KHJKKarl Hans Janke Kollaborativhttp://www.khjk.org/Sven Moritz Hallbergsm@khjk.org2010-02-12T18:50:00ZReally simple distributed DNShttp://www.khjk.org/log/2010/feb/rsddns.htmlpescopesco@khjk.org2010-02-12T18:50:00Z
<p />There is a project, originating within the CCC, to link hackerspaces around the
world into a <a href="http://media.ccc.de/foo/bar">common VPN</a
>.
Within this,
we would like to provide DNS; probably under a fake TLD, say <span style="font-family:monospace">.hack</span
>.
<p />Well, you know, we like decentralized systems…
<p />This post is about a prototype distributed system that,
give or take a few design iterations,
could actually be useful for decentralized name resolution.
<p />Desirable properties:
<p /><ul><li>require only a minimum of local knowledge to configure the peers
</li
><li>distributed self-organization instead of central administration
</li
><li>avoid central points of failure
</li
></ul
><p />At the conceptual level, the network's <em>nodes</em
>
represent any kind of communications medium.
I.e. anything that messages can be sent <q>onto</q
> with the expectation
that all entities also <q>on the medium</q
> will receive them.
<p />Concretely there are two kinds of nodes:
<p /><ul><li>Low-level network links.
IP-port pairs or other kinds of peer-to-peer addresses.
The idea is that these could also be Ethernet interfaces and thelike.
They carry no global name and are thought of as only locally known to a
specific station (host system).
</li
><li><q>Mesh</q
> nodes (for lack of a better name).
Formed by connecting stations in a mesh.
Has a globally unique ID.
For each node it participates in,
a station knows how to reach its neighbors within that node.
Any other node known to the station can act as the medium
for these connections.
Putting other meshes in this list effectively creates a tunnel.
</li
></ul
><p />Messages also come in two flavors:
<p /><ul><li>Payload. In the example code, these consist of a single <span style="font-family:monospace">String</span
> containing
a message to be printed.
</li
><li>Tunnel messages.
When a message is sent onto a mesh node,
the station wraps it with the ID of that node before sending it
down the neighbor links (i.e. nodes).
</li
></ul
><p />When a station receives a message on a low-level link,
it starts <q>unwrapping</q
> the tunneling headers
and propagates the message to any neighbors it has within the
respective nodes.
<p />Given the above behaviour, it is possible to construct networks of
nodes interconnected in rather arbitrary ways. For the purpose of emulating
DNS, and probably many others, it is useful to think of nodes as either
representing hosts or being formed by joining (<q>federating</q
>) a number of
subnodes. The federations would correspond to DNS domains.
<p />Determining how each station's table of node neighbor connections should look
is left as an exercise to the reader. ;)
The attached code contains a number of such <em>context tables</em
>
for an example network, pictured below.
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="log/2010/feb/rsddns-proto.medium.jpg"><img src="log/2010/feb/rsddns-proto.klein.jpg" alt="rsddns-proto.klein.jpg" /></a
></div
><div class="floatcaption">Diagram of a hypothetical network showing
federations (circles with green labels), hosts (squares), and
low-level links (lines).
Shown in red is the path of an example message
from within a hamburg subnode to a host in cologne.
</div
></div
><p />To watch the example in action, run each of the following commands in a
separate terminal:
<p /><pre><code>$ ghc rsddns-proto.hs -e 'mainloop 2001 laptop_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2002 daddel_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2003 router_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2004 turing_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2005 b1_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2006 b2_ct'
$ ghc rsddns-proto.hs -e 'mainloop 2007 k1_ct'
</code
></pre
><p />Then inject the test message from an interpreter prompt:
<p /><pre><code>$ ghci rsddns-proto.hs
> s <- testsocket 5555
> testsend s "127.0.0.1" 2001 $ Mtun "pesco.hh.ccc.hack" $
Mtun "hh.ccc.hack" $ Mtun "ccc.hack" $ Mtun "koeln.ccc.hack" $
Mtun "k1.koeln.ccc.hack" $ Mstr "hello world!"
