March 12, 2005

Diffie Hellman

sharedkey.jpg

Diffe Hellman is a method for exchange securely shared key between two nodes over untrusted netwrok like internet, it's not encryption method,it's key aggrement protocol that was developed by Diffie and Hellman in 1976.
in fact it generates key between two nodes,it uses a mathematical algorithm with simple concept, let's take a look the following example :

- Node A and Node B agree on two numbers : p and g
p is a larg prime number and q is called the base or generator
- Node A picks a secret number a
- Node B picks a secret number b
- Node A choose public number x = g^a mod p
- Node B choose public number y = g^b mod p
- now Node A knows y and Node B knows x
* in this step they create key as follow :
- Node A k(a) = y^a mod p
- Node B k(b) = x^b mod p
In fact k(a) = k(b) = k (laws of algebra) in this section Node A and Node B know K as shared key.

unfortunately this method hasn't authentication so a man-in-the-middle can attack and decrypt any messages from Node A and Node B.
The authenticated Diffie-Hellman key agreement protocol was developed by Diffie, van Oorschot, and Wiener in 1992 to defeat the man-in-the-middle attack. it uses digital signature for authentication each origin.

Posted by Mehrdad at 05:26 PM

March 07, 2005

MAC and HMAC

MAC (Message Authentication Code) and HMAC (Keyed-Hashing for Message Authentication Code) are mechanism for providing integrity when the data transfer over untrusted enviroment like internet, they are work base on shared secret key.
When we use MAC mechanism based on cryptographic hash functions so it called HMAC. there are different cryptographic hash functions like SHA-1,MD5,RIPEMD-160,PANAMA,SHA256 and etc.
Let's take a look to HMAC mathematical algorithm :

HMAC(Message) = Hash[(Key XOR OPAD) || Hash(Key XOR IPAD) || Message]
|| means concatenation operation
OPAD (outer padding) = 36hex, repeated as needed
IPAD (inner padding) = 5Chex, repeated as needed

for instance :
message : welcome to ippacket site
secret key : mehrdad
HMAC digest by MD5 = 76960728e94b2693149728b076c614cf
HMAC digest by SHA-1 = 95ab25cb679c193fe141cb92e55126876a5285ea
HMAC digest by RIPEMD160 = fd9bab4a7f4b69d895fbb38f2fb09972c7137c43

MAC is simple than HMAC , it uses encryption like DES.

* HMAC RFC is RFC 2104 you can read it from FAQ.ORG

Posted by Mehrdad at 04:42 PM

March 06, 2005

RSA Encryption and Digital Signature

It offers encryption and authentication (digital signature), developed in 1977 by Ron Rivest, Adi Shamir and Adleman and it works asymetric and generate public and private key by itself.thus encryption and authentication take place without any sharing of private keys: each person uses only another’s public key or their own private key.


rsa.jpg


For generate public and private keys it takes two larg prime numbers p and q , they should not equal and with a size of at least 1024 bits.
Let's take a look to its algorithm :
n define as follow :
n = p · q
phi define as follow :
φ = (p – 1) · (q – 1)
e is a number greater than 1 and less than φ as follow :
1< e < φ
d define as follow :
(d.e)/φ=1

d is private key and n,e are public key so it's difficult to obtain the private key d from the public key (n, e).
for example when our plaintext = 707
The encrypted data is c = m^e (mod n) :
ciphertext = 707^425(mod 3431) = 2142
then the plaintext is easily retrieved using m = c^d(mod n)
plaintext = 2142^1769(mod 3431) = 707

RSA group 2003 Picture

Posted by Mehrdad at 10:20 AM

March 03, 2005

A trick for using DIP at NetScreen firewall

When a host initiates several sessions that match a policy with network address translation (NAT) enabled and is assigned an address from a dynamic IP (DIP) pool, the NetScreen device assigns a different source IP address for each session. Such random address assignment can be problematic for services that create multiple sessions that require the same source IP address for each session.
I analyzed it with ethereal and i known it use round roubin algorithm for assigment source ip address for example when You ping a host,source address for request ICMP are dffrent and it use round roubin algorithm.
This behaviur cause problem for some service (some web base email,AOL instance messenger and so on)
for using same ip address from DIP pool to a host for multiple concurrent session you should set the following command
set dip sticky
P.S : you can't set this feature from web base

Posted by Mehrdad at 01:10 AM

March 02, 2005

DES

DES is one of encription algorithms , it's an acronym for Data Encription Standard
Oginally DES was developed by IBM in early 1970 as lucifer.
it's symetric and its key length is 64bits (8bits are used for parety),meaning that
there are 72,057,594,037,927,936 possible keys (56bits).
at that time (~1970) it was good algorithm for encription and decription but it's cracked
When computers became powerful.

Posted by Mehrdad at 10:38 PM

Complexity Kills Innovation

complex.jpg

I believe that any complexity in anythings can kill innovation.
These days we hear about windows OS vulnerability, worm and virus that are intruded to this OS and do wrong functions so this complexity cause complex solutions for solve them.
We can see this situation in some complex network so trubleshooting in these networks are difficult. what's your idea about this complexity?
you can see the following link about this subject :
http://www.securityfocus.com/columnists/300

Posted by Mehrdad at 12:10 PM

July 10, 2004

Internet Explorer Still Vulnerable

ie.gif

Last night I read about vulnerabilty news for Microsoft Internet Explorer again that one person uncover it.that's same as Download.Ject which patched before that with Microsoft but it didn't go far enough.
By visiting a malicious website with the Internet Explorer web browser, users can become silently infected with arbitrary code that is embedded in images! on web pages. Once installed, the code begins to log keystrokes and then calls home to servers which then upload even more payload onto infected systems.
This attacked called Download.Ject.
anyway i'm using Firefox and before that i used to Firebird, you can download it from http://www.mozilla.org/ , it's free and certain user friendly.

Posted by Mehrdad at 09:13 PM