Yohanes Mario [dot] com

my online scrapbook of scrambled thoughts

Let's encrypt is a free, automated, and open Certification Authority.

That's what's said on the main page of their website. I've been looking into this thing for so long, but just now that I have learned that they provide a way to manually generate certificates for shared web hosting with no root shell access like the one I use. However, upon further investigation, and as I try to generate that certificate myself, I found that their documentation is lacking in terms of clarity, especially for my specific use case. In case you didn't notice, I have successfuly generated the certificate, but not without any hurdles. That's what I'm going to share here.

The steps are as follows (assuming you use Ubuntu or any equivalent distributions):

  1. Download certbot by using the command: wget https://dl.eff.org/certbot-auto.
  2. Mark it as executable: chmod a+x ./certbot-auto
  3. Begin to obtain certificate:./certbot-auto certonly --manual -d www.example.com -d example.com
  4. You will be asked to create some files with certain content in your public_html. Do each of that, and then you will get your certificate.
  5. Your certificate will be located at /etc/letsencrypt/live/example.com/fullchain.pem,
  6. and your private-key will be located at /etc/letsencrypt/live/example.com/privkey.pem.
  7. Copy them to your web hosting, install them, and you're good to go.

That's all. I hope this helps. Cheers.

I've been trying to make my own hashing function for this blog, with no luck at all. So, I try to find the latest hashing function which known to be super secure, and I encounter "whirlpool". This hashing function is and never will be patented, so it's free to use. In addition to the randomized multilevel encryption process which I have been adding since the early development of this blog, I add the whirlpool function to the mix.

Here's my multilevel encryption process which contain the whirlpool algorithm:

//the $encrypted var comes from my hand made encryption algorithm

$formation=hash("whirlpool", $password);
$array=array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l",
	"m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");

$formation=str_replace($array, "", $formation);
while($formation[$i] || $formation[$i]=="0")
while ($formation[$i] || $formation[$i]=="0")
	if (intval($formation[$i])==0)
		$encrypted_password=hash("whirlpool", $encrypted_password);
	else if (intval($formation[$i])==1)
		$encrypted_password=hash("whirlpool", $encrypted_password);

As you can see, in each level of the encryption process, there's 3 different hash functions to be executed (md5, sha1, and whirlpool). An average password will have at least 300 level of encryption. So a password cracker will have to go through at least 900 hash function executions to brute force the password, and that's only for one word. Even a super computer will be exhausted to crack it.

For more info about whirlpool, please go here. Happy blogging!

This is a program I made to make my previous post into a reality. I've been talking about multiple level encryption method. Well, here's the real deal.

The algorithm is composed by no more than 39 lines of code. It mix MD5 and SHA1 algorithm into an array of encryption process. The order of which algorithm is used in which step is defined by the pattern, and one phrase (password) will have one unique pattern, but one pattern may be assigned to different passwords.

I hope this helps you in understanding the basic idea of randomized multi level password encryption. Happy blogging!