The magic of PHPMailer

Recently I updated the website for my club, the Association for Women in Computing at WWU, to send e-mails via PHPMailer. We have a contact form with the usual subject, content, name, etc. and want to send all that to our e-mail address. The previous e-mail system went through the school’s network  and was very much broken, so it was in need of a good fix.

It was easier than I thought it would be, mostly just building some basic PHPMailer code. Add the script to your site, create a new instance of PHPMailer, and set the various properties on that instance. For example, if your mailer is $mail, you set the subject of the email like so:

$mail->Subject = “E-mail subject here”;

Then once you’re done adding all the properties, you do $mail->Send, and you’re good to go!

For the server, I ended up just creating a new Gmail e-mail address so I could use Gmail as a host. So our host property looked something like this:

$mail->Host = “smtp.gmail.com”

And then you use the Gmail address and login for the Username and Password properties. Simple and easy!

PHP does already have a built-in mail function, conveniently called mail(), which is fine for super simple e-mails but PHPMailer makes it easy to do more complicated things, like adding an attachment or using SMTP to send the e-mail. So unless you only want to do very basic things with mail in PHP, I’d stick with a library.

Official instructions and examples can be found on their Github.

Posted in Educational | 1 Comment

Generating one-time passwords using the SHA-256 hash function

A one-time password (OTP), in the realm of computer security, is a password that is only valid once and expires as soon as it is used. OTPs are important because they provide an added layer of security to many systems, especially since they are invulnerable to replay attacks.

My latest project was to make a Java program that could generate OTPs using the SHA-256 hash function. SHA, designed by the NSA, stands for Secure Hash Algorithm and serves to hash a dataset of any size into a fixed-size output (256 bits, in this case).

I incorporated GUI into my program to better simulate a real-life usage of OTPs. I used Swing (a GUI widget toolkit used with Java) to create a system that displayed two windows. The first window was simply for generating and displaying an OTP. The second window was for inputting an OTP and verifying if that OTP was valid.

The basic program design was to first generate a (psuedo)random number using Java’s SecureRandom class, which is cryptographically strong and far more secure than the typical util.Random class. This was provided as a seed to the SHA-256 hash function, and the producing hash was converted into a six-integer-long number (e.g. 123456), the OTP. This hash would then be passed in to the hash function for the next generation of an OTP, and so on.

So for example, say we are a bank and want to give our customer a temporary password so the customer can log in to their account with this password and reset their login info. The customer can click on the button in the first window to generate the password. (In reality, a distribution method such as sending a text with that password to the customer would probably be implemented, but let’s go with this simple illustration.) Now that the customer has the password, s/he can input the password into the input box in the second window, click the verification button, and the program for the second window will calculate the next OTP and compare that with the input. If it matches, the user is granted access – otherwise, the user is denied.

Fairly simple, but the crux lies in keeping both “windows” in sync. Each program calculates the next hash function output, and therefore OTP, separately and keeps track of how many times a password has been generated. So what happens when someone clicks on the generate password button twice and the verify password button only once? Well, the verification program is still expecting the first password. So in my program I created conditional branches for if the count in one of the programs is higher or lower than the other, and instructions to the lower-count program to go through enough password generation cycles to reach the count of the other program. This only applies to counts that are within 100 difference of each other, though – we don’t want an attacker doing this a whole bunch of times and analyzing what happens so they can find ways to break in.

If you are interested in viewing the code for this project, I have a sample up on Github: https://github.com/aschlesener/SHA-256HashOTP

Stay tuned for an update that will include pictures of the GUI windows in action!

Posted in Projects | Tagged , , , , , , | Leave a comment

An Intro to Linux Mint

First released in 2006, Linux Mint is a “flavor” of the Unix-like operating system Linux that has gained widespread popularity and continues to be one of the easiest versions of Linux for beginners to use.

Mint is based on another popular and widely-used Linux flavor, Ubuntu, but differs in that it comes with pre-installed software and plugins so that it is functional directly out-of-the-box. This feature is extremely appealing to new users of Linux who don’t want to experience the hassle of figuring out how to download and install this software themselves on an unfamiliar new environment.

Some of the most useful pre-installed software: GIMP, a free alternative to Photoshop; LibreOffice, a free alternative to MS Office; Banshee, a media player similar to iTunes that you can sync with your Android, iPod, or what have you; essentially everything that someone used to the Windows/Mac GUIs might be looking for.

On a personal note, while I now prefer Ubuntu for my daily work, Mint was definitely the right choice when I was starting out, mostly due to the clean and simple Windows-like look. Plus, the gray and green color scheme is gorgeous!

Mint distro

If you’re really interested in the technical differences between Linux distributions, distrowatch.com is a great resource (thanks to my old dentist, who recommended it during a discussion on our favorite distros!). Here is their article on Mint.

Posted in Educational | Tagged , , , , , , , , , | Leave a comment