How do I program a function to generate a secure Block Cipher Encryption-Key?

I am currently studying the most widely known encryption algorithms and methodologies. For practice purposes, I am currently pursuing a project where I just implement everything from ECB to RSA as some kind of a C crypto library.
I wanted to ask, how I would generate a more or less secure key in a C program (i know, that writing a crypto library on my own is not secure at all but I just want to learn basic principles from key generating to key exchanging to encryption mechanisms).
So, how could I approach the problem of implementing an algorithm for a secure key generation? Which main issues need to be considered to reach an at least mediocre key security?

Does an NPC stat block get racial bonuses added to it?

Specifically, there is a character in the Curse of Strahd (p. 133):

Also, it’s worth pointing out that (from p. 119):

The only example I know of (in Curse of Strahd, at least) of an NPC statblock given to a non-human race is:

In the former case, no changes are specified at all, only an alignment and a race. In the second case, a few changes are made, but not enough to be a fully fledged member of that race.

It seems that, RAW, no changes are supposed to be made to these statblocks except those that are explicitly given, but I’m wondering whether there are any generic rules for NPC stat blocks that I’ve overlooked that state that such NPCs should be given the relevant ability score adjustments to match that NPC’s race, or any other racial traits as per the Player’s Handbook?

Block ping request and Nmap scan

I am learning nmap scanning from beginning.

I tried to scan my office pc with the following command

nmap -sP -PP 192.168.1.104 --disable-arp-ping 

and it works fine..It shows that 1 host is up

BUT

when I tried to scan for open ports then it shows errors.

I have used all commands like nmap -f, nmap -sI etc but I can’t scan the host.

Actually my target pc is using Symantec antivirus and he is blocking my IP address because when I used to ping then it shows nothing.

How to get an array of custom blocks by block name

Scenario: I have created a custom block that outputs a list of posts, with control over number of posts, and the taxonomies where the posts can be selected from.

The custom block is nested inside a custom “row” block, and further inside a core “column” block. The registered id of the custom block is e.g. ‘xx/dyno-list’

Need: I need to extract a list of the posts that have been assigned to the custom block via grabbing the data attached to each block, e.g. an array of posts.

Perhaps using something like: wp.data.select('core/blocks').getBlockTypes('tr/dynamic-list') which does not work…

Each custom block has a unique “name” attribute, e.g. “block_one”, so I need to be able to grab the list of custom blocks, i.e. ‘xx/dyno-list’ and then grab the lists of posts within that specific block.

I need this so as to be able to “de-dupe” the posts list between custom post list blocks.

Question: How to grab a list of the custom blocks by their registered name and then by the attribute name

How to block all inbound traffic from a specific Internet address or subnet using TomatoUSB router software (LINUX based)

I’m not trained in Linux, but I think I found the solution to my problem documented, but it is not working as expected. I am NOT an iptables guru, I’m learning as I go.

A Russian IP is trying to hack my network, especially an email server I have running on my network. So I have a port forward of port 25 to the mail server machine. My router is running TomatoUSB – a Linux based router I have root ssh access to.

I’ve tried this command:

 iptables -I INPUT -s 45.142.195.5 -j DROP 

And

 iptables -L -nv  

returns a lot of stuff, and now at the very beginning looks like this:

 Chain INPUT (policy DROP 9 packets, 504 bytes)   pkts bytes target     prot opt in     out     source               destination      0     0 DROP       all  --  *      *       45.142.195.5         0.0.0.0/0 

This did not stop the traffic, though, as my email server is still reporting connection attempts from this IP address, so the rule is not dropping anything.

Perhaps the INPUT chain is not where I need to add this? I’m not yet educated on the different chains yet. INPUT intuitively seemed like the right place, but because this is a NAT router, should I really have some sort of rule in the FORWARD chain that can say not to forward to anyone if this is the source address?

Seems like what I want to do should not be difficult, but I’m struggling to figure this one out so far.

