Thursday 31 August 2006

Secure Session Keys

When setting up a secure connection across the internet, for example between your browser and your online banking site, the key used to create the encryption has to be negotiated ‘in the clear’. What would be the point of setting up an encrypted secure channel when the key had previously been send across the network for anyone to see ? Of course the key isn’t sent across the network and the following document describes *very simply* how this key negotiation is done without the actual key being sent over the network, where of course it could be seen by anybody running Ethereal or similar network sniffing software.

The method shown below is based on the Diffie-Hellman Key Exchange which was first published in 1976. See NOTE at the end of this document.


The exchange that can is transmitted openly across the network is shown in bold.

Client tells Server the starting number. This is a prime number generated at random

Client Tells Server:                                STARTNUM = 5

Client then picks another random number that is not disclosed.

Client Secret Number:                                CLI_SECNUM = 6

Client does the following maths:                STARTNUM^CLI_SECNUM = 15625
        
Client tells the Server:                                CLI_PUBNUM = 15625

Server picks a random number that is not disclosed.

Server Secret Number:                                SVR_SECNUM = 3

Server does the following maths:                STARTNUM^SVR_SECNUM = 125

Server tells the Client:                                SVR_PUBNUM = 125

Client does the following maths:        
SVR_PUBNUM^CLI_SECNUM = 3814697265625

Server does the following maths:        
CLI_PUBNUM^SVR_SECNUM = 3814697265625


The Client and Server now have a number (3814697265625), a key, that can be used to encrypt any further transmissions between them.

So the key that was calculated in public is secret and known only to the Client and Server. This works because exponential maths in not affected by the order in which the multiplications are done (power associative), and it is virtually impossible for the 3rd Party using the data available to it (5, 15625 and 125) to calculate the secret key as it is missing the equally important data of 6 and 3 (the secret numbers).

In reality though the real strength of this method lies in the size of the numbers that are used. Our example uses very small numbers so that the maths are easily checked, a real world example would use numbers that were into the billions, depending on the bit length of the encryption used. The typical length of encryption used for this type of key exchange would be at least 512 bits.

NOTE: In actual fact the Diffie-Hellman Key Exchange works as shown above with the addition of a second prime number being used in conjunction with the STARTNUM, this second number is a primitive root modulo. I have avoided this in the calculations shown above for the sake of clarity.

“So then I said to the cop, ‘No, you’re driving under the influence … of being a jerk.’” - Lenny Leonard

Monday 28 August 2006

Book: boo hoo

This is an excellent read. I’ve just read this over the bank holiday weekend. boo hoo tells the story of the rise and fall of boo.com and how $135million dollars was raised and spent in 18 months. An excellent read for anybody interested in the dotcom ‘boom and bust’ saga.

“Well, he’s kind of had it in for me ever since I accidentally ran over his dog. Actually, replace ‘accidentally’ with ‘repeatedly,’ and replace ‘dog’ with ‘son.’ - Lionel Hutz

Thursday 10 August 2006

Encryption: Hashing

A Hash is a signature for a piece of data. It is always the same size regardless of the size of the source data. Hashing is a one way process, the Hash cannot be converted back to the data that was the source of the Hash. Some common types of Hashing Algorithms are MD4, MD5 and SHA-0.

The smallest change to a piece of source data can produce an entirely different Hash. Hashes are used in a number of ways, the most popular ways in which Hashes are used is for Passwords and File Verification.

Passwords
If we store passwords as clear text it would be possible for a hacker to view and read the passwords. If however a Hash is stored instead, an attacker can view but not read the passwords. This means he cannot know what password generated the Hash. When a legitimate user attempts to login their password is run through the same Hashing Algorithm and the output from this operation is compared to the Hash value stored in the password file. If the Hash values match then access is granted, if not then an incorrect password was input and access will be denied.

File Verification
If you download some software from a website you cannot be sure that what you received what was the author intended you to receive. One way to ensure that you have an original unchanged copy of the software is to compare the Hash value of the software with the published Hash value for that particular download. If these differ, then your software is different to the version you were intended to receive.

An interesting article is this one by Bruce Schneier in which he discusses the weaknesses of MD5 and SHA, the two most common forms of Hashing.

“You go through life, you try to be nice to people, you struggle to resist the urge to punch ’em in the face, and for what? So some pimply little puke can treat you like dirt because you’re not on the team. Well, I’m better than dirt. Well, most kinds of dirt. I mean not that fancy store bought dirt. That stuffs loaded with nutrients. I… I can’t compete with that stuff.” - Moe Szyslak

Encryption: Key Systems

There are two main types of encryption system, Symmetric and Asymmetric.

Symmetric Key Cryptography
With this system the sender and receiver of a message use a single common key to encrypt and decrypt the message. The symmetric system is the simplest and fastest type of encryption, but the main drawback is that the two involved parties must somehow exchange the key in a secure manner. Symmetric key cryptography is sometimes known as Secret Key Cryptography. Probably the most popular symmetric key system at the time of writing is DES. A big advantage of Symmetric Key Encryption over Asymmetric Key Encryption is speed.
Click here for More Information

Asymmetric Key Cryptography
With the asymmetric system two keys are used. A public key to encrypt messages and a private key to decrypt them. The advantage of public key encryption is that the public key can be made available easily to anybody (in fact it has to be for the system to work) and this avoids the problem that faces symmetric key encryption which involves the secure exchange of a single key. The private key is never transmitted.
Click here for More Information

"He who wrestles with us strengthens our nerves and sharpens our skill. Our antagonist is our helper." - Edmund Burke

Monday 7 August 2006

Zen: Systems Analysis

I have just finished reading a book that I have been reading on and off for the last few months (it lived in my overnight bag and got read in hotel rooms when the bar was shut and the TV was shit, it’s been dragged around a few countries and is looking slightly worse for wear ... ). Its called Zen and the Art of Systems Analysis by Patrick McDermott.

