Cryptography I course by Stanford

Online learning has gained much popularity these days. One of these courses is Cryptography I taken by Prof. Dan Boneh of Stanford University through Coursera Inc. I highly recommend this course for those who want to start learning this subject. Even if I have studied few topics of the subject back in college and done some self-study in it, I found the course to be somewhat different. The way of teaching is too good. The course material is a balance of both theoretical and practical aspects and it also highlights some of the open problems in cryptography. The learners need to watch few videos each week and need to answer questions at the end, which they get points for. There is a final test at the end of the course. After successfully taking the test, a certificate of accomplishment is generated within two to three days for the participant. I am waiting for its advanced course: Cryptography II. Readers are suggested to go through the references mentioned below for these courses.

References:

 Coursera

 Cryptography I

 Cryptography II 

SSH protocol overview

Secure Shell, as the name suggests, is a protocol for getting a shell which can be used to securely execute commands on a remote machine. It supports several other features too. It is a combination of three layers of protocols namely, Transport layer protocol, User authentication protocol and Connection protocol [See references below for RFC links]. 

Transport layer protocol provides confidential channel over insecure network. This layer provides server host authentication, key exchange, encryption, integrity protection. It derives session id that may be used by higher level protocols.

User authentication protocol provides a suite of mechanism that can be used to authenticate the client user to the server.

Connection protocol specifies a mechanism to multiplex multiple streams (channels) of data over the confidential and authenticated transport. It also specifies channels for accessing an interactive shell, for proxy-forwarding various external protocols over the secure transport (including arbitrary TCP/IP protocols) and for accessing secure subsystems on the server host. 

OpenSSH is a wonderful implementation of SSH available online [See below for references].

Few references:

 SSH Protocol Architecture

 Transport Layer Protocol

 User authentication Protocol

 Connection Protocol 

 Wiki-SSH

 OpenSSH
 Wiki-OpenSSH

crypt function in Linux

Here is a function provided to encrypt a given key with a provided salt. The signature of the function is as follows:
 
char *crypt(const char *key, const char *salt);
 
If a salt given has a format of "$.$...$..." i.e. normally of the hashed password stored in shadow file (look for my previous blogs on shadow file), then the function will interpret the salt and get the type of hash to be used. A hash type could be of MD5 ($1$), SHA256 ($5$), etc. This way one can hash a password provided by a user (the argument 'key') and match/authenticate with the one stored in the shadow file. This function is highly recommended not to be used for any other purpose except authentication. Readers are recommended to go through its manual page and understand its usage. 
 
Here are some references:
man 3 crypt
gnu_libc_crypt
man7_crypt

Linux shadow and passwd files - an introduction

A user's credentials and password related information are maintained in shadow file in Linux. The file requires root permission to be read. It has the following construction:

username : hashed passwd with salt and type : last passwd change day : minimun days to change passwd : max passwd lifetime : warning period : grace period : account expire day

Days above are in refernce to last passwd change day (calculated from epoch, 01/01/1970) and max passwd lifetime. They can be changed as required. In grace period, a user is asked to changed the passwd as soon as s/he logs in whereas in warning period, which is calculated from max passwd lifetime, the user is just thrown a warning message saying when the passwd will expire. The account lock day is the day after which the user is not allowed to login. There are several utilities which can be used with appropriate options to manipulate these entries in shadow file.

A passwd file is a file which stores user information. It has the following construction:

username : user id : group id :full name : home dir : shell

The last field, shell, is the default shell given to the user after login and home dir is its home directory.

The above words are used so as to convey the information. More information comes in a follow-up blog with references. 

Functions to get and set shadow and passwd file values

An introduction was given about the shadow and passwd files in linux in my last post. Here are some of the functions with their signatures which are provided to get/set values from/to these files:

struct spwd *getspnam (const char *name);

Following is the structure which gets populated if the user is present:

 struct spwd {

     char *sp_namp;

     char *sp_pwdp;

     long sp_lstchg;

     long sp_min;

     long sp_max;

     long sp_warn;

     long sp_inact;

     long sp_expire;

     unsigned long sp_flag;

};

Following are the functions which may be used to get entries one by one:

void setspent (void);

struct spwd *getspent (void);

void endspent (void);

Following function deals with passwd file entries:

struct passwd *getpwnam (const char *name);

It returns following structure:

 struct passwd {

     char *pw_name;

     char *pw_passwd;

     uid_t pw_uid;

     gid_t pw_gid;

     char *gecos;

     char *pw_dir;

     char *pw_shell;

};

An exhaustive explanation and lists of functions, their return values, header files to include, etc may be found in their manual pages i.e. man 3 getspnam, man 3 getpwnam, etc and the above definitions of structures and functions signatures are taken from these manual pages itself.

Working with form object in javascript

It took me three days to learn and come up with a solution of how to handle the event of updating a column based on any change in some other corresponding row with some operation being done.

For example,the following function takes the index 'k' of a text field in the first form in the document and handles two successively next text fields.It multiplies the integer entered in the text field at index 'k' with a float at index 'k+1' and writes in the text box at index 'k+2'.This can be done for any number of rows in the table provided the corresponding index is given.The function is as follows:

function total(k){

oForm = document.forms[0];

oText1 = oForm.elements[k];

oText2 = oForm.elements[k+1];

oForm.elements[k+2].value = parseInt(oText1.value) * parseFloat(oText2.value);

}

The radices may be checked according to use.

From html part,the above function can be called from the text box having index 'k'.I used 'onkeyup' to call this function with an index 'k' which had value according to the index of the text box.The reader may work on the probable index according to his/her use which may include the number of columns in the table.

Any other inputs from readers are welcome and appreciated.Thank you all for reading.

Summer school on security and privacy,2011

Many days have passed when I attended summer school on security and privacy conducted by Microsoft this year.But memories are still there based on which I am writing this blog.It has been a great learning experience where I got to listen to eminent speakers from different geographies in an environment of several budding researchers not only from India but also from abroad.I had a chance to talk to several scholars of masters and PhDs from different universities in India.All of them had a fire in them to do something under this umbrella.For the first time I came across the topic called "privacy" in so much of detail.Several topics in security and privacy were taken up which were more than sufficient to light up the same fire in me to go deep into this area.I must say that the researchers from Microsoft are very helpful and whatever I had questions about,were answered by them.I appreciate several activities like panel discussions,question-answers,group picture,etc which were taken up during the school.The readers are suggested to go through the website Summer school on security and privacy, 2011 to have a detailed information about the topics covered,the speakers and for future reference which may be useful for them to apply for the next summer school.At the end I would say that overall the summer school was very much useful for me to decide my career path and to have a knowledge of not only several topics but also what and how different researchers think and work.

Last week experience

So now as I am sitting idle and looking back, I realize that everything was for a reason. Last week was a very learning experience for me when I was working in a team. I never came across learning anything that a manager does but it was the week when I learnt several activities that a program manager does. A very energetic man that I came to know even more was Peter. He has immense energy and working power. Kara, Lucas, Sayanta, Sayan and Jenn were my team members. I learnt various lessons from each one of my team members. Here is a guy named Adam who has the capability to accept even the failures. It was the time when he unknowingly taught me the art of acceptance. A very intelligent pretty girl I came across was Anna who, at least I would say, is by far the fastest note taker that I have seen. Everyone in the group has something to share.

One of the lessons that I got was that even if I had worked on similar projects earlier, I had to struggle hard to learn and then implement the technology I was new to, though the concept remained similar. Overall it was a great week for me for everything I learnt and experienced.

I don't know when and where I will have a chance to work with such a great team.

ns installation and configuration.

After a lot of hurdles finally it was possible for me to configure ns and I am now able to successfully run a script.

Following link provided me the necessary setup:

http://www.isi.edu/nsnam/dist/release/

Steps that i followed were :

tar -xzf "package-name-of-ns-without-quotes"

cd "directory-name-of-ns-without-quotes"

./install

gedit ~/.bashrc (appended at the end of this file)

export PATH=$PATH:"path to the directory location of ns with the directory-name of the package without the quotes"/bin:"path to the directory location of ns with the directory-name of the package without the quotes"/tcl8.5.8/unix:"path to the directory location of ns with the directory-name of the package without the quotes"/tk8.5.8/unix

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:"path to the directory location of ns with the directory-name of the package without the quotes"/otcl-1.14:"path to the directory location of ns with the directory-name of the package without the quotes"/lib

export TCL_LIBRARY=$TCL_LIBRARY:"path to the directory location of ns with the directory-name of the package without the quotes"/tcl8.5.8/library

and then

cd ns-2.35 (in the ns directory)

./validate (this will take about one hour, atleast it took on my system)

The reader may have to install some other packages like autoconf,automake,libxmu-dev, libxt-dev,libx11-dev,gcc/c++,x11proto-dev.

A tutorial that I followed:

http://www.isi.edu/nsnam/ns/tutorial/index.html

Useful instructions for installing and configuring is also given at:

http://nsnam.isi.edu/nsnam/index.php/Downloading_and_installing_ns-2

Adding repo in ubuntu

Found "https://help.ubuntu.com/community/Repositories/Ubuntu#Adding Repositories in Ubuntu" and "https://wiki.ubuntu.com/LucidLynx/ReleaseNotes#Sun Java moved to the Partner repository" very much helpful for adding repo and installing java.It solved many problems that i faced earlier.

For configuring the system,following command may help :

sudo update-alternatives --config java