[FWD] SRP Protocol Design

SRP Protocol DesignSRP is the newest addition to a new class of strong authentication protocols that resist all the well-known passive and active attacks over the network. SRP borrows some elements from other key-exchange and identification protcols and adds some subtle modifications and refinements. The result is a protocol that preserves the strength and efficiency of the EKE family protocols while fixing some of their shortcomings. The following is a description of SRP-6 and 6a, the latest versions of SRP: N A large safe prime (N = 2q+1, where q is prime) All arithmetic is done modulo N. g A generator modulo N k Multiplier parameter (k = H(N, g) in SRP-6a, k = 3 for legacy SRP-6) s User’s salt I Username p Cleartext Password H() One-way hash function ^ (Modular) Exponentiation u Random scrambling parameter a,b Secret ephemeral values A,B Public ephemeral values x Private key (derived from p and s) v Password verifierThe host stores passwords using the following formula: x = H(s, p) (s is chosen randomly) v = g^x (computes password verifier)The host then keeps {I, s, v} in its password database. The authentication protocol itself goes as follows: User -> Host: I, A = g^a (identifies self, a = random number)Host -> User: s, B = kv + g^b (sends salt, b = random number) Both: u = H(A, B) User: x = H(s, p) (user enters password) User: S = (B – kg^x) ^ (a + ux) (computes session key) User: K = H(S) Host: S = (Av^u) ^ b (computes session key) Host: K = H(S)Now the two parties have a shared, strong session key K. To complete authentication, they need to prove to each other that their keys match. One possible way: User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)Host -> User: H(A, M, K)The two parties also employ the following safeguards: The user will abort if he receives B == 0 (mod N) or u == 0. The host will abort if it detects that A == 0 (mod N). The user must show his proof of K first. If the server detects that the user’s proof is incorrect, it must abort without showing its own proof of K. A paper describing this protocol is also available, as well as a conference paper describing an older version of the protocol.

Read More

know is not meaning familer and professional

know is only know the wear. not the body inside.

not familer and professional.

所以尽管新毕业的学生会在简历中写到熟练XXX  再经过了几年实际的工作后, 反而会减少这些字眼 换之 严谨的说法, 对XXX有一定的了解和应用经验。并列举一些实际的内容。

今天TJ ask us what the content we have learned on my colledge. computer graphics, computer architect, operation system. and the like.  i say i know it , but not famlier with them. and i seldom use some knowledge of computer graphics, and without using computer architect.  我说的是实话。 有些课程我似乎真的没有直接的用到, 也许是因为所处的领域不同吧。

那我回过头来想想我现在对哪些算是熟悉的呢? 我想应该是如下几点,

 1, 多线程

2. 数据库设计(包括存储过程和表结构设计 查询优化等 mysql oracle ms sql)

3.socket network programming  (得益于cmpp sgip 项目 和tptfw )

4.mobile platform (javame symbian iphone <game>) /GameServer (use java nio) /

5.custom script engine for rpg game (used in my not success project)

6. some code tips. (reuseable design ,architect tech design)

7. Bigworld engine based programming. (python mainly )

8. Freebsd linux configuration. (Including bigworld server construct because i have get CCNA in 2002 for ehance my network programming level)

9. normal cms (jo0mula,wordpress , trac svn integrated, cpanel) 

10. 3D programming concept  ( not all only object transform based on quanterion)   unity3d (3 months)

Read More

别忘了订阅RSS

推荐 5# 的技术blog 

那么再多说几点矩阵。有些系统习惯把坐标定在屏幕中央,也就是r=-l,而我喜欢定在左下角,就是l=0。而3d投影变换趋向于前者,而2d则趋向于后者。那么且看3d透视变换。如果r=-l时,我们发现2n/(r-l)=n/r,而这正好是fovX;而且我们的屏幕比通常更容易知道,因此也很容易计算出fovY。因此大部分的系统计算矩阵时候的参数演化成,fovY和aspectRatio,而这两个也更容易操作。这个方法与问题本身又变远了。

更多-> http://wuh101.spaces.live.com/blog/cns!FE3D0072AB9A5D3!214.entry#comment

还有 Troy.Dunniway的双语BLOG  即将连载 英雄之旅 1 讲述游戏设计相关的

Read More

泰达罢训,这里没有钉子户,换个法吧。

天真的以为 俱乐部真的不会清洗, 既往不咎, 这帮孩子太天真了。现在俱乐部睚眦必报了, 人为刀板,我为肉丸。抛开谁是利益的最大获得者不说, 就像是鱼和水组合起来才是一个整体, 没有鱼, 水那还算个屁啊。资本的意志啊,资本除了想赚钱 还想多插一腿。其实大可不必, 共同经营各取所需就很好啊。干嘛非要争个什么劲啊。资本方当然想拼命压缩成本了, 偏偏又太过于急功近利,再怎么着也得考虑一下核心球员的感受吧。现在是市场经济时代了, 天津爷们是踏实, 那也得差不多啊, 支持泰达队的爷们跳槽, 干嘛还伺候这帮孙子呢。
要不就走走法律途径, 找劳动冲裁什么的。大好的时光要是因为小人而耽误了, 他们早晚会有报应的。有钱的不会永远是大爷的, 就算是大爷也得艺术点, 回家偷偷数钱就得了, 没人和你争。你干嘛扣扣索索的,跟一帮孩子较劲,你心里有天津足球吗? 还敢说自己是为了天津的足球XX的。小气就别玩了, 玩点什么玻璃球啊得了。要不是出这个幺蛾子, 今年不还继续踢亚冠吗, 那得分多少钱, 想不开。有能力的人难免都会有点个性, 要找个好的管理者, 不能找个炮药, 到处埋雷的, 因人而治, 老是拿政府对付拆迁钉子户的办法 不行。

Read More

不用选号费的DNS来了.

8.8.8.8

8.8.4.4

这是由google提供的Free的DNS服务器. 对于opendns 来说是个不小的冲击。

最近才发现vpn 是个好东西, 而且可以自己建一个. 用来打开一些关键的技术资源。而这已经流行很久了。

Read More