz, then it should be haskell-foobar_1.0.orig.tar.gz.</p>
</li>
<li>
<p>File <span class="caps">ITP</span>. <a href="http://wiki.debian.org/reportbug">reportbug</a> is your friend.</p>
</li>
<li>
<p>Run <a href="http://packages.debian.org/source/sid/cabal-debian">cabal-debian</a> in untared dir: </p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cabal-debian<span class="w"> </span>--debianize<span class="w"> </span>--quilt
</code></pre></div>
<p>We do have the upstream tarball, so use —quilt. See <a href="http://wiki.debian.org/UsingQuilt">http://wiki.debian.org/UsingQuilt</a>. It might give you warnings about changelog. debian/changelog doesn’t exist yet, so ignore it.</p>
</li>
<li>
<p>Now read </p>
<p><a href="http://wiki.debian.org/Haskell/CollabMaint/Processes">http://wiki.debian.org/Haskell/CollabMaint/Processes</a></p>
<p>and</p>
<p><a href="http://wiki.debian.org/Haskell/CollabMaint/PackageTemplate">http://wiki.debian.org/Haskell/CollabMaint/PackageTemplate</a></p>
<p>carefully. Then do things as they say. These two are short, but well-written instructions.</p>
<p>Edit the generated debian/control appropriately. Do not forget to make your debian/copyright machine-friendly. See <a href="http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/">http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/</a>.</p>
</li>
<li>
<p>Test whether your package is flawless and really buildable. Do <a href="http://lintian.debian.org/">lintian</a>. Use pbuilder.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>lintian<span class="w"> </span>haskell-foobar_1.0-1_amd64.changes
<span class="c1"># pbuilder --build haskell-foobar_1.0-1.dsc</span>
</code></pre></div>
</li>
<li>
<p>Read <a href="http://wiki.debian.org/Haskell/CollabMaint/DarcsBasic">http://wiki.debian.org/Haskell/CollabMaint/DarcsBasic</a>.</p>
<p>Darcs is quite easy to use, and you don’t have to be the master of Darcs to merely debianize things anyway. Basically, what I usually do is</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>darcs<span class="w"> </span>record<span class="w"> </span>-a<span class="p">;</span><span class="w"> </span>darcs<span class="w"> </span>push<span class="w"> </span>--repo<span class="o">=</span>debian
</code></pre></div>
<p>Darcs is well-suited to Haskell-related development, but seems you can use Git, too.</p>
</li>
<li>
<p>Change debian/changelog. “<span class="caps">UNRELEASED</span>” in the first line should be “unstable” or “experimental”. Do not forget to close <span class="caps">ITP</span>.</p>
</li>
<li>
<p>Finally, do</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>debuild<span class="w"> </span>-tc<span class="p">;</span><span class="w"> </span>debcommit<span class="w"> </span>-r<span class="p">;</span><span class="w"> </span>debrelease<span class="p">;</span><span class="w"> </span>darcs<span class="w"> </span>push<span class="w"> </span>--repo<span class="o">=</span>debian
</code></pre></div>
<p>That’s all folks!</p>
</li>
</ol>Snow, Baby, Snow2013-01-14T15:48:00+09:002017-05-16T10:46:00+09:00Masayuki Hattatag:www.mhatta.org,2013-01-14:/snow-baby-snow.html<p>{% img http://www.mhatta.org/images/snowytokyo20130114.jpg 320 200 %}</p>
<p>It rarely snows these days in Tokyo. Until now.</p>Toying with Octopress2012-10-24T00:45:00+09:002017-05-15T22:34:00+09:00Masayuki Hattatag:www.mhatta.org,2012-10-24:/toying-with-octopress.html<p>Well, now you see…</p>
<p>(Note: I gave up Octopress for Pelican/Hugo in 2017)</p>