If you fancy a light hearted and possibly spiritual look at what is a normally a very dry and logical subject then give this book a whirl. Some of the quotes are excellent. I have listed a few of these below:

Choose the Middle Way.
Embrace Contradiction.
There are many ways to the Mountaintop.
Over time, Unpleasant tasks become more unpleasant, but difficult tasks become less difficult.
To get to the root cause, ask “Why” five times.
Never base a Technical Decision on Political Issues and never base a Political Decision on Technical Issues.
Never let not knowing what you are doing stop you !
Try to walk in everyones shoes.
Always analyse from at least two angles.
Don’t let precision prevent clarity.
One who has never erred is dangerous.
The goal of brainstorming is quantity not quality.
If it is not recorded, it did not happen.
Windows XP is an abortion. (sorry, made that one up )

There’s plenty more quotes in the book and it’s a fascinating read. Try It !

"What's money? A man is a success if he gets up in the morning and goes to bed at night and in between does what he wants to do." - Bob Dylan

Friday 4 August 2006

Command Line FTP on OSX

I’m going to describe the usage of the ‘ftp’ command under Unix on the Mac. Most people at some point need the use of the ftp protocol, even if they are just uploading new content to their home page. A GUI ftp client does not come with Mac but there are a few available, although most are not free.

Besides, why clutter your OS with another utility program when everything you need is available within the Terminal window and the bash shell ? You will probably also find it is quicker than most GUI solutions when you have learnt the few basic commands needed.

For this example we will assume that you wish to transfer a document invoice666.pdf to the ftp site ftp.steve.org

Start your Terminal, and at the prompt type:

ftp ftp.steve.org

You will see a response similar to this:

Connected to ftp.steve.org.
220 SJC_BIGR5 FTP server ready
Name (ftp.steve.org:stevecholerton):

Enter your logon name and press enter, you will see something similar to this:

331 Password required for bilbobaggins.
Password:


Enter your password and press enter. You will see something similar to this:

230 User bilbobaggins logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

You now need to copy your file to the server. Note that you may change directories in the normal manner using the chdir command. To copy your file enter the following:

put invoice666.pdf

You will see a response similar to this:

local: invoice666.pdf remote: invoice666.pdf
229 Entering Extended Passive Mode (|||1670|)
150 Opening BINARY mode data connection for invoice666.pdf
100% |*********************************************| 26 0.30 KB/s 00:00
226 Transfer complete.
26 bytes sent in 00:00 (0.29 KB/s)
ftp>

Thats it. To quit the ftp program type ‘exit’ at the prompt.

If you wished to retrieve a file from the remote server you would need to use the command ‘get’ rather than ‘put’. To delete a remote file use ‘delete’. That’s all there is to it. If in doubt type a ? at the ftp prompt and all the ftp options will be listed for you. If you need further help you can type ‘man ftp’ at the command prompt ($) and the manual for the ftp command will be displayed.

"Between two evils, I always pick the one I never tried before." - Mae West

Thursday 3 August 2006

Securing Your Wireless Network

Lots of people run wireless networks within their business or home. It’s easy and simple and as far as many people are concerned their network is available for them and only them. It is a fact however that the signal from a wireless Access Point (AP) may be detected and used from many metres away. This means the house down the street, or the business next door may be using your wireless network and if they wished, looking at your data as it passes over the airwaves.

There are a few simple things that you can do to protect your privacy.

Change Your SSID
A SSID is the public name of your wireless network. SSID stands for Service Set IDentifier. Many people leave this set to the factory default, which may be LINKSYS or 3COM or similar. Change the SSID to something that describes your own network, this will at least ensure that people do not accidentally connect to your network instead of their own.

Turn off the Access Point Beacon
When you have setup your wireless network there is no further need for your AP to transmit it’s beacon that basically says ‘I AM LINKSYS. I AM HERE’. So within the administration software or webpage that you use to administer your AP, turn off the beacon. This will make your wireless network invisible to somebody who is just scouting around. If they know you have a network already or if they know the SSID they can still see and/or connect to you.

Restrict Access to specific MAC Addresses.
Each network card within a computer contains a Mac Address that is (to all intents and purposes) unique. With some AP’s you can restrict access to your wireless network to computers of a known MAC Address. The procedures differ for each AP and some do not even support this, but if your AP does support this it is worth pursuing. This assumes that you do not regularly have new computers needing to connect to your network. Also be aware that valid MAC Addresses can be sniffed from your network and the attacker can spoof his MAC Address so that it looks like yours ...

Change the Admin Password on your Access Point
This one goes without saying. If you haven’t already, do this. Do it now.

Run Encryption
Turn on the encryption option on your wireless network. If you don’t I can load a program such as E******* and see the logon and passwords you are using, the letters you are typing and your secret cookie recipe. With software such as E******* I can see every image you load on every website you visit. It’s that easy. If you only have access to WEP encryption then use it. Otherwise use WPA or WPA2 if possible. WEP encryption can be broken by a skilled attacker in under 4 minutes. If offered a choice of how many ‘bits’ do your want for your encryption, go for the highest. Always.

I hope the above benefits someone. There is lots more advice available if you need it, try Google, or leave a comment on here and I will answer it as soon as I can.

"Dreams that do come true can be as unsettling as those that don't." - Brett Butler