security

Upgrade your old RSA SSH key to Ed25519

The RSA algorithm has some problems and you should update to Ed25519

4 minute read

If you work regularly with remote machines or use online services like Gitlab, you are probably using an SSH key. And if you have not updated it recently, chances are you are using an RSA key, or, god forbid, an ECDSA or DSA key. Well, bad news: in order to be on the safe side, you should probably upgrade. A presentation at BlackHat 2013 reported significant advances in solving the problems on which DSA and some other key types are based. The presentation suggested that keys based on elliptic curve cryptography (ECC) should be used instead: ECDSA or Ed25519. Additionally, ECDSA and DSA have nasty additional issues, so you should probably just stick to Ed25519. Here’s how to upgrade.

Arch with LVM on LUKS

Arch Linux installation with LVM on a LUKS-encrypted drive

8 minute read

Edit (2020-06-16): use dd to create swap file instead of fallocate
Edit (2021-07-01): fix typo in GRUB_CMDLINE: cryptodevice -> cryptdevice
Edit (2021-11-04): fix terminology mess-up: LUKS on LVM -> LVM on LUKS


Disclaimer: some of the steps in the Arch Linux installation procedure change from time to time, so I would recommend to check out the awesome Arch Linux installation guide in the Arch wiki to get a fully up-to-date picture of the process.


It is well known that Arch Linux does not have the easiest install process of all Linux distributions. In my opinion, for technical users this is a big plus, as you get to know your system better simply by having to set it up from scratch. This comes with the perk that you only install the packages you need, leading to a smaller and arguably snappier system.

In this guide, I’m documenting my latest Arch Linux installation on my laptop, where I set up a logical volume with LVM on top of a fully-encrypted disk with LUKS. Encrypting your disk in your mobile devices should be a requirement if you value your security and/or privacy. Nowadays it has almost no performance penalties and it provides countless benefits.

Tor with qutebrowser

Run qutebrowser with tor by default

1 minute read

If you are a qutebrowser user and care about privacy and anonymity, you may want to run qutebrowser using the tor network by default. Doing so is easy. This post documents how to set it up.

Website design by myself. See the privacy policy.
All content on this site is licensed under CC-BY-NC-SA 4.0.