Using Yubikey with FileVault 2

Recently I acquired a Yubikey. Product from Yubico, it allows you to generate OTP with a very elegant solution - just touch small USB stick on the metal panel on its front face and it will type the password as if you typed it with your keyboard. Naturally, it works with almost everything.


Yubikey has several modes it can work, one of them is "Static Password" mode. "Static Password" means you don't get "One Time Password", but instead Yubikey became just a portable password holder. You touch the stick and it'll type predefined password as if you did it! It's obvious solution to protect login to your system - exactly why I bought it.

I use Mac and of course I wanted full protection by enabling FileVault feature - on-the-fly data encryption. It seamlessly, and with very little performance lost, encrypt data on your main drive. I, using SSD, didn't feel any difference with my usual workflow - browser, git (with very big repos), Eclipse for cpp, Xcode for obj-c, Idea for everything else.

With FileVault enabled, your login screen changes - MacOS boots for very ascetic pre-boot login screen and asks for a password. The reason for this behaviour is, that it needs a password before it can begin to boot! Without a password it can't decrypt your hard drive. And it is on that screen where a whole lot of trouble awaited me. I rebooted, plugged Yubikey, touch it, watched small asterisk to fill password field and... FAIL. It can't boot! WTF-ZOMG-where-that-piece-of-paper-with-password! Thankfully, I saved password on a piece of paper before rebooting. I typed it by myself and it logged in! Oооh the relief.

After some time banging the wall I found out where the problem was. Yubikey is entering its password too quickly. It may be a bug, or may be some anti-brute-force measure, but if you enter the password to quickly some of the letters seems to be missing :)

There is a workaround - Yubikey has a special option for this, it's called Output Speed Throttling, and can be found in the Yubikey Personalization Tool -> Settings. It will work only after you will write configuration to a slot and it will be saved for this configuration (cost me some time to figure it out).

But i didn't want my input to be slow. I wanted it to be slow only when using FileVault login screen, which is rare - only after reboot. I found a solution, but it using both configuration slots - fine by me. So here's my solution:

• Set Output Speed Throttling to standard
• Save password to Configuration 1
• Set Output Speed Throttling to 60ms
• Save same password to Configuration 2

That's it! Now you can use fast touch to Yubikey to produce fast typing and slow (~2.5 sec) touch to produce slow typing when needed.

Also a tip - if you use advanced password, to generate the same password to second slot you can peek configuration for it at configurations log. Mine is at ~/configuration_log.csv

Poker-eval and Adobe alchemy

Today i had my first serious experience with Adobe Alchemy. It's appeared as a pretty good tool for some tasks.

My task was to try and add C library poker-eval into my project. This library is de-facto standard of poker hand calculations. It has a heavily macro C-style source and you can't just rewrite it on any other language.

There is however a pretty good attempt to rewrite part of library logic onto actionscript: http://blog.houen.net/actionscript-3-poker-hand-evaluator/. Unfortunately there is a problem of speed. It's pretty good if you need to compute value of only one hand (ex: show combo name to player), but it you want to compute thousands its worthless. I wanted to compute thousands :)

So my steps where:

First, download poker-eval source. Comprehend that it's not comprehensible and move on.

Second, download Adobe Alchemy (http://labs.adobe.com/technologies/alchemy/). Read it's samples. All of them pretty basic but gives an idea how to work with it. Try to compile some of it sample. README file is always a good start.

Third, try to compile poker-eval with adobe alchemy's compiler. May be you will have more luck with it, but i didn't. It didn't compile sending obscure messages about errors in some auto-generated as3 wrappers.

After having no luck with compilation i decided to take parts of poker-eval into my project.

I can't provide full source code, but you can easily follow from here. That what i got:

#include <stdlib.h>
#include <string.h>
#include <stdio.h>

#include "AS3.h"

#include "pe/lib/t_astudcardmasks.c"
#include "pe/lib/t_botcard.c"
#include "pe/lib/t_botfivecards.c"
#include "pe/lib/t_botfivecardsj.c"
#include "pe/lib/t_cardmasks.c"
#include "pe/lib/t_evx_flushcards.c"
#include "pe/lib/t_evx_pairval.c"
#include "pe/lib/t_evx_strval.c"
#include "pe/lib/t_evx_tripsval.c"
#include "pe/lib/t_jokercardmasks.c"
#include "pe/lib/t_jokerstraight.c"
#include "pe/lib/t_maskrank.c"
#include "pe/lib/t_nbits.c"
#include "pe/lib/t_nbitsandstr.c"
#include "pe/lib/t_straight.c"
#include "pe/lib/t_topbit.c"
#include "pe/lib/t_topcard.c"
#include "pe/lib/t_topfivebits.c"
#include "pe/lib/t_topfivecards.c"
#include "pe/lib/t_toptwobits.c"
#include "pe/include/inlines/eval.h"
#include "pe/include/inlines/eval_type.h"
#include "pe/include/poker_defs.h"
#include "pe/lib/deck.c"
#include "pe/lib/deck_std.c"
#include "pe/lib/enumerate.c"


// a C thunk for an AS3 function
// takes to string params: "2s 3s 4s 5s 6s", "2d 3d"
AS3_Val pokerEntry(void *data, AS3_Val args)
{
// set up some vars w/ default values
char *board_c;
char *player_c;
char buf[256];

// parse the input args (if there are <3 args, not all vars
// will be set and will retain default values
AS3_ArrayValue(args, "StrType, StrType", &board_c, &player_c);

fprintf(stderr, "Board %s, %d", board_c, strlen(board_c));
fprintf(stderr, "Player %s, %d", player_c, strlen(player_c));

CardMask board; /**< cards on table */
CardMask player; /**< cards in hand */

CardMask_RESET(board);
CardMask_RESET(player);

int i;
int card;
char *p;

for (p = board_c; *p; p += 3) {
  if (Deck_stringToCard(p, &card) == 0) {
    fprintf(stderr, "ERROR!");
    return AS3_String("error");
  }
  CardMask_SET(board, card);
}

fprintf(stderr, "Board mask %lld", board.cards_n);
fprintf(stderr, "Board cards by mast %s", StdDeck_maskString(board));

card = 0;

for (p = player_c; *p; p += 3) {
  if (Deck_stringToCard(p, &card) == 0) {
    fprintf(stderr, "ERROR!");
    return AS3_String("error");
  }
  CardMask_SET(player, card);
}

fprintf(stderr, "Players mask %lld", player.cards_n);
fprintf(stderr, "Players card by mask %s", StdDeck_maskString(player));

// put something in the buf
sprintf(buf, "Yo %s | %s | %f", board_c, player_c);

// return it
return AS3_String(buf);
}

int main()
{

// regular function
AS3_Val pokerEntryVal = AS3_Function(NULL, pokerEntry);

// construct an object that holds refereces to the 2 functions
AS3_Val result = AS3_Object("pokerEntry: AS3ValType",
              pokerEntryVal);

AS3_Release(pokerEntryVal);

// notify that we initialized -- THIS DOES NOT RETURN!
AS3_LibInit(result);

// XXX never get here!
return 0;
}

This file is based on test.c from AS3Lib sample, so you can simply this code into it and try to run make. But at first you will receive a bunch of errors.

Lets follow my steps further. Now you need to take include and lib directories from poker-eval source and put them into pe/include and pe/lib directories under your project root.

Next you will need pre-compiled tables (all thous t_ files). This is how you make them: go to poker-eval source root and run ./configure then go into lib directory and run make. After libs finish building you will have all thous t_ files. Copy them into pe/include directory.

Now if you run make in your alchemy project after some crunching it will produce test.swc file.

Copy test.swc file into your as3/flex project. This is how you run pokerEntry function:

 
package 
{
   import cmodule.test.CLibInit;
   
   class MyClass 
   {
       static public var poker_eval:*;
       
       public function MyClass() 
       {
           trace("Initing");
           var lib:CLibInit = new CLibInit();
           trace("Inited");
           poker_eval = lib.init();
           
           poker_eval.pokerEntry("2s 3s 4s 5s 6s", "2d 3d");
       }
       
   }
}

If everything goes well you will see masks of your hands. Now you can run native poker-eval function such as Hand_EVAL_N!

On my benchmarks (MacPro i5) this code is 40 times faster than as3 code and only 100 times slower than same code in compiled and run in native environment (you may not believe it but it's a great result for as3)!