Home » 2006 » February (Page 3)

MSE/PE 的實做

看到 Bittorrent 的 Protocol header encrypt(PHE)、Message Stream Encryption(MSE)/PE 這篇提到:

另外,和 rxlin 討論的時候,他有提到說都公佈了實作部分的話,那是不是 ISP 也知道怎麼擋了…-_-|

SSL 也公佈了實做的部分,你目前有辦法截聽內容嗎?同樣的思路放到這邊來,我只要把固定字串的判斷改用密碼學裡面的方法,是不是也可以達到「無法偵測」的效果?

目前 MSE 1.0 版是透過五個步驟把資料送出去:

A->B
Diffie Hellman Ya (96 bytes)
PadA (Random, 0 ~ 512 bytes)
B->A
Diffie Hellman Yb (96 bytes)
PadB (Random, 0 ~ 512 bytes)
A->B
HASH('req1', S) (16 bytes)
HASH('req2', SKEY) xor HASH('req3', S) (16 bytes)
ENCRYPT(VC, crypto_provide, len(PadC), PadC, len(IA)) (Random, RC4)
ENCRYPT(IA) (Random, RC4)
B->A
ENCRYPT(VC, crypto_select, len(padD), padD)
ENCRYPT2(Payload Stream) (這邊開始傳實際的內容)
A->B
ENCRYPT2(Payload Stream) (這邊開始傳實際的內容)

前面兩個步驟是雙方先各自產生一個 Xa 及 Xb,然後各自計算出 Ya 及 Yb 丟給對方。對方收到後用自己的 Xb (或 Xa) 與 Ya (或 Yb) 運算,就會得到 S,也就是規格裡面這段:

DH secret: S = (Ya^Xb) mod P = (Yb^Xa) mod P

這就是 D-H exchange,如果你問,在得知 Ya 與 Yb 後,是否可以求得 S,或是更強烈,直接求得 Xa/Xb:這是密碼學上的 ,目前 768 bits 的強度已經足夠應付藍星的 P-Cube 或是其他類似的設備。

接下來的 SKEY 是 .torrent 檔案裡面的資訊,第四步的 ENCRYPT 是 RC4,最後面的 ENCRYPT2 是選用 plaintext 或 RC4 編碼,但到這邊的 offset 已經不固定了...。

以這個架構,目前看不出來要怎麼擋。也許是透過軟體實做上的瑕疵 (像是亂數太過規則之類的),不過這個就算發生,也只是那套軟體的問題。另外一種可能是透過 MSE 在大量連線上可能造成密碼系統的弱點,不過到時候 2.0 版又會跟著出爐...

Komica RSS

的 RSS。

放在 http://bsdrss.com/komica/,裡面那堆 .xml 就是每個討論區的 RSS feed。另外有個 komica-pl.txt 是 Perl script。

Update:我用 訂閱,看不到圖。我正在解決,但如果你知道原因,麻煩留個言或是 mail 給我,謝謝。

Update:我知道原因了 (Referer),正在用另外的方法解決 :o

K2 Forums

(也就是我現在用的這個 Theme 的發展團體) 現在是用 ,我有架過 (在 vanilla UTF-8 修正 這篇),也用過一陣子,的確不好用,所以他們決定換軟體:vBulletin Donation Drive

We've now been using these Vanilla forums for a good while now, and the traffic has skyrocketed way beyond anything I could've hoped or imagined for.

I've noticed however, that I am continually lost in the massive activity on here. It's hard to really keep track of what's new and what belongs where. It is of course not helped by the fact that the current beta I've installed is quite buggy; but I'll take full responsibility for that,

Anyway, I looked a bit at the other solutions out there, specifically what solutions that are being used on the forums I otherwise frequent. And as near as I can tell, vBulletin is the best solution out there at the moment. It's highly customizable, well supported and it works very very well. There's only one problem, it costs money.

$160 to be specific.

So Chris and I agreed to try doing a small donation drive to see if we couldn't raise the money to buy a license for vBulletin.

So what's in it for you? Well, if you feel like I do, that the current forums are a bit hard to navigate, your reward will be a better forum. Also however, we'll do a tribute page, on which your name will 'weigh' as much as your relative donation. (If you don't want your name on the donation page, make sure to note that down).

Make sure to include a URI to your site, if you have one.

Update:捐款已經到 140% 了 :)

Update:新的 forum 已經上線了,公告的文章在這:IMPORTANT: NEW FORUMS!,而 forum (vBulletin) 在這:

當然,一樣有 RSS 可以訂閱 :)

Gmail

發現 裡面的 Javascript code 又有新東西了:More code foreshadowing perhaps?

這次是 Voicemail:

var hZ="inbox, star, starred, chat, chats, draft, drafts, sent, sentmail, sent-mail, sent mail, all, allmail, all-mail, all mail, anywhere, archive, spam, trash, read, unread, voicemail, voicemails";

以及

var Js=new AG(["gmail.com", "googlemail.com", "google.com", "evite.com"]);

之前放到 上的 code 被發現以後很快就公佈服務了,這次應該也是?

的功能愈來愈多了...

Archives