<body> The Walks and Talks
Me
WalkerGal, a proud feminist.
Middle child since 29 Aug 1983.
Christian.
Believe that the term 'justice' is all human defined and only God knows rights and wrongs.
Love the outdoors because can't stay at home.
Individual FYP: Fighting Internet Banking Threats: Phishing and Spyware.


Favorites
God, Family, Class 95FM, Newspaper, Magazines, fish, tofu, mushroom, bittergourd, wholemeal stuff, sashimi, sunnyside up, fruits, guitar, singing, running, swimming, cycling, driving

Vices
Dark Chocolate, Mushroom Swiss, Beer

Wants
May Graduation Trip
Mizuno court shoes
Running socks


Talk to me





EHoftheDay

"I'm not afraid of storms, for I'm learning to sail my ship." -Louisa May Alcott

Travel PeekaBackpacking

Japan/Japan-Korea Backpacking

Old
Hack Sack
Moving on to bigger things
The Coffee Story - Part 1
Biennale Art
Protective.. Good or Bad.
Networking
A Simple Life
No Rest.
Good night
oh Great.


Older
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008


My Church: Glad Tidings Gateway
4 Changi South Lane
#06-01, Nan Wah Building
Singapore 486127

Church Mission Statement
A Church Called,
and Empowered by the Holy Spirit
to be a Gateway to God and to the Nations,
Bringing Glad Tidings to the World.

Blog Links

tHE GALS

  • Alina
  • Alison
  • Carina
  • Celine
  • Charmian
  • Christina
  • Faith
  • Gladys
  • Huiping
  • Jiahui
  • Kyreen
  • Meilan
  • Pearlyn
  • Rita Big Sista
  • Sherryn
  • Sophia
  • Yinghuan
  • Xiao Xuan

    tHE BOIS

  • Alson
  • Barnabas
  • Zhiwei
  • PK


    Style Clicks..

  • London
  • Amsterdam
  • Helsinki, Finland
  • New York
  • Singapore

    Food Clicks..

  • OMY
  • Blurbme
  • Camemberu
  • Foodie Paradise
  • IeatIshotIpost
  • HisFoodBlog
  • Timeless Facade
  • Sparklette
  • Long Name
  • WhineAndDine

    Life Clicks..

  • One Life Experience
  • World Vision


    Thanks
    Designer of background, navigation: fedora_girl :)
    Main Image: walkergal ;)
    Font: walkergal edited
    Edit: picasa


    Now Playing



    Leisure Clicks..
  • Class 95FM Radio
  • Channelnewsasia.com
  • The Edge Radio
  • The Cool Hunter

    Dining Dreams..
  • Graze


    Silver Ribbon Singapore


    Disclaimer
    This is WalkerGal's Shell Wall. The Walks and Talks expressed in this blog belongs solely to The Writer aka WalkerGal. It is for her to vandalize and for you to read only. Tag WalkerGal at your own risk.

    bless you
    Be sure to do what you should, for then you will enjoy the personal satisfaction of having done your work well, and you won't need to compare yourself to anyone else. For we are each responsible for our own conduct.
    Galations 6: 4,5

    Randoms


    Sing With Me

    AMAZING GRACE lyrics

    Travel Map


    • Saturday, November 24, 2007
    The Name Game

    State: Dry Theos.

    I'm very sad for Ooi Eu Jin's family and loved ones..
    He is clearly a great brother, son, student, boyfriend, and a leader.
    Learning about him through this blog created in membrance of him, I'm glad that he made a difference in so many people's life.

    A role model. First class honour MAE graduate from NTU. A senior China GIPer...

    To his loved ones, stay strong always. Know that he had made that difference in you and continue to keep putting in your effort and maintain it. Don't let him down. Let him always be smiling.
    ____ . ____

    Confidentiality is achieved by encryption.
    Data Integrity is achieved by Message Authentication Code (MAC).
    Non-repudiation is achieved by Digital Signature.

    Sniffing attack is foiled by encrypted password.
    Encrypted password still a victim to Replay attack and Dictionary attack.

    One-time-use-then-throw password is a victim to Preplay attack. The attacker can talk to A first, get the response, and talk to B as if it is A. B will think he is talking to A.. but B is actually talking to attacker.

    Salt is a random number when put into same encrypted passwords, it will result in different outcomes. This can void Replay attack. The bigger is the salt, the higher the hacking effort needed.

    Session key is a temporary key that is used only during a conversation and is disgarded after conversation ends. Why? Because this can limit the amount of cryptograms that are available for cryptanalysis. This also prevent attackers from compromising the conversation again next time. If the same session key was used again and the last conversation was compromised, then the conversation will definitely be compromised again.

    Reflection attack can be foiled when the final returned nonce is different from the encrypted sent nonce.

    Secure Socket Layer (SSL) cannot prevent phishing because a phished website can have a valid SSL certificate.

    Here's a part where Eve complains that she is unjustly being labelled the attacker.


    Needham - Schroeder Public Key Authentication Scheme needs correction because its previous scheme is susceptible to Interleaving attack. When A wants to talk to M, A sends A's nonce to M. M is targeting to get B's nonce. So M will get A's nonce and send it to B as if A wants to talk to B. Then B will reply A with B's nonce together with A's nonce encrypted by A's public key. M doesn't have A's private key, so will forward B's reply to A. A opens it thinking that the nonce is from M. To verify that A received it from M, A will send the received B's nonce to M. There you go, M successfully gotten the desired B's nonce.

    The correct scheme is as follows: When A wants to talk to M, A sends A's nonce to M. M is targeting to get B's nonce. So M will get A's nonce and send it to B as if A wants to talk to B. At this point, B will reply A with B's nonce together with A's nonce AND B's identity to state that the nonce belongs to B, encrypted by A's public key. Once again, M will forward B's reply to A and A will realised that B is the one A is talking with and not M. This basically foils M's plan. This is the correct working Needham - Schroeder Public Key Authentication Scheme.

    What about Needham - Schroeder Secret Key Protocol?

    Its just as simple.

    The corrected protocol runs this way. A will send its id to B requesting to talk to B. B will encrypt idA and B's nonce back to A using B's shared key with Trent. A will forward the encrypted reply to Trent, in addition, also A's id, B's id, and A's nonce. Trent will open B's encrypted reply, check that the nonce really belongs to B, then reply A with an encrypted A's nonce, B's id, sessionkey for A and B, and also encrypted reply to B with A's id, B's nonce, and sessionkey for B and A. A upon receiving will forward Trents encrypted reply to B. B will then reply A with a nonce encrypted with the sessionkey given. A will reply B with a different nonce encrypted also with the sessionkey given by Trent. The fact that a different nonce is used is to prevent reflection attack from happening.

    Diffie-Hellman Key Exchange Protocol although was successful at first due to both A and B has their individual secret number, it is computationally infeasible for M to figure out their secret number. However, it was then discovered to be susceptible to Man-in-the-Middle attack.
    Why? Because it does not perform Authentication.

    M can intercept when A first exchange the mod equation with B. M can change the unknown A's secret number to M's own secret number despite not knowing it, put into the mod equation and then send to B. Similarly, M will do the same when B exchange with A. The resulting mod equation will have M's secret number and M can derive the final mod value of both A and B eventually.

    To twist M's plan, Diffie-Hellman Key Exchange Protocol got corrected by tagging a simple password in it. Both the password used by A and B will be the same.

    When A exchanges with B the mod equation and vice versa, it will use the password to encrypt first then send. When M tries to perform Man-in-the-Middle attack again this time, it will end up getting guessed password attempts with its own secret number in it... upon decryption, it will lead to a' and b' for both A and B secret number, instead of getting a and b. Hence M won't be able to attack this time.

    What is padding?
    Padding is basically tagging null or garbled values to the ending block of a message before encryption so as to ensure all the message blocks are of the same length.

    Why is padding required?
    The length of the plaintext block and ciphertext block will be the same. Hence if the ending block is not padded, the attacker can easily find a matching ciphertext block with its corresponding plaintext block.

    The reason why passwords are used for authentication.. instead of some secret-key or public key cryptography...


    This ain't rocket science.
    ____ . ____

    Before I start driving out on roads.. here's what I'll do first:
    1. Get the yellow probation triangles.
    2. Learn how to park on normal carpark lots... During the test we got poles to guide us.
    3. Learn how to drive up a multi-storey carpark.
    4. Learn the routes, expressways.

    *****

    Okay! Later gotta lead GEL worship, bible study, then back to palace! Got my 3 songs ready... Just got to rush to church on time to hit on my c-60. Hope I won't doze off on the snail train!


    WalkerGal walked on the sunny side.
    1:53 PM.