What is a reasonable stat block for a level 8 party destroying a book of darkness

I want my party to avert a powerful wizard from becoming a lich. I know this can be done with a tome of darkness, and I’d like the party to destroy the tome of darkness in about three turns if two party members focus fire. The suggested state of items in the DMG makes a book comically easy to destroy, so I want some more magical tome that might survive longer. What’s a reasonable stat block to give it?

Converting LVM root block device to an encrypted one

Is their an easy way to convert a vanila install with unencrypted root partition to an encrypted one (eg LUKS) in Ubuntu 16.04? I know that Android offers equivalent functionality, but am unaware of a “Linux” equivalent, and posit that this is OS specific and non-trivial.

I note the root filesystem is EXT4 and /boot is a seperate partition. I am aware of the possibility of backing up my data and reinstalling the OS, I’m just wondering if there is a more expedient way.

Designing a stat block for a 5e Hieracosphinx

The Hieracosphinx is a lesser Sphinx that does not have an official stat block for 5e, as via Christopher Perkins’ Twitter. However, I would like to use this monster in a desert setting with Level 6 characters, for which the more powerful Gynosphinx (CR 11) and Androsphinx (CR 17) are out of question for being too powerful and not evil. In 3e, which I’m not at all familiar with, the Hieracosphinx had a CR of 5 apparently, see here, but I have no idea if I could translate the stats 1 to 1 into 5.

Another idea that I had was scaling up a Griffon (CR 2), giving it the Gynosphinx’s Claw Multiattack, a bit more HP and a few spells from the spell list.

So, what approach should I take here? I have never designed a monster from scratch before, only adding or subtracting 1 or 2 things from existing monsters sometimes.

How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?

My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.

When it comes to advertising, the type of ultrasonic messages that I am referring to are described in this Wired article titled “How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You”, from 2016. The article says (emphasis added):

The technology, called ultrasonic cross-device tracking, embeds high-frequency tones that are inaudible to humans in advertisements, web pages, and even physical locations like retail stores. These ultrasound “beacons” emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you’ve seen, what sites you’ve perused, and even where you’ve been.

The Wired article also mentions that:

Now that you’re sufficiently concerned, the good news is that at the Black Hat Europe security conference on Thursday, a group based at University of California, Santa Barbara will present an Android patch and a Chrome extension that give consumers more control over the transmission and receipt of ultrasonic pitches on their devices.

Being that the article was from 2016, I looked at the Black Hat Europe conference from that year for more information about the Android patch. The presentation mentioned in the Wired article seems to be this one.

The presentation slides (available here) led me to the ubeacsec.org website where the researchers do have an android patch as mentioned in the Wired article. Alas that patch is a research prototype made for android-5.0.0_r3.

There is also this research paper from 2017, titled “Privacy Threats through Ultrasonic Side Channels on Mobile Devices”. The authors of this paper found out for example that

  • Advertising platforms such as Google’s Universal Analytics and Facebook’s Conversion Pixel provided services utilizing this technology. The researchers analyzed three commercial solutions: Shopkick, Lisnr and Silverpush.
  • 234 Android applications analyzed by the researchers were constantly listening for ultrasonic beacons.
  • Out of 35 stores visited in European cities, 4 were using ultrasonic beacons at the time of the research.

Anyway my interest is not just about blocking advertising trackers. Even though the marketing departments may be the largest consumer of this technology, it can be utilized in many other ways as well.

And this issue is related to another technology, namely the Google Nearby Messages API. The overview document written by Google about this technology (here) says that (emphasis added):

The Nearby Messages API is a publish-subscribe API that lets you pass small binary payloads between internet-connected Android and iOS devices. The devices don’t have to be on the same network, but they do have to be connected to the Internet.

Nearby uses a combination of Bluetooth, Bluetooth Low Energy, Wi-Fi and near-ultrasonic audio to communicate a unique-in-time pairing code between devices.

The concerns about the Nearby Messages API are:

  1. Its ability to pass small binary payloads, i.e. presumably executable code.
  2. That while it is easy to disable Bluetooth and WiFi on a smart phone, it is not so easy to disable the microphone.

Question:

Are there ways to block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?