Scattered Thoughts

Well guys, here's the first of many letters from our friend and brother, Mojo.

Enjoy!

Dear Tom (and everybody else),

"Rockin' out in Hell's Corner!!!"

Like I said, I'm going to write him back in a week and include all of the comments made to this post. If you would like his address to write him personally, let me know and I'll get it to you offline.

peace out all!

tm

Ok, so I want to get outside this next weekend since it will be beautiful (assuming the rain stays in Friday and doesn't come into Saturday). This getting outside will hopefully include a camping trip to Muscatatuck State Park to do some bouldering as well as a trip to Unlikely Wall in Bloomington to do some trad climbing, gear permitting.

If you are interested, shoot me an IM, e-mail, comment, whatever and I'll take you along.

I'm especially looking for someone who has 2 or 3 quick draws that can be brought as well as their own shoes and harness. I know that's not many of you, but if you can't come up with the gear, we can share, makes no difference to me. The draws are for the Unlikely Wall excursion simply because I have three, and most routes there require 5 or 6. I have a rope, so that's not a concern.

I can furnish tentage for up to four or five people; depending on how cramped we want to be in the tents. I also have a white gas stove that we can use to cook hot things, but I will need to go out and buy some white gas (unless someone coming wants to share theirs).

So anyway, give me a shout if you're interested, if you're not, I'll have to go it alone, which is no fun for nobody.

peace out all

I remember when I was young, when all of my friends were young, when I believed that those who are elected into office have the best interest of the people they lead at heart…

Long gone is that time, sadly.

I will admit, the first time I voted I didn't really know what I was doing. I went with my mother. She told me what I needed to do before I voted, she told me about the candidates, she told me how to run the machine, she even told me how to make it all easier. "Just go into the booth and push the button that says 'Vote Republican' and then you're done. If you want to vote for someone else, go ahead. It's just easier to vote a straight ticket."

I didn't know what was going on, and for that reason, I wanted it to be over as quickly as possible. I pushed the dreaded "Vote Republican" button.

If I would have known that the vote I cast that day was a vote for sending my friends into Iraq and Afghanistan alongside 1,060 other Americans who would be forced to make the ultimate sacrifice, I would not have cast it. If I would have known that with my vote, valuable research that could save the lives of thousands of Americans would be in danger of losing its funding, I would not have cast it. If I would have known that voting meant giving everyone a "tax-break" to boost an economy that was struggling because of poor monetary policy set forth by the man I helped put in power, I would not have cast my vote. If I would have known that the leaving no child behind would put undue stress on our nation's educators to get test scores up; stress that would result in some school systems not allowing students to score below a 50% on an assignment or exam, even if they turn it in late or not at all, I would not have cast my vote. If I would have known that beliefs that are not mine would be pushed my way when the man I voted for made it into office, I would not have cast my vote. If I knew I was voting for a man who would rather bulldoze our natural resources, our forests, our mountains, our public land and turn it into privately owned plots set aside for big businesses to expand and build, I would not have cast my vote.

Hindsight is 20-20. I know now that the man I voted for does not believe in what I do. He does not see the value of scientific research aimed at healing ailments such as paralysis. He does not believe in conserving our environment the way that I do. He does not see that his education plans are empty, ill funded pieces of legislation that will not succeed in anything more than weakening our education system with grade padding and un-fair grade reporting. I voted for a man who does not understand simple economic principles.

He does not see the consequences of his actions.

And that makes me angry…

I had the privilege today of listening to a speech given by Lee Hamilton, Co-chairman of the 911 Commission. It was completely by chance, I wasn't planning on attending the lecture at all. Here's how it came about:

I'm sitting there in Marketing today. Our professor is finishing up with one PowerPoint presentation starting another and the software, just like any good Microsoft software, decides to crash. He says "That's ok, Lee Hamilton of the 911 commission is speaking in the Union, somewhere in ten minutes. I want to go see him, so read about placement and we'll discuss it on Monday."

"Kickass" was my first reaction, and then I thought "Lee Hamilton, that'll be an interesting speech." So I went to the union right to the Wittenberg Auditorium, the only room in the union to hold an event of that size, and barely made it into the lecture.

Anyway, enough about how I got there, time for my perception of the speech.

After listening to him for an hour and a half, I can't tell you which way he is going to vote in this next election. He's an intelligent individual with a great talent for public speaking; exactly what you would expect from a former congressman.

The speech outlined some of what the commission accomplished as well as some of the proposals placed forth in the 911 report. Interestingly enough, the 911 report has made its way to a national bestseller, right up there with Harry Potter.

But I digress. I'm not going to summarize what he spoke about; instead I will relate the subject to the debate that happened this evening. It was the first debate that I saw live and frankly I wasn't impressed with Dubbs at all. First of all, I couldn't stand to look at his crooked face for more than 20 seconds at a time. His mouth sags to the left, and his left eye is higher on his face than his right.

But that's not the point.

The point is that after listening to both Kerry and Bush talk about the "War on Terrorism"; I have decided that my vote is going to go for the individual who is going to at least consider the recommendations made by the 911 Commission. That individual is John Kerry.

I don't have enough space here to discuss why Kerry is going to follow the report and Bush isn't, so if you want to talk to me more about it, hook up with me offline.

That's all for now.

The End-of-the-Blog Rundown

Song of the Day – Headlights – Dispatch

Quote of the Day – "I was giving a speech and mentioned that I voted 16,000 times while in the Congress. One of my constituents called me that day and said that retirement was the only decision that he agreed with." –Lee Hamilton, on his retirement from politics.

Hero of the Day – Professor Kitsmiller for letting us out of Marketing to listen to Lee Hamilton.

Current Mood – – Relaxed for the first time in a couple weeks… and it's AWESOME!

Until the next post…

Diffie-Hellman Key Exchange

Thomas Mason

What is Diffie-Hellman Key Exchange?
In the world of electronic communications, we need a way to communicate sensitive information securely. To most people, this means that we must encrypt the data using some sort of encryption algorithm; however, encryption alone does not ensure a secure transfer. We must develop a secure way to transfer the encryption key without giving it away to any malicious third party. This can be done with Diffie-Hellman Key Exchange.

How does Diffie-Hellman Key Exchange work?
Mike and Ike would like to make a secure connection to each other to make a bank transaction. They both decide on a random number, called the generator, (g) and very large prime number (p). Individually, they each select a secret key (sM for Mike and sI for Ike), and from that secret key, they calculate a public key (yM = g^sM mod p for Mike and yI = g^sI mod p for Ike).

Once p, g, s and y have been determined, the two parties exchange their public keys on the insecure channel and each calculate a crypto-variable (c) of the form cM = yI^sM mod p for Mike and cI = yM^sI mod p for Ike. Now, assuming the information is transferred without a man-in-the-middle attack, Mike and Ike will derive the same crypto-variable. Remember that yI = g^sI mod p and yM = g^sM mod p. If y is replaced in each equation, the result is c = g^sIsM mod p. A shared secret key has now been established for data encryption without each party giving away their secret key.

What is a ‘Man-In-The-Middle’ Attack?
Not everyone in the world has good intentions online. The “man-in-the-middle” is an attack in which a third party, Seth, listens to the data being transferred between Mike and Ike. Intercepting the communications is easy because all communications are transferred over the insecure channel, also called “in the clear”. Being able to decrypt them is not easy without knowing the values g, p and y because the encryptions are “one way functions”. In order to do this, Seth simply listens to the transfer of g and p and remembers the values. He then intercepts the public key from Mike (yM) and calculates a crypto-variable as cSM = yM^sS mod p and sends this value to Ike. Seth also intercepts the public key from Ike (yI) and calculates another crypto-variable cSI = yI^sS mod p and sends this value to Mike.

Since Mike and Ike both think that they have devised a shared secret key, they begin encrypting all of their data using this key and sending it out into the insecure channel. To both Mike and Ike, their transmissions sound like noise, so they are ignored; but to Seth, they are intelligible messages. He grabs all of this data, decrypts it, and re-encrypts it, using the keys he derived, and sends it on its way.

Once the messages are re-encrypted, they make sense to both Mike and Ike, so they decrypt them and read the message. Since Seth is reading all of the information, he can also change some of the information before sending it on its way. This makes the messages that Mike and Ike receive unreliable and inaccurate.

How can I stop a ‘Man-In-The-Middle’ attack?
Stopping a man-in-the-middle attack is just as easy as launching one. There are a couple of methods in use to stop this kind of attack being used today in secure transactions. We’ll explore a couple of them.

Method 1: Certified Public Keys
A public key is the y value that an individual can compute given a static p and g. Anyone can register one of these keys with an agency like VeriSign. Once the key is registered, it becomes a certified public key. These agencies function as large phone books, keeping record of thousands of public keys and to whom they belong. VeriSign will allow anyone to see the keys on their list as well as to whom the keys belong. For this example, assume Mike and Ike are both banks that have a certified public key and would like to transfer account information in the clear. They look into VeriSign’s database and find each other’s public key and compute a crypto-variable (c). They each then follow the steps above to establish communications. After they have derived a crypto-variable on their own, they compare that value to c, the value computed from the key in the VeriSign database. If the values do not match, they repeat the process until they have established a secure communication channel.

Method 2: Anti-spoof Variables
An anti-spoof variable is a variable used to verify that a spoofer (man-in-the-middle) has not intercepted communications. At both Mike’s and Ike’s computer stations, there is an auxiliary screen. This screen is used to display a short anti-spoof variable; a value calculated as a function of the crypto-variable that both Mike and Ike derive using the default method. After the crypto-variable is computed, the auxiliary screens calculate the anti-spoof variable – by converting the crypto-variable into a four digit hexadecimal number – and then display the result. Mike then calls Ike via the telephone and ensures that the number is the same on both ends. If the number is not the same, Mike and Ike know that their system is under a man-in-the-middle attack and must re-establish the connection.

Method 3: Netkeys
A netkey is simply a value that is computed by each party in a secure communication. Each client has a table of common netkeys. Before a secure channel is established, Mike and Ike will determine if they have a shared netkey. This can be done by exchanging their netkey tables, or simply by asking value per value, if they have the same key. If there is a shared value, then they calculate the crypto-variable as before and concatenate the netkey onto it to ensure its integrity. If the two crypto-variable, netkey combinations are not identical, then the system is under a ‘Man-In-The-Middle’ attack and the channel must be established again.

So what does this all mean to me?
Translated to layman’s terms, this means that using Diffie-Hellman Key Exchange alone is not sufficient to ensure secure data transfer between two parties. It must be used in combination with one of the above methods to prevent a ‘Man-In-The-Middle’ attack.

Sources

1. 3.6.1 What is Diffie-Hellman? RSA Labratories. 2004. http://www.rsasecurity.com/rsalabs/node.asp?id=2248.
2. Maher, David P. Secure Communication Method and Apparatus. United States Patent and Trademark Office. Patent 5,450,493. September 12, 1995.