Kendall's Online blog

Saturday, March 25, 2006

Clearly a bug in the MSN Messenger 8.0 live

If you have the new msn messenger 8.0 live which is still in beta, you would have noitced that it randomly picks pictures you saved in your picture folder and displays them to your online friends. Now I thought noting of this and allowed the display of these random pictures which I clearly did not select. But when I logged into a friends computer who was using MSN 8.0 too, you can imagine my embarrasement when I started getting comments from friends requesting why I had another person's picture (private pictures I might add) on my display. I think Microsoft ought to let users have control of the picture they have set on display by default. If you have MSN 8.0 live either confirm the picture it has randomly set to display or don't use the picture display at all.

Thursday, March 16, 2006

Windows XP on Mac solution posted from Engadget

This post appeared on engadget on how to run windows on the new macs with intel processors

We well knew early this morning that the XP-on-an-Intel-Mac bounty was apparently paid out, so sorry if you had your eye on that $11,000 $12,000 ! $13,000 bounty. But what we didn't have was the solution. Well, Colin over at still doesn't have anything much to say about it, but we think the file itself should say enough. Grab it below if you want it -- the zip includes a bootloader CD image and a how-to for getting XP on your MacBook Pro, iMac, or mini. Happy Windows-ing.

Download (777KB), mirrors: 1, 2, 3, 4, 5

[Thanks, dueport]

Wednesday, March 15, 2006

Cryptography Primer III: Advanced Encryption Standard (AES)

Introduction to AES
The AES was introduced in 2000 by NIST to replace DES which was found to be vulnerable to linear and differential cryptanalysis. The Rjindael algorithm was selected as the final candidate for AES. AES is also a symmetric-key block cipher like DES in which both receiver and sender encrypt/decrypt data with a private key. AES unlike DES can be used to encrypt variable block sizes of length 128, 192 and 256 bits. The difference during (de)encryption is that larger block sizes are encrypted by a different number of rounds. The number of rounds is 10, 12 and 14 for 128,192, 256 block sizes respectively. NIST adopted only the block length of 128 bits and 10 rounds in AES. The round transformation is made on the 128 bits which is broken down into 16 bytes of 8 bits each. The 16 bytes are arranged in a 4 X 4 matrix.
The 4 steps in the AES algorithm are:
ByteSub Transformation (BS): This transformation makes it resistant to linear and differential cryptanalysis. This is an S-Box substitution where each element of the array is substituted by the value in the S-Box transformation. If abcdefgh is the element of length 8 bits to be substituted, the value in row abcd and column efgh is read of from the S-Box.
ShiftRow Transformation (SR): This linear mixing step causes the bits to be diffused more in each successive round. The 4 rows of the matrix are shifted cyclically by offsets of 0,1,2,3 respectively.
MixColumn Transformation (MC): This layer does the same function as ShiftRow. Each column is multiplied by a 4 X 4 matrix with elements made up of entries in GF (28) to produce the output.
AddRoundKey(ARK): The output of MC is XORed with the output of the key scheduler

AES Encryption
The steps in the AES encryption are:
ARK using the 0th roundkey.
Nine rounds of BS, SR, MC, ARK using round keys 1 to 9.
A final round of BS, SR, ARK using the 10th round Key.

AES Decryption
The steps in the AES decryption are:
ARK using the 10th roundkey.
Nine rounds of IBS, ISR, IMC, ARK using round keys 9 to 1.
A final round of IBS, ISR, ARK using the 0th round Key.

P. C. van Oorschot, A. J. Menezes, S.A. Vanstone, “Handbook of Applied Cryptography,” CRC Press Inc., Florida , 1996.
K. K. Parhi, X. Zhang, “Implementation Approaches for the Advanced Encryption Standard Algorithm”, IEEE Circuits and Systems Magazine, 2002, pp. 24 – 46.

Cryptography Primer II: Data Encryption Standard (DES/3DES)

Introduction to DES
DES is the most widely used cryptographic algorithm. It has been used in most banking application since 1977 when it was released as a free license by NIST (then NBS), it was replaced in 2000 by AES and is used in IPSEC and SSL security protocols. DES is a block cipher that encrypts a 64-bit block (not variable) of cipher text using a 56-bit key. The key is padded with 8 parity bits giving it a total length of 64 bits. Every eight bit is used for parity and ensures that each byte has an odd number of 1’s.

DES Encryption
The DES encryption algorithm for one round of DES is as follows for a plaintext m as described in
m is permuted by IP(Initial permutation) i.e.. (m0 = IP(m)).
m0 is split into two 32-bit parts L0R0.
For I = 1 to 16
Li = Ri-1
Ri = Li-1 (+) f(Ri-1, Ki ) where Ki is the ith roundkey.
Switch L16R16 such that m16 = R16L16 and apply inverse of initial permutation on m
i.e. C=IP-1(R16L16)

The DES blocks are described as follows:
Initial permutation (IP): It is just a mere reordering/permutation of the 64 bits of the plaintext. Function f: The steps to compute function f are as follows:
R is expanded by expansion function (E)
The output of E is then bitwise XORed with the ith roundkey (B = E(R) (+) K)
For I = 1 to 16
Each Bi is substituted from S-Box Si to give Ci of length 4 bits
The 32 bit C is now permuted for the last time by permutation P

Expansion Permutation (E): This expands the 32 bit of Ri by reordering using the expansion permutation table which duplicates certain bits to form a 48 bit block
S-Box Substitution (S): Each value of Si is substituted by S-box Si. Bi = b1b2….b6. The value Ci of the substitution is obtained by checking row b1b6 and column bi2bi3bi4b5Si (000 is first column and 00 is first row). Ci is 4 bits long and each of the 8 S-boxes produce a value for Ci making C 32 bits long.
Permutation (P): This is just another reordering of the 32 bits of C and gives the final output of function f. The table for the permutation is found in Key Generation: Each round uses a different key derived from the first round key K0 . The 56 bit key obtained when all parity bits are removed undergoes three transformations. The 56 bit key is permuted by a key permutation table PC1 to produce CoDo. Co and Do are both 28bits long each. Ci and Di are left shifted one or two bits to the left. For rounds 1, 2,9,16 they are shifted once and for all other rounds it is shifted twice. Finally the 48 bits of the 56 bits of concatenated C16D16 obtained after a final permutation using table PC2 to produce K.

DES decryption
This is the same process as DES encryption but the round keys are applied in reverse order. i.e the last round key is applied first then other round keys are applied in decreasing order.

Triple DES (3DES)
3DES is a much stronger version of DES and is more resistant to differential cryptanalysis and makes brute force attck more difficult. There are two variants:
Use of three different keys and DES encryption (E). 3DES in this variant is Ek1(Ek2(Ek3(m)))
Use of two different keys and DES encryption (E) and decryption (D). 3DES in this variant is Ek1(Dk2(Ek1(m))) where k1, k2 and k3 are different keys
3DES can be implemented in serial or in parallel using 3 blocks of DES. The parallel implementation takes up less hardware resources

A. T. Abdel-Hamid, S. Tahar, E. Aboulhamid, “IP Watermarking Techniques: Survey and Comparison”, IEEE International Workshop on System-on-Chip for Real-Time Applications (IWSOC'03)) June 30 - July 02, 2003, Calgary, Alberta, Canada, pp. 60 - 65
P. C. van Oorschot, A. J. Menezes, S.A. Vanstone, “Handbook of Applied Cryptography,” CRC Press Inc., Florida , 1996.
W. Trappe, L.C. Washington, “Introduction to Cryptography with Coding Theory,” Prentice Hall, New Jersey, 2002
V. Pasham, S Trimberger, “High-Speed DES and Triple DES Encryptor/DecryptorCryptographic Algorithm Metrics,” (

Monday, March 13, 2006

Cryptography primer part I

This post and other related posting later this week are part of a series of blog entries that I would use to provide an introduction to cryptography which is my area of research at the University of Victoria. I am also a member of the Working group on the IEEE standard P1363 (Specifications for Public-Key Cryptography) and a student member of the Information Systems Audit and Control Association (I.S.A.C.A).
If you happen to be close to Napa Valley on the 26th - 29th April 2006 you can come to my stand where my poster abstract on the"Design of an elliptic curve cryptographic processor" at FCCM 2006

Terminologies in Cryptography
These are some of the terminologies used to describe cryptographic algorithms
· Type: Private Key or Symmetric and Public Key or Asymmetric
· Key Size: the length of the key used in encrypting information.
· Attack: The attacks which the cryptographic algorithms is vulnerable to.
· Strength: An assessment of the strength of the algorithm based on its key length, no of rounds, complexity and resistance to attacks
· Rounds: No of repeated sequence of operations on plaintext to produce the ciphertext.

Private or Symmetric Key Algorithm
Private Key algorithms are algorithm where the encryption key is known to both the sender and receiver of data or where the decryption key can easily be obtained from the encryption key. They are mainly used for the encryption of data at high speed. Their strength greatly depends on the privacy of the key since anyone who has the key can decrypt or alter the transmitted data. There are two types of Private Key algorithms: block cipher and stream cipher. When the data is fed into the algorithm in bits and pieces and the output is produced in bits it is referred to as a stream cipher in the other hand if the data is passed at once to the algorithm it is referred to as a block cipher e.g. DES. Stream ciphers are preferred in situations where transmission errors are probable because they do not have error propagation.

Public or Asymmetric Key Algorithm
Public Key algorithm was developed out of the difficulty in finding a secure method of exchanging the private key between both parties. Encryption of data using Public Key algorithm involves generating two different keys a private key and a public key (derived from the private key). The public key is made available to everyone. Public keys generated by these algorithms cannot be used to derive the private key hence the Public Key can be publicized. Public Key method performs complex operation on very large numbers and this comes at a high computational cost usually much larger than that of Private Key algorithm thus public Key algorithm should be used for encrypting small amount of data or transmission of Private Key used in Private Key algorithm because of their large computational requirements.

Strength of algorithm
Both categories of cryptographic algorithms mentioned above use keys of variable length. The size of the key is a very important metric when implementing cryptographic algorithms because it determines the number of different keys that exist and the strength of the cryptographic algorithm. In order to break a cryptographic algorithm the simplest method would be to try all the different combinations of keys so a large key length is preferred to make the cryptographic algorithm less vulnerable to this type of attack called brute force attack. The choice of key length is dependent on a combination of the level of security required, processor ability and word length of the chip used in your application.
Cryptographic algorithms are subject to attacks of various forms, below is an overview of such attacks:
· Brute-force Attack: Brute-force attack is the attack where the attacker tries all possible combination of keys until the actual key is found. Brute force attack cannot be prevented but most cryptographic algorithm makes it almost infeasible.
· Codebook Attack: A block of plaintext when encrypted always returns the same block of ciphertext as long as the same key is used. Codebook attack exploits this property of encrