Monday, September 14, 2015

Evernote Synchronization is Failed

If you cannot solve the failure of Evernote synchronization in Windows environment after you try many ways, you can try to reset the IE.

Please refer it.
How to reset Internet Explorer settings.


Tuesday, September 1, 2015

Simply Introduce SSL

We can easily learn SSL from this page because it reduces some detail process of SSL. We can only focus on the kernel ideas. Therefore the below picture is very simple.

Client want to find a efficient way to encrypt the request to Server. RSA is secure but no efficient. AES is efficient but no secure. The idea is to combine the strength of RSA with security and AES with efficient. The following steps simplify the SSL process.

  1. Client randomly generates an AES key, K.
  2. Client want to send K in a secure way. It uses RSA to encrypt it with the public key, PubS, of Server.
  3. Server uses RSA to decrypt the cipher with the private key, PrvS, of Server to get the key, K. We can make sure that the transformation of K is secure because it is encrypted.
  4. Now Client and Server have the same K. They can use K to encrypt request, M1 and response, M2 for communication in a secure way.

How to Identify a User

This page describes the scenario of user identification. For example, how does a web site verify the user in web environment?

I separate the concept into 3 topics. First, we use the simplest but no efficient way to solve it. Second, we apply the digital signature way. Finally, we introduce secure boot that has the same concept.

Let's consider the use case. A client sends a request M1 to a server, and the server want to verify the M1 is sent by the the client. We can use asymmetric encryption/decryption to build a secure communication.
  1. The client generates key pairs, public key (PubC) and private key (PrvC).
  2. The client keeps PrvC and sends PubC to the server.
  3. Before the client sends the request M1, it encrypt M1 with PrvC to get Cipher.
  4. The client sends M1+Cipher to the server.
  5. The server decrypt Cipher with PubC to get M.
  6. The server compare M and M1. If both are same, the server make sure that M1 is owned by Client.
There is a problem that the RSA algorithm has bad performance for large data. We can apply digital signature to solve the performance.

We use Digest instead of Cipher. Digest is calculated by SHA algorithm for M1. The size of digest SHA-1 is 20 bytes. The size of digest SHA-256 is 32 bytes. The digest is too small so that we can use RSA to encrypt/decrypt it.

We can apply digital signature in secure boot, BIOS verifies if an OS loader is released by a OS vendor before running the OS loader. Before the OS vendor releases a version OS, the vendor signs the OS loader with private key and provides the public key to a BIOS vendor. Please refer the pages for the details of secure boot. The concept of secure boot comes from digital signature.


How to Draw a Beautiful Flow Chart?

This page describes how to draw a beautiful flow chart. Let's use "secure boot" as an example.

The below picture 1 is a standard flow chart that embeds a text in a rectangle. There is a problem that if the text is too long, we must enlarge the rectangle to contain the text.

Picture 1

We enhances the flow chart as the below picture 2. We just draws many beautiful fixed-size circulars that don't contain any texts. We put a text outside a circular. Now we liberate the limitation of writing texts. We can describe a longer text with more details. We can group these circulars and texts as a concept that is described by another big text. We can also write comments for a circular.

Picture 2

How do you feel the both flow charts?