</code
></pre
><p />Note the DNS-like hierarchical node IDs and how the nesting of messages
reflects the path through this hierarchy from <span style="font-family:monospace">pesco.hh.ccc.hack</span
> to
<span style="font-family:monospace">k1.koeln.ccc.hack</span
>.
<p />There is a 1s delay after each line of output so it's easy to watch the messages
propagate.
The destination node only prints out the message in this instance, but it would
be trivial to include a return address and have it send back a
useful answer (e.g. the station's IP address).
<p />You will see a lot of backscatter of messages.
This is due to the fact that the stations only perform a minimal check
whether they have already seen a particular message.
A proper implementation should avoid more.
<p /><b>Appendix:</b
>
implementation prototype (Haskell):
<a href="log/2010/feb/rsddns-proto.hs">rsddns-proto.hs</a
>
Closed algebraic data types for Rubyhttp://www.khjk.org/log/2009/dec/ruby-adt.htmlpescopesco@khjk.org2009-12-11T13:37:00Z
<p />Today, a little detour off the path to world domination.
Or maybe not; who knows.
<p />I use <a href="http://www.rubylang.org">Ruby</a
> at work
and I guess it's pointless to deny that I regularly
cringe at it for its <em>rude</em
> failure at being just like Haskell.
Even though, I have to admit that it is rather flexible:
<p />Algebraic data types in Haskell look like this:
<p /><pre><code>data Expr = Lam String Expr
| App Expr Expr
| Var String
</code
></pre
><p />It says that there are three kinds of expressions, called lambdas,
applications and variables, consisting of the given data fields
(e.g. a variable name and a body for lambdas, and so on).
Operations on such a type are defined by giving cases for each
kind of argument.
<p />Off the shelf, there are no algebraic data types in Ruby.
Google didn't find anything, so I thought about it.
With the right plumbing, it's possible to do the following:
<p /><pre><code>class Expr
ctor :lam, :var => String, :body => Expr
ctor :app, :op => Expr, :arg => Expr
ctor :var, :name => String
end
</code
></pre
><p />Not much longer and only slightly uglier! \o/
And with type checks, too.
<p />The result is a class <span style="font-family:monospace">Expr</span
> with three singleton constructor methods,
similar to the usual <span style="font-family:monospace">new</span
>.
Each takes a single hash as its argument that assigns
values to the relevant fields.
All fields must be provided and their types must match the definition.
For example:
<p /><pre><code>id = Expr.lam(:var=>"x", :body=>Expr.var(:name=>"x")) # (\x.x)
</code
></pre
><p />The <span style="font-family:monospace">ctor</span
> method defines accessors to the constructor <q>tag</q
> and each field.
A typical method definition on <span style="font-family:monospace">Expr</span
>s would look like this:
<p /><pre><code>class Expr
def eval(env={})
if is_lam? then
self
elsif is_app? then
f = op.eval(env)
if f.is_lam?
x = arg.eval(env)
f.body.subst(f.var,x).eval
else
raise "operator is not a function"
end
elsif is_var? then
env[name] || self
end
end
end
</code
></pre
><p />Obviously, this is in contrast to the <q>object-oriented</q
> way of distributing
operations on different kinds of things over respective (sub-) class
definitions.
Aside from being a matter of taste,
I prefer the above in this case,
because the definitions of evaluation for different kinds of expressions have
to fit together.
Their interaction is easier to view when the definition is in one place instead
of scattered across multiple classes.
<p />To the plumbing:
Everything happens in <span style="font-family:monospace">ctor</span
>, which is singleton method of <span style="font-family:monospace">Class</span
>,
so it can be used in a class definition
(similar to convenience methods like <span style="font-family:monospace">attr_reader</span
> and such).
The routine looks like this:
<p /><pre><code>class Class
def ctor(ctorname, argtypes)
# add singleton constructor method to self
self_ = (class << self; self; end)
self_.module_eval do
define_method(ctorname) do |argvalues|
x = allocate
# check argument types
# [...]
# fill instance variables of x
x.instance_eval do
@ctor = ctorname
@args = argvalues
end
x
end # constructor
end # singleton methods of our ADT
# inspection methods
attr_reader :ctor
attr_reader :args
# define accessors and convenience methods on self
# [...]
end
end
</code
></pre
><p />The full source code along with a complete lambda evaluator is in the
file attached below.
The evaluator also supports destructive in-place updates,
effectively yielding graph reduction.
<p />Note: The copyright notice states
<a href="http://opensource.org/licenses/isc-license.txt"><q>isc license</q
></a
>,
meaning do whatever you want as long as you leave the notice intact.
<p /><b>Attachment:</b
>
<a href="log/2009/dec/adt.rb"><span style="font-family:monospace">adt.rb</span
></a
>
<p /><b>PS.</b
>
Happy Birthday, you know who you are.
Do <em>you</em
> have a MUA ready to follow <span style="font-family:monospace">mailto:</span
> links?http://www.khjk.org/log/2009/nov/email-comments.htmlpescopesco@khjk.org2009-11-22T11:22:00Z
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/stift-uhr.medium.jpg"><img src="img/2009/stift-uhr.klein.jpg" alt="stift-uhr.klein.jpg" /></a
></div
></div
><p />Just wondering, because if you do, you can now leave comments on posts on this
site. Of course, my solution is unusual and specifically excludes HTML forms,
CGI scripts or any other webcrap. Honestly though, I think it's kind of elegant
like this:
<p /><ul><li>Follow the <q>reply</q
> link on one of the blog entries. Or copy and paste
the address. It has the form:
<p /><pre><code>comment-<path.to.post>@khjk.org
</code
></pre
></li
></ul
><p /><ul><li>Put your comment text into the body of the email. The subject is
ignored. You can use email-style <q>ASCII art markup</q
> like <span style="font-family:monospace">*asterisks*</span
>
for <strong>bold face</strong
>, <span style="font-family:monospace">/slashes/</span
> for <em>emphasis</em
>, <span style="font-family:monospace">></span
>-style quotes, etc.
</li
></ul
><p /><ul><li>A <q>little</q
> <a href="submitcomment.hs">script</a
> (actually, it got partly
hideous with all the <a href="Email.hs">email parsing</a
> and whatnot)
receives the message via <span style="font-family:monospace">procmail</span
> and decides to forward it for
moderation.
</li
></ul
><p /><ul><li>I read the email like all the others (i.e: on my phone or whatever)
and if it's ok simply forward it back to the comment address. This
leaves my PGP signature on it.
</li
></ul
><p /><ul><li>The little script does a few checks, recognizes the signature, and
stores the included message somewhere the <a href="generate.hs">site generator</a
>
will find it.
</li
></ul
><p /><ul><li>The site's HTML content is regenerated. If the <span style="font-family:monospace">From:</span
> address
contained a name, that will be shown as the comment's author.
To remain anonymous, leave out your name (that's a slogan).
The address itself will never be revealed, of course.
</li
></ul
><p /><ul><li>To post a reaction to a comment, I can reply to the OP's email, leaving
the comment address in <span style="font-family:monospace">Cc</span
> (group reply).
<p />In theory, the reply will already carry my signature and go directly
through the little script and appear as a comment on the site.
Unfortunately, this doesn't work in the current reality: Little
script needs the signature over the <em>entire</em
> comment message (a
mime part of type <span style="font-family:monospace">message/rfc822</span
>) to check the metadata for
consistency.
This is the case with forwarded messages,
but in a <q>regular</q
> signed email, the signature only extends
across the <span style="font-family:monospace">text/plain</span
> body.
<p />So, if you want to do me a great favour, add an option to <span style="font-family:monospace">mutt</span
> to
sign headers by using a <span style="font-family:monospace">message/rfc822</span
> part:
<p /><pre><code>multipart/signed
application/pgp-signature
message/rfc822 -- includes headers AND body
</code
></pre
><p /><em>vs.</em
>
<p /><pre><code>multipart/signed
application/pgp-signature
text/plain -- only the message body :(
</code
></pre
></li
></ul
><p /><ul><li>Obviously, this game can go on through the entire thread of discussion
by just keeping the comment address in <span style="font-family:monospace">Cc</span
> at all times.
</li
></ul
><p />Anyway, with this yak now out of the way, back to important work. I've got a
few crazy ideas on which I'd very much appreciate feedback. Stay tuned.
<q>telnetd an</q
>http://www.khjk.org/log/2009/nov/telnetd.htmlpescopesco@khjk.org2009-11-01T00:00:00Z
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/kabelstraenge.medium.jpg"><img src="img/2009/kabelstraenge.klein.jpg" alt="kabelstraenge.klein.jpg" /></a
></div
><div class="floatcaption">random foto: elaborately wired contraption (Technikmuseum Berlin)
</div
></div
><p />I bought a Fritz!Box 7050 for cheap on eBay the other day.
It's a home router with built-in DSL modem, WLAN, and a POTS interface.
The reason I got it was that I'd like to ditch my aging, bulky, and
increasingly flaky ISDN phone in favour of using my mobile as a VOIP
handset for the Fritz!Box.
<p />The device itself works very well, including my old phone, WLAN, and ADSL2+.
Unfortunately, as it turns out, the 7050 doesn't support VOIP handsets in the
stock firmware.
Google says, however, that you can actually run full-blown Asterisk on it.
Now, the reason for this post is my amusement over the method to get a shell on
the thing. Connect a phone, dial <span style="font-family:monospace">#96*7*</span
>, et voila:
<p /><div class="float" style="float:none"><div class="floatcontent"><img src="img/2009/telnetd.klein.jpg" alt="telnetd.klein.jpg" /></div
><div class="floatcaption">Well, thanks! :)
</div
></div
><p />A lot of frustrating <em>frickel</em
> later, however, I've decided to give up for today.
I got Asterisk to run, dialing out from the PC via X-Lite actually worked,
but SIP registration fails on my Nokia E51, for unknown reasons.
<p />For later reference, here's the list of the relevant links I found:
<p /><ul><li><a href="http://www.avm.de/de/Service/Service-Portale/Service-Portal/index.php?portal=FRITZ!Box_Fon_WLAN_7050">http://www.avm.de/de/Service/Service-Portale/Service-Portal/index.php?portal=FRITZ!Box_Fon_WLAN_7050</a
>
</li
><li><a href="http://www.juerging.net/projekte/Fritzbox-Asterisk/">http://www.juerging.net/projekte/Fritzbox-Asterisk/</a
>
</li
><li><a href="http://www.wehavemorefun.de/fritzbox/Hilfsprogramme_/_Tipps_&_Tricks#Asterisk_.28capi_intern.2Bextern.2Fiax2.2Fsip.29_auf_der_7050_.28ohne_Firmware-Mod.29">http://www.wehavemorefun.de/fritzbox/Hilfsprogramme_/_Tipps_&_Tricks#Asterisk_.28capi_intern.2Bextern.2Fiax2.2Fsip.29_auf_der_7050_.28ohne_Firmware-Mod.29</a
>
</li
><li><a href="http://www.asterisk-kompakt.de/artikel/45-asterisk-auf-fritzbox-phone.html">http://www.asterisk-kompakt.de/artikel/45-asterisk-auf-fritzbox-phone.html</a
>
</li
><li><a href="http://www.spblinux.de/fbox/info/asterisk/sip.conf.default">http://www.spblinux.de/fbox/info/asterisk/sip.conf.default</a
>
</li
><li><a href="http://nuxx.net/blog/2008/10/24/sip-via-asterisk-on-nokia-e51/">http://nuxx.net/blog/2008/10/24/sip-via-asterisk-on-nokia-e51/</a
>
</li
><li><a href="http://www.ip-phone-forum.de/showthread.php?t=161714">http://www.ip-phone-forum.de/showthread.php?t=161714</a
>
</li
></ul
>Semiautomating Accountancy for Fun and Profithttp://www.khjk.org/log/2009/oct/ledger.htmlpescopesco@khjk.org2009-10-05T21:40:00Z
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/z23.medium.jpg"><img src="img/2009/z23.klein.jpg" alt="z23.klein.jpg" /></a
></div
><div class="floatcaption">Zuse Z23 @ Technikmuseum Berlin — <em>definately a semiautomatic accountant!</em
>
</div
></div
><p />Is anybody out there using <a href="http://wiki.github.com/jwiegley/ledger"><span style="font-family:monospace">ledger</span
></a
>
or one of its <a href="http://wiki.github.com/jwiegley/ledger/ports">siblings</a
> for their
personal accounting? If not, take this as a recommendation. It's a command-line
tool to generate various financial reports from a plain text listing of account
transactions. If you happen to have access to your bank transactions in csv
format, the script I wrote yesterday may be useful to you. It reads
comma-separated values from stdin and writes <span style="font-family:monospace">ledger</span
> entries to stdout.
<p />If you're German, your likely way to get csv files from your bank is via HBCI.
The right tool for the job appears to be
<a href="http://www.aquamaniac.de/sites/aqbanking/"><span style="font-family:monospace">aqbanking</span
></a
>. Hooking it up to the
bank is a bit of fiddling, so I'll reproduce the quick how-to here. This is
assuming authentication via PIN/TAN:
<p /><pre><code>$ aqhbci-tool4 adduser -t pintan --context=1 --hbciversion=300 \
-b BLZ -u NUTZERKENNUNG -c KUNDENKENNUNG \
-s SERVERURL \
-N "Real Name"
$ aqhbci-tool4 getsysid -c KUNDENKENNUNG
$ aqhbci-tool4 getaccounts -c KUNDENKENNUNG
</code
></pre
><p />To fetch transactions from all accounts and print them in csv format:
<p /><pre><code>$ aqbanking-cli request -c /tmp/foo.ctx --transactions
$ aqbanking-cli listtrans -c /tmp/foo.ctx
</code
></pre
><p />The <span style="font-family:monospace">csv2ledger</span
> script is tailored to the default output format of the above.
I also have made a small shell script to drive these two commands and pipe the
result through the converter. It accepts an optional date range to which to
restrict the output.
<p /><b>Appendix:</b
>
<ul><li><a href="log/2009/oct/csv2ledger.hs"><span style="font-family:monospace">csv2ledger.hs</span
></a
> converts comma-separated values
to <span style="font-family:monospace">ledger</span
> entries. <br />There are a few configuration settings at the top of the script to tell it
about account names and the input format.
</li
><li><a href="log/2009/oct/buchungen.sh"><span style="font-family:monospace">buchungen.sh</span
></a
> fetches transactions with
<span style="font-family:monospace">aqbanking</span
> and shows them via <span style="font-family:monospace">csv2ledger</span
>. <br /> Usage:
<p /><pre><code>buchungen.sh [startdate [enddate]] # date format: YYYYMMDD
</code
></pre
></li
></ul
>The <q>Skein</q
> hash function in 256 lines of Chttp://www.khjk.org/log/2009/sep/skein512.htmlpescopesco@khjk.org2009-09-26T15:40:00Z
<p /><b>Note:</b
>
I'm going to switch this thing over to English now, because I expect
to ask some non-Germans for feedback in the future. I might also translate some
old posts.
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/teichufer.medium.jpg"><img src="img/2009/teichufer.klein.jpg" alt="teichufer.klein.jpg" /></a
></div
><div class="floatcaption">A view across the lake at HAR 2009 towards the CCC's geodesic party tent. Me
and friends camped just about outside the right edge of the picture.
</div
></div
><p />So here's the latest installment of my exploits into the forbidden realm of
implementing cryptographic primitives.
<p />After building my little crypto chat experiment last month, one thing sorely
missing was message authentication (from <span style="font-family:monospace">p2p.c</span
>):
<p /><pre><code>printf("receiving packets on port %d\n", LOCALPORT);
printf("CAUTION: Message senders can be spoofed.\n");
</code
></pre
><p />The obvious solution to this problem are message authentication codes,
particularly because the diffie-hellman setup already yields shared secrets
between any two parties. A typical way to construct MACs is to take a
cryptographic hash function and compute its value over a combination of the
message and the secret (the standard construction of this kind is called HMAC).
So I set out to find a nice little hash function which could be easily and
elegantly implemented. Unfortunately, the obvious candidates didn't quite
satisfy me. I kept looking and eventually ended up with the promising
description of <a href="http://www.skein-hash.info/">Skein</a
>:
<p /><blockquote>Skein is a new family of cryptographic hash functions. Its design combines
speed, security, simplicity, and a great deal of flexibility in a modular
package that is easy to analyze.
</blockquote
><p />Without much regret, I commited the next step up on the ladder of serious
crimes in the construction of crypto systems: I set out to use an unproven
algorithm. Hooray! >:)
<p />Incidentally, one very nice feature of Skein is that it already offers a
mechanism to turn it into a keyed hash function. If my understanding is
correct, this is essentially due to the fact that Skein is actually derived
from a block cipher (actually called <q>Threefish</q
> ;)). I have yet to implement
this MAC mode, but it's basically a detail once the rest is set up.
<p />As of yesterday, the code finally produces the correct output on the official
one-byte test vector. Feel free to try it on the longer ones. What took me so
long? First, there was <a href="http://www.har2009.nl">HAR</a
>. I had it pretty much
complete at that point, except for one of those nasty segfault bugs. When I
took a good hard look at things again this week, it turned out to be an
overlong <span style="font-family:monospace">memset()</span
> corrupting my stack. God, I love those! ;)
<p />There are some limitations to the code at this point:
<p /><ul><li>Only the 512-bit variant of Skein is implemented. However, the <span style="font-family:monospace">threefish</span
>
function is already generalized to any block size, so the others should be
easy to add.
</li
><li>The supplied <span style="font-family:monospace">main</span
> routine simply hashes the test vector, prints the result
and exits. Anything more useful basically needs to wait for the next point:
</li
><li>No support for directly slurping input from <span style="font-family:monospace">FILE</span
> handles. I've already
prepared the code for it, just need to write the actual routine.
</li
><li>As stated above, no MAC mode, yet. None of the other fancy stuff
(personalization, tree hashing, …) either. Just plain and simple hashing.
</li
></ul
><p /><b>Appendix:</b
>
<a href="log/2009/sep/skein.c"><span style="font-family:monospace">skein.c</span
></a
>
Peer-to-Peer Kryptochathttp://www.khjk.org/log/2009/aug/p2p.htmlpescopesco@khjk.org2009-08-07T21:19:00Z
<p />Meine Kryptoexperimente schreiten weiter fort. Am vergangenen Wochenende habe
ich mir meinen <a href="log/2009/jul/elgamal.html">ElGamal</a
>-Code nochmal vorgenommen und
daraus ein kleines anonymes Peer-to-Peer-Netz gebaut. Man erwarte jetzt bitte
nichts weltbewegendes, es handelt sich nach wie vor um kaum mehr als eine
Fallstudie zu Montgomery-Multiplikation. Allerdings eine, ueber die man
verschluesselte Kurznachrichten austauschen kann. ;)
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/serviette.medium.jpg"><img src="img/2009/serviette.klein.jpg" alt="serviette.klein.jpg" /></a
></div
><div class="floatcaption"><em>That's the way we do it.</em
>
Meine Serviette aus der Hotelbar in Berlin vor ein paar Wochen.
</div
></div
><p />Das ganze ist ein einfaches Broadcast-Netz: Jeder Knoten sendet eingehende
Nachrichten, die nicht an ihn selbst addressiert sind, weiter an jeden seiner
Nachbarn. Wenn er eine Nachricht schonmal gesehen hat, wird sie verworfen.
Erwaehnenswert:
<p /><ul><li>Jeder Knoten im Netzwerk besitzt ein Schluesselpaar. Der public key
ist seine Netzwerkadresse.
</li
><li>Pakete bestehen komplett aus Chiffretext, keine weiteren Header. Der
Empfaenger erkennt seine Nachrichten daran, dass er sie erfolgreich
entschluesseln kann.
</li
><li>Eigentlich klar, aber trotzdem toll: Das Netz ist unabhaengig vom Internet.
Ich habe es fuer UDP implementiert, aber das ist willkuerlich. Amateurfunk,
rohes Ethernet oder carrier pidgeons gingen auch. Insbesondere ist mir NAT
egal, sobald ich das Ding fuer meinen OpenWRT-Router kompiliert habe.
</li
><li>Es gibt vorerst keine Nachrichtenauthentisierung. D.h. keine Sicherheit,
dass Nachrichten wirklich vom angebenen Absender stammen.
</li
></ul
><p /><b> Anlage:</b
>
<a href="log/2009/aug/p2p.tgz">Source</a
> (jetzt auch Linux-kompatibel),
<a href="log/2009/aug/README.p2p">README</a
>
<p /><b> PS.</b
>
Neues Cleartext-Feature: Stichpunktlisten.
Night of Work. Das ElGamal-Kryptosystemhttp://www.khjk.org/log/2009/jul/elgamal.htmlpescopesco@khjk.org2009-07-25T02:40:00Z
<p />Heute war <q>night of work</q
> beim CCCHH. Aus der
<a href="http://wiki.hamburg.ccc.de/index.php/Night_of_work">Beschreibung</a
>:
<p /><blockquote>Im wesentlichen sagt der Name es: Die Idee ist, eine Nacht lang gemeinsam
fokussierte Arbyte zu betreiben. Natuerlich soll der Austausch nicht zu kurz
kommen, sonst wuerde man es nicht gemeinsam machen. Am Ende haben idealerweise
alle selbst was geschafft und von anderen noch was neues mitgenommen.
</blockquote
><p />Wir haben das zum ersten Mal gemacht und ich muss sagen, es hat sehr schoen geklappt.
Eine angenehme Runde von Leuten hat sich eingefunden,
um die Nacht durch diverse persoenliche Projekte voranzutreiben.
Diensteschreiben fuer das <a href="http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security">CTF</a
>
auf der <a href="http://www.har2009.org/">HAR</a
>, Software-updates der Club-Webseiten,
Compilerbau, P2P-Netzwerktechnik, etc.
<p />Nach der Vorarbeit aus dem vorangegangenen Eintrag gab es fuer mich einen
naheliegenden naechsten Schritt:
Diffie-Hellman zu ElGamal-Verschluesselung umstricken.
Das <a href="log/2009/jul/dh/elgamal.c">Beispielprogramm</a
> ist sehr einfach,
an den Ecken rau und hat seinen Zweck perfekt erfuellt.
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/elgamal.medium.jpg"><img src="img/2009/elgamal.klein.jpg" alt="elgamal.klein.jpg" /></a
></div
></div
><p />Es war erstaunlich cool,
die Zahlen per cut&paste hin- und herzuschieben,
zu wissen, was sie bedeuten
und am Ende den gewuenschten Klartext zu sehen. :)
<p />Das ganze ist im Vergleich zu <q>richtigen</q
> Implementationen insofern vereinfacht,
als dass Modulus und Erzeuger festgeschrieben sind.
Diese werden im allgemeinen als Teil des public keys erzeugt.
Sofern mein Wissen mich nicht truegt, haengt die unmittelbare Sicherheit des
Systems davon aber nicht ab.
Diffie-Hellman in 200 Zeilen Chttp://www.khjk.org/log/2009/jul/dh.htmlpescopesco@khjk.org2009-07-24T21:30:00Z
<p />Das hat man dann davon. Und dabei hatte alles so harmlos angefangen.
Ich stand auf dieser Einweihungsparty herum und trank Bier.
Nebenbei betrieb ich die wundervollste Sache neben Sex: Nerdtalk.
Krypto-Nerdtalk, mind you.
<a href="http://kbfr.livejournal.com/">kb</a
> of <a href="http://www.farb-rausch.de/">farbrausch</a
>
fame wollte Datenpakete authentisieren. Hauptsache billig (zu coden).
Spieleindustrie <strong>shrug</strong
>.
Nach kurzer Eroerterung sagte ich irgendwann:
<p /><blockquote><q>Da kannst Du doch (wait for it…) <em>einfach</em
> Diffie-Hellman machen.</q
>
</blockquote
><p />Ah, die Dummheit des Theoretikers.
<a href="http://de.wikipedia.org/wiki/Diffie-Hellman">Diffie-Hellman</a
>
ist natuerlich wirklich ganz einfach. Fuenf Zeilen.
Man braucht nur Exponentiation. Kein Problem. Dafuer gibts ja
<a href="http://de.wikipedia.org/wiki/Bin%C3%A4re_Exponentiation">Square-and-Multiply</a
>.
Easy peasy, solange man multiplizieren kann. …Modulo grosser Primzahlen.
<p />Ach… aeh. Tja, zu diesem Zeitpunkt war schon eine Nacht vergangen.
The damage had been done. Erstens kann man sowas nicht auf sich sitzen lassen.
Zweitens, und das ist noch gravierender, brennt einem unerbittlich die Frage
unter den Naegeln, ob es nicht <em>tatsaechlich</em
> ganz einfach ist, wenn man nur
weiss, wie's geht. Die gute Nachricht vorweg: Isses. :)
<p />Der Haken ist offensichtlich: Herauszufinden <em>wie</em
> es geht, ist nicht so
leicht. Einfach normal multiplizieren und danach durch den Modulus dividieren
ist in der Groessenordnung von ein paar tausend Bits naemlich
schon schmerzhaft. Immerhin besteht die Exponentiation
ihrerseits aus ein paar tausend Multiplikationen. Ausserdem ist Division
grosser Zahlen nicht mehr huebsch, sondern ein ziemlicher Schandfleck im bis
dahin sehr uebersichtlichen, wenn auch noch hypothetischen, angeblich einfachen
Code.
<p />Die elegante Antwort lautet
<a href="http://en.wikipedia.org/wiki/Montgomery_reduction">Montgomery-Multiplikation</a
>.
Ein wundervoller mathematischer Trick,
mithilfe dessen man sich um die ganzen Divisionen druecken kann.
Leider kann mein Blogmarkup noch keine Formeln,
deswegen verzichte ich vorerst auf die sexy Details
und poste nur den <a href="log/2009/jul/dh">Code</a
>.
Der ganze Spass passiert dort in <a href="log/2009/jul/dh/monty.c"><span style="font-family:monospace">monty.c</span
></a
>.
Ein Beispiel-Programm zum Ausprobieren per cut&paste ist
<a href="log/2009/jul/dh/dh.c"><span style="font-family:monospace">dh.c</span
></a
>.
Dort findet sich auch der Diffie-Hellman-Fuenfzeiler:
<p /><pre><code>/* diffie-hellman: */
mrand(n, N, a); /* generate random number modulo N */
monty_exp(n, N, R, gaR, gR, a); /* compute g^a */
send(n, gaR); /* send g^a to bob */
recv(n, gbR); /* receive g^b from bob */
monty_exp(n, N, R, gabR, gbR, a); /* compute (g^a)^b = g^(ab) */
</code
></pre
><p />Easy peasy. Right? :-)
<p /><div class="float" style="float:none"><div class="floatcontent"><a href="img/2009/telegraphus.medium.jpg"><img src="img/2009/telegraphus.klein.jpg" alt="telegraphus.klein.jpg" /></a
></div
><div class="floatcaption">Kein Blogpost ohne Bild.
Aufgenommen im <a href="http://www.sdtb.de/">Deutschen Technikmuseum</a
> in Berlin.
Er hat einen Telegraphenmasten in der Hand
und der Adler haelt Blitze in den Krallen.
</div
></div
><p /><b>PS.</b
>
Der Code laeuft unter BSD. Linux-Fanbois und Verwandte muessen selber
wissen, wo sie ihre Zufallszahlen herkriegen. ;)
<p /><b>Update.</b
>
Da ich <em>irgendwo</em
> ja auch noch eins habe, ist der Code
jetzt doch Linux-kompatibel.
Behoerdenkennzahlhttp://www.khjk.org/log/2009/may/1337.htmlpescopesco@khjk.org2009-05-13T13:23:00Z
<p /><div class="float" style="float:left"><div class="floatcontent"><div class="float" style="float:none"><div class="floatcontent"><img src="img/2009/1337.klein.png" alt="1337.klein.png" /></div
></div
></div
></div
><p />Bundesbehoerdlich beurkundet: Ich bin offiziell leet.