The first way you can do this is, of course, to apply such a certificate from a trusted Certificate Authority (CA), such as VeriSign. But can you do this without a CA?

Yes, it is possible for you to generate such a certificate manually using open source software. However, note that the certificate is self-signed, meaning it is signed by you as the trusted root source.

To do this, you have first to download a piece of software than can generate PCKS12 format certificates. The most common one is OpenSSL software.  You can visit this website to know more:

http://www.openssl.org.

The original OpenSSL software is made primarily to be run on the Linux platform. As a general Windows user, you might need to use the program on a Windows platform, and may not know how to compile the source code of OpenSSL to make it run on a Windows platform. If you have this headache, you can try the Windows compatible OpenSSL work available for free here:

http://www.slproweb.com/products/Win32OpenSSL.html

Upon successful installation of the software, go to the bin directory of your installation to locate the software openssl.exe that you need to use to generate PKCS12 certificate.

I followed the instructions here to create my own certificate:

http://tinyurl.com/4s5zqo

I have added my own explanations and remarks and simplified a bit the process. Here are the steps:

Assume you have installed your software on the path c:\Openssl

1.    Generate a RSA Private Key in PEM format

Type:
>C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048
Where:

• my_key.key  is the desired filename for the private key file
• 2048  is the desired key length of either 1024, 2048, or 4096

2.    Generate a Certificate Signing Request:
Type:
>C:\Openssl\bin\openssl.exe req –new –key my_key.key –out my_request.csr

• my_key.key is the input filename of the previously generated private key
• my_request.csr  is the output filename of the certificate signing request

3.    Follow the on-screen prompts for the required certificate request information.
4.    Generate a self-signed public certificate based on the request.
Type:
>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt

my_request.csr  is the input filename of the certificate signing request
my_key.key is the input filename of the previously generated private key
my_cert.crt  is the output filename of the public certificate
3650 are the duration of validity of the certificate. In this case, it is 10 years (10 x 365 days)
x509 is the X.509 Certificate Standard that we normally use in S/MIME communication

This essentially signs your own public certificate with your own private key. In this process, you are now acting as the CA yourself!
5.    Generate a PKCS#12 file:
type:
>C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name “my-name”

• my_cert.crt  is the input filename of the public certificate, in PEM format
• my_key.key  is the input filename of the private key
• my_pkcs12.pfx  is the output filename of the pkcs#12 format file
• my-name  is the desired name that will sometimes be displayed in user interfaces.

6.    (Optional) You can delete the certificate signing request (.csr) file and the private key (.key) file.
7.    Now you can import your PKCS#12 file to your favorite email client, such as Microsoft Outlook or Thunderbird. You can now sign an email you send out using your own generated private key. For the public certificate (.crt) file, you can send this to others when requesting them to send an encrypted message to you.

Tags: self-signed Public Key, OpenSSL command

Originally, you can use PGP (Pretty Good Privacy) freeware to communicate freely. PGP freeware can be downloaded here:

http://www.pgpi.org/products/pgp/versions/freeware/

However, since they have recently taken down the freeware for the Windows platform, I’ll show you how to use another piece of software called “gpg4win” to do the same thing.

This software was created from an open source effort, and it supports OpenPGP standard. With a suitable plugin, you can use this with some other email clients such as Thunderbird and Clawmail for S/MIME email encryption.

You can download the latest version here:

http://www.gpg4win.org

Upon successful installation, you’ll find the following welcome screen:

Select “Generate key now” if you do not have a PGP private and public key pair.

Input your full name and email address, then carefully input a passphrase. This is an important step, so select something you can recall because you need to correctly enter your passphrase when you want to use your private key later.

Follow the onscreen instructions and create your key pairs. If you require a backup key to be generated, make sure you save the key pair in a safe place.

Now you can see your newly generated key in the application windows like the one I have generated for myself:

Public Key Infrastructure: Using GPG4WIN

However, before you ask someone to send an encrypted message to you, you need to export your public key to them. You can select the “Export” function of the application window to do this.

After selecting the Export function, the program will ask you where to save the exported public key. Select a location where you can retrieve the saved public key later.

Now you can send your key to anyone who needs to send you confidential messages. Those who have your public key can then encrypt the message using your public key. Those encrypted messages can only be opened by you, who owns the private key.

As an example, suppose there is someone who already has encrypted a message (or simply a file) using your public key. Let’s call the original file “plaintext.doc,” and the encrypted file you received should be “plaintext.doc.gpg”. (The software adds the file extension “.gpg” to the output file it has encrypted)

Pressing the “Files” button under the application window displays the program’s file manager. You can locate and select the file “plaintext.doc.gpg” that has been saved in your computer previously.

GPG4WIN File Manager

By pressing the Decrypt button, you are prompted to enter the passphrase for your private key to decode the file. Upon presenting the correct key, you should now have the decrypted file under the same directory of your encrypted file.

To encrypt any file to other people, you need to import their public key by using the Import function of the main application screen. Select the public key file you obtain from other people (this should be a file with file extension “asc”), and click okay to proceed with the import.

By using the same file manager, you can select the file you want to encrypt and then choose the “Encrypt” function to produce the encrypted output file. Remember to use the public key of the person you have just imported to encrypt the file. You can then send this file to the party who owns the private key of the corresponding public key you have just imported to encrypt the file. That party should be able to decrypt the file using his/her private key.

Try this software and let me know if you have any problems or issues by leaving a message here.

Tags: GNU Privacy Assistant

Actually, there is a third-party GUI interface program that can be run on a computer without administrator rights, and you are still able to access the container file of TrueCrypt upon supplying the correct password.

This software is called TCExplorer, and you can access it for free here:

http://www.codeproject.com/KB/files/TCExplorer.aspx

I have been testing this for a while and I think it’s a great piece of software, especially if you want to use a TrueCrypt file on a public computer.

Here are some notes about using this software:

1   TCExplorer cannot manage the TrueCrypt file created by the latest version. I tried this software on a container file made with Version 6.0a without success. Based on information in the author’s release information, I tried the earlier version of TrueCrypt back to 2007, such as Version 4.3a, and it works fine.

2   Fortunately, Version 4.3a’s container file can still be managed by the latest TrueCrypt program, v6.0a. So what you need to do is create a v4.3a container file using the old version of the TrueCrypt program by running it once (you can download the old version of TrueCrypt here: http://www.truecrypt.org/pastversions.php) and use the latest version to manage the file, like mapping this old version container file as a drive to your computer with administrative rights.

You might wonder why the official TrueCrypt project does not offer this feature to the program. Actually, this is a common drawback of all so-called “on-the-fly” real time data encryption programs. One of the main intentions of this kind of real-time data encryption program is to use system drivers to embed all encryption processes in the system so that the user will not need to take care of the encryption/decryption process when they add or extract data files from the container file. The whole process can be made transparent to the users.

And to be able to install and use the specially created system drivers, you must have the administrative rights.

If the on-the-fly feature is not needed, then we definitely do not need to install the system drivers and hence there is no need to have the administrative rights. But then you have to take care of another security concern. The user needs to set up a temporary place to store and process the encrypted/decrypted file from the container file as now there is no real-time process to help encrypt/decrypt the file directory to the system. This place is prone to data leakage as the user must remember to clean it up after using the program.

Take the TCExplorer as an example. It automatically creates a temporary directory either in the USB thumb drive you are using or it sets up a temporary directory in your computer, such as: C:\Documents and Settings\YourUserName\Local Settings\Temp.

After using the program, you need to clean the temporary data there or risk that the decrypted files will be left there without encryption. This program does provide a feature to delete the temporary directory as shown:

But the user still has to remember to use this feature.

So perhaps this explains why the official TrueCrypt project does not provide this feature, because it introduces a security weakness to the program if we allow the user to use this program on a computer without administrative rights.

So use this program carefully if you think it can help. As the author of TCExplorer commented, there are advantages and disadvantages of using this program. The author’s intention is to provide a truly portable solution for people with documents that are not highly confidential but don’t want others to view their documents (for instance, if a thumb drive is lost). If this is what you’re looking for, then perhaps TCExplorer is right for you.

Tags: on-the-fly data encryption, USD Data Encryption, Encrypting data without administrative rights, USB Data Encryption and Decryption without administrative rights

The operation of Public Key Infrastructure strongly depends on “trust”.  And this is also related to the application of asymmetric cryptography technique.

To illustrate this, let’s suppose Bob wants to send a message to Mary securely over the Internet. He needs Mary’s public key to encrypt the message. Theoretically, it is Mary, who owns the one and only one private key of her own, who can decrypt the message. So Mary is the only recipient who can open this message. Bob achieves his objective of keeping the secrecy of this message and revealing it to Mary only.

But the problem is: how can Bob get Mary’s correct public key? Suppose hacker Tom wants to intercept their communication. He can create a fake public key for Mary and send it to Bob. Bob, without knowing that this key is fake, uses it to encrypt the message he intended to send to Mary. The message could then be compromised by Tom for he is the person who owns the corresponding private key to the fake public key he created for Mary.

Tom can then even further re-encrypt the secret message using Mary’s real public key, sending it to Mary, and she doesn’t realize that someone other than her has read the message. And worst of all, Tom can modify the message before he encrypts and sends it, compromising both the confidentiality and the integrity of the message.

How can Bob solve this problem? He can ask for a trusted third party to help verify Mary’s public key. Let’s say this third party is Peter. Peter can help Bob by signing on Mary public key using his own private key. However, there are two conditions that need to be satisfied for this verification to work:

• First Bob must have full faith in Peter’s role as a verifier.

• Second, Bob must have an authentic public key for Peter in his key database. He needs Peter’s public key to verify Mary’s signed public key and hence reconfirm the validity of Mary’s public key sent by Peter. (Without Peter’s authentic public key, Bob has no way to ensure he has Mary’s correct public key.)

If the above two conditions are satisfied, there is no way that hacker Tom can send a fake public key for Mary to Bob, because Bob can identify it as fake, with the help of Peter.

But then this leads to another problem: Bob must have a trusted and verified public key for Peter! This seems to create the very same problem involved with verifying Mary’s public key. Bob needs to repeat the same verification procedure used for Mary’s public key, looking for someone who can verify Peter’s public key. This problem can go on and on in a circle until Bob can find an ultimate trusted “root” of public keys.

In the modern public key infrastructure (PKI), the role of Peter is played by a so-called Certificate Authority (CA). In a communication system, CAs are trustworthy organizations that have the corresponding, verified public keys of the users you want to communicate to. The CA holds a database containing the signed public keys it issued for the users who have applied and obtained the public key/private key pair through it. The private key is kept by the user, and the public key is posted to the public and maintained by the CA.

You must have trusted CAs in your database or otherwise the above story can never reach its end.  Take our popular Internet Browser IE as an example. If you take a look at Tools ==> Internet Option ==> Content ==> Certificate ==> Trusted Root Certificate Authorities, you can see it contains a long list of trusted Root CAs.

Public Key Infrastructure: Trusted Root Certificate

The popular ones in the USA are VeriSign, Thawte, etc., which are commercial organizations. In most other regions, CAs come from Government initiatives. Take my home country of Hong Kong as an example. The official CA here is the Hong Kong Post Office, which is a governmental department, with its original function serving the postal service in Hong Kong. Government-backed organizations possess the “trust” factor, and that is an important criterion for a root Certificate Authority who needs to sign and verify its publicly issued keys.

Each CA must possess a very robust infrastructure of its Internet public key directory in serving the intended communication parties of its certificate clients.

Without CAs, you would have to verify the public key yourself. In the above case, Bob would need to verify Mary’s public key before he sends her any message encrypted by the public key he has on hand. This can be done with offline communication such as phoning Mary to verify the key, or simply getting the key from Mary by meeting her face-to-face. Of course, this is very inconvenient and impractical in most electronic communication cases.

To reveal this interesting application, try the following program available on the Internet:

http://linux01.gwdg.de/~alatham/stego.html

JPHS is a program written by Allan Latham (alatham@flexsys-group.com) many years ago to conceal a hidden ASCII-based text message within a JPEG picture file.

After successfully downloading and decompressing the file, you can follow these steps to test out this program:

To hide the message:

1. Select a picture or image you like. Download it (if necessary) and save it as JPEG file. Note the JPEG file size.
2. Use Notepad to create a simple text file with some “secret message”. Save the file.
3. Extract the downloaded file. You should find a file named Jphswin.exe. This is the Windows Version of the program with GUI to operate steganography on the jpeg file. Upon running the file, you will see the JPHS for Windows screen.
4. First, click Open jpeg to define the JPEG file you made in Step 1 as the input jpeg file. Look at the bottom of the window. What’s the message?
5. Do you have any limitation on the data file you want to hide inside the JPEG file? (Hint: look at the description of the first row of the JPSH for Windows screen)
6. To begin the process of hiding information, click the Hide button on the JPHS toolbar. It prompts you for a passphrase. Enter something of your choice here. (What are the criteria of a good passphrase?)
7. Next, select a file you want to hide. (You can use the text file you made in Step 2.)
8. Look at the middle row of the JPHS for Windows. You will see that your hidden file has been defined.
9. The next step is to generate the output JPEG file by clicking Save jpeg (or Save As if you want to save the output jpeg file as different name). Look at the bottom of the window and make sure you get a confirmation message from JPHS before you close the program.
10. Check again with the file size of the newly generated JPEG file. Is there any change?
11. Open the two JPEG files (the original file and the new one). Can you detect any difference between the images?

To extract the hidden message:

1. Run JPHS for Windows again. Click Open jpeg and select the previously generated JPEG file with hidden information.
2. Click the Seek button and JPHS will prompt you for the passphrase of the hidden information. Enter the passphrase and click OK.
3. JPHS prompts you for a location to save the hidden data. Browse to the location and click Save.
4. To open the data, open the Windows explorer and locate the new file. Right click on the file, then select Open with, and select the appropriate application to view the information. In this exercise, Notepad can be used. You can now retrieve the hidden information.

Note: If your input secret text file is too large compared to the original JPEG file, the program will warn you that there will be statistically significant bias of the resultant JPEG file from an original JPEG file that could cause the possible detection of the embedded secret message. The bias can be so great that it could be noticed by even unsophisticated users.

So, use this program carefully, following the program’s advised size limitation of the secret message file.

Tags: Hide Information in a Picture File, tool to perform steganography

To get this free program, go to this link:

http://www.rohos.com/free-encryption/

Similar to TrueCrypt, you must create a container file to store your encrypted files. Therefore, first use a computer that you do have administrative rights on, get the installation file, and install it on that computer.

Follow the program’s instructions to create a container file. After the file creation, you will find a system folder (_rohos) in your USB thumb drive with the container file named “rdisk.rdi” as shown below:

Please note this free version allows you to create a virtual container file with maximum volume of 1 GB.

Now map this Rohos mini drive as drive “R” in your system (“R” is the default drive letter that you can change) and load it with the data files you want to securely store. (Just copy and paste those files to the drive file by ordinary file copy process.)

Next try the Rohos drive in a computer for which you do not have administrative rights. (You can also simply log into the same computer with a limited privileges account.) You can now double click the “Rohos mini.exe” file (shown as yellow icon above) in your USB thumb drive and the program will ask you to input the password to access your container file under “_rohos” folder.

Supply the correct password used previously for the container file. Rohos will return with a browser window containing all your encrypted files.

You can double click any file to open it in its associated program. Rohos will temporarily decrypt the file and load it into the temp directory it creates on your USB memory device in order for the system application to access it.

You can save any file within the Rohos Disk Browser to the local computer by accessing the File→Save function. The software will prompt you to enter the designated folder location to store the decrypted file.

To copy any file from your local computer to this container file (and encrypt it at the same time), just drag and drop any file from any file directory to the Disk Browser Window.

To shut down the program, simply close the Browser Window. The software will prompt for confirmation to clean up any decrypted files in the temporary directory.

The beauty of this program is you can use it anywhere on any computer, even if you do not have administrative rights. It also offers both AES 256 bit and Blowfish encryption technology to protect the data. Both are world-class encryption technologies that we can depend on.

However, please note the following limitations of the program:

• You can only create a container file with a maximum capacity of 1GB for the free version. Also, you can only create one container file per USB thumb drive’s partition.
• Nothing is known about the random number generator the program uses to create the encryption key. Is there any weakness in the random number generator it is using? Unlike TrueCrypt, it does not ask for the user’s input to help create the random number to generate the encryption key.
• The program is not developed under Open-Sourced effort. Therefore, the code is proprietary and closed. Nothing is known about any possible inherent weakness in the program design because it has not been reviewed publicly by security and programming experts.

This software provider does provide a paid version with enhanced features such as storage size exceeding 1GB, allowing more than one encrypted virtual drives on single USB drive, and more.

If you have any comments and ideas about using the Rohos Mini Drive, leave me a message here.

Tags: Blow Fish, USB Data Encryption

Try TrueCrypt.

TrueCrypt is an open sourced project providing a simple solution to encrypt your USB data (or actually data in any other movable or internal storage of your computer). The encrypted data container (let’s call it a container file) can be treated as an ordinary drive in your computer. This program mounts the container file as an ordinary drive. The container file can be made into a single standalone file or cover an entire hard disk partition on your local or remote drive.

To illustrate this, here is a screen capture of how I mapped my 68.4GB container file on one of my hard disks as P drive. After mapping, I can open my P drive as if it were an ordinary drive to store and retrieve files. All the files that are stored in this container file are encrypted.

The file container can be named with any name and any extension. So you can disguise a container file by naming it something like “song.mp3” or “picture.jpg” to make your container look, at a glance, as if it were just an mp3 or jpg file. This serves as a concealment to hide the true identity of this container file. When ordinary people browse your hard disk, they may not notice that it is an encrypted TrueCrypt container file.

You can also copy or move this container file to any storage place you want. This enhances the mobility of your data.

The encryption used to protect your data is AES, which is one of the strongest encryption methods in contemporary encryption technology.

The only price you need to pay is to manage your password carefully to access this drive. For instance, do not disclose your password to others, and choose a password that is difficult to guess. Also, use a longer password with a combination of characters, digits, and symbols.

There is an extra feature of this software that you should not miss. TrueCrypt offers the option to create a hidden volume in your container file. This is actually an invisible volume in your encrypted drive that you cannot normally view. If create this hidden volume with a different access password, when you mount your container file to your system using this different password, the mounted volume will unveil the hidden volume to you instead of the normal volume, allowing access to this hidden volume.

One reason you may need this extra hidden volume is that if someone were to force you to open the encrypted drive, you can reveal the contents within the normal drive without revealing the truly important contents inside the hidden volume.

Is TureCrypt portable? Yes or no. On one hand, it can be run without installing in a computer, allowing you to map your file in any computer that that does not have this software installed. However, you must have administrator rights on that computer in order to mount and decrypt the container file. Therefore, you cannot bring your encrypted file to a public computer and decrypt the container files there.

There are similar open sourced solutions, such asFreeOTFE. This software offers an extra feature of mapping your container file to a preferred drive letter that you assigned beforehand. However, the user interface is less appealing.

We’ll talk more about installing portable data encryption solutions without administrator rights. Stay tuned to this blog.

If you know any similar software that can do this job, leave me message here.

Tags: USB Data Encryption

Until modern times, cryptography referred almost exclusively to encryption, the process of converting ordinary information (plain text) into unintelligible gibberish (confidentiality). Cryptography is now considered to be a branch of both mathematics and computer science, and is closely related to the study of information theory, computer security, and engineering. Now we apply this technology to achieve the other two objectives – integrity (using a digital signature) and availability (protecting the data from being corrupted and destroyed).

The key, a parameter that determines the functional output of a cryptographic algorithm, is the important element of cryptography. In encryption, a key specifies the particular transformation of plaintext into ciphertext (or vice versa during decryption).

This concept was introduced in cryptography in 1466 by Leon Battista Alberti, the famous Italian Renaissance architect.

Let’s consider a parallel situation in the physical world to describe how a key works in cryptography. Your own front door lock is mass produced by a company, and each lock is sold with a unique key that works only with the door locking mechanism within the door lock that it is designed for. Other people may own the same lock model made by the company, with the same basic locking mechanism. However, you are the only one who can unlock the door because your key, which is different from the keys of other people, is the only one in the world that fits the specific combination design inside of your door lock, making your home secure (theoretically!).

Computer security works in a similar way. A key used to “unlock” a cryptographic algorithm. And the longer the key, the more difficult it is to break into the system by trial and error. The hacking technique of attempting to break a cryptographic algorithm by trial and error is called a brute force attack, and the time and effort needed to break the system is called the work factor.

For more information about cryptography, refer to various posts in the blog found here:

http://www.bestinternetsecurity.net/category/cryptography/

Tags: Cryptographic Key More news by category Topic -: Buy phentermine saturday delivery ohio Tramadol hydrochloride tablets Picture of xanax pills Free shipping cheap phentermine Buying phentermine without prescription Safety of phentermine Pyridium Generic viagra cialis Cialis generic india Pink oval pill 17 xanax identification Buy free phentermine shipping Best price for generic viagra Information about street drugs or xanax bars Ordering viagra Snorting phentermine Hydrocodone overdose Lithium Amiodarone Get online viagra Order viagra prescription Order xanax paying cod Cheap phentermine free shipping Imiquimod Tramadol next day Linkdomain buy online viagra info domain buy onlin Pfizer viagra sperm Vidarabine Cheapest viagra price Prevacid Viagra cialis levitra comparison Dutasteride Lisinopril Thiotepa Female spray viagra Black market phentermine Betamethasone Cialis forums What does xanax look like Loss phentermine story success weight Order xanax overnight Viagra alternative uk Diet online phentermine pill Order xanax cod Mecamylamine Eulexin Cheap hydrocodone Buy cheapest viagra Viagra xenical Phentermine with no prior prescription Xanax in urine Macrodantin Cheap phentermine with online consultation Epivir Buy phentermine epharmacist Ditropan Woman use viagra Cialis erectile dysfunction Xanax withdrawl message boards Viagra online store Atorvastatin Generic ambien Is phentermine addictive Next day delivery on phentermine Buy online viagra Ethanol Natural phentermine Avandamet Xanax long term use Diet page phentermine pill yellow 5 cheap Cheapest secure delivery cialis uk Information medical phentermine Cialis experience Phentermine no perscription Compare ionamin phentermine Viagra cialis levivia dose comparison Noroxin Effects of viagra on women Buy cheap cialis Viagra shelf life Hydroxyurea Phentermine discount no prescription Buy cheap online viagra Dog xanax Online cialis Viagra class action Viagra price Phentermine without prescription and energy pill Hydrocodone cod only Nicoumalone Cheapest viagra Cheap ambien Vicodin without prescription Phentermine prescription online Phentermine snorting Mirtazapine Quazepam Isradipine Buy generic viagra online Xanax look alike Moxifloxacin Viagra experiences Piroxicam Nicorette Free try viagra Sotalol Cash on delivery shipping of phentermine How do i stop taking phentermine Xanax prescriptions Cheapest phentermine 90 day order Niacinamide Phentermine weight loss Phentermine

Suppose we have a plaintext of 1100001111100 and a key of any arbitrary binary number 0001111001000 of the same length. If we XOR them together to give a ciphertext, the ciphertext is:

The XOR output is the ciphertext.

If we now apply the XOR function to the ciphertext with the same key:

The XOR output becomes the original plaintext.

So you can see, the XOR function serves exactly what a symmetric encryption does.

We encrypt (XOR) the original message into the cipher message with any chosen key. Then we can decrypt (XOR) the cipher message back to the original one with the same key.

If you study a lot of symmetric encryption algorithms like DES, you will note that XOR functions play a very important role in the encryption process.

Perhaps the safest encryption system we can now do with symmetric encryption is the so called “One-Time Pad.” This refers to using an infinite long key to XOR with your original message to give a cipher message. If you do not repeat the bit sequence of the encryption key used in your subsequent encryptions, then there is no way a hacker can uncover the original message from ciphertext unless s/he has the same set of one-time pad (the encryption key) that you have. Claude Shannon proved, using information theory considerations, that the one-time pad has the property he termed perfect secrecy.

But of course, practically, it’s not feasible if not impossible to use one-time pad. This is because the receiver needs to process the same identical one-time pad as what you have in order to decrypt the message. You may have a hard time transmitting the one-time pad to the receiver beforehand, considering that it has to be of a length that is long enough to fulfill your present and all future communication needs with the receiver.

The most interesting example of one-time pad I can think of is in the movie “Crimson Tide” with Denzel Washington. This movie is about a US Navy submarine. In the Navy, whenever a submarine is set out for a mission, it has to carry a pre-arranged decoding key (the one-time pad) for decoding the commander’s message sent to it during the mission’s journey. The one-time pad has to be long enough to cover the needs to decrypt all urgent messages of command within that journey. In this movie, the decoded message is about whether the submarine will launch the missile attack on its enemy which will provoke war! So you can see the decoding system is a crucial setup within the navy’s submarine operations.

Of course, whenever the submarine comes back to its base station, it has another chance to “refresh” the one-time pad stock to allow the decoding to be carried out in the next journey.

The one-time pad can never be reused. Otherwise, it will defeat its prime protection feature of being unbreakable by hackers because the keys used appear to be totally random in nature (as there is no repeating sequence). So there is no way the hacker can guess what it is.

And the random generator that generates each one-time pad has to be carefully designed. If somehow, it fails to produce a one-time pad with truly random combinations of 0s and 1s, the encryption key generated from it could be broken. Although I cannot locate the source anymore, I once came across some literature describing an instance during World War II, when the German’s one-time pad encryption system was broken because of an inherent weakness in its one-time pad generator that perhaps was generating one-time pads with statistical bias towards the bit sequence, allowing the allies to finally break the system.

Tags: pseudo-random number generator

If you are interested in knowing the IP address(es) of your DNS server(s), you can access them using Windows 2000/XP/VISTA, by choosing Start -> Run, then typing the word “cmd” in the command window, and clicking OK.

In the command prompt window, type “ipconfig/all” and hit return. This will display a list of network connection information. For example:

From this list, you can see that the DNS server IP addresses are
217.1.32.208 and 215.251.144.126. This machine will query either one of these two DNS servers for any new domain name enquiry.

You may wonder: what if these two DNS servers return a wrong IP address for the domain name you specified? If this happens, you will be re-directed to a wrong site—even though you have typed the correct domain name in your browser.

And this is exactly what a hacker can do. If a hacker attacks a DNS server and maliciously corrupts the information in the DNS server’s database, then all the hosts that rely on this DNS server for domain name resolution could be misdirected to a wrong Internet sever.

This enables the hacker to hijack the Internet connection of the victims. For example, a hacker could re-direct an Internet banking site’s domain name to his or her own server and lure visitors to key in their private login information into this fake website. This allows the hacker to steal this information for the purpose of committing crimes such as identity theft.

Another type of attack involves using similar domain names like paypal.com and paypa1.com. Can you tell the difference between these two domain names? No, we didn’t make a typo! Actually, the first “paypal” ends with a lower-case “l” (L), and the second one ends with the numeral “1” (ONE). In this scenario, the attacker uses various tricks like scam emails to lure the visitors to click a deceptive link in order to direct visitors to their own fake site and obtain private login information as in the first example. The term “phishing” has been coined to describe this type of security breach.

Perhaps the solution to counter these problems is user education. Internet users should be made aware that these kinds of attacks are possible, and learn how to determine that the sites that they are visiting are genuine ones.

Usually, for a website to perform the authentication information exchange with a visitor, such as asking for a visitor’s login information, it will initiate a popular Internet secure communication method called SSL (Secure Socket Layer). You can determine that the website is using this secure method by looking at the address in the address bar: the “https.” part of the address will automatically change to “https.” At that moment, the web server opens an encrypted communication with the visitor by providing its server certificate to your computer. This server certificate can be viewed in your browser by clicking the “padlock” sign. It is usually at the lower right corner (Internet Explorer version 6 and Firefox) or upper right corner beside the address bar (Internet Explorer version 7) of your browser.

If the site is genuine, you can clearly see the site’s URL along with the certificate authority that issues the server certificate (two common certificate authorities are Verisign or Thawte).

Take a look at the well-known Internet banking website, Citicorp. When you pull up the Citicorp banking login screen, click on the padlock as described above to display the website’s certificate. Note that this one is issued by Verisign.

If you click on the option “View certificates” you can view more detailed information of this server certificate:

Here you can verify that the certificate is of the domain “citibank.com” and the certificate has not yet expired.

After completing validation process, you can now safely enter your login information with confidence, because the site is very unlikely a fake site. If you following these steps every time you access a secure web site, you can avoid becoming the victim of a DNS attack.

Tags: Domain Name Server, identity theft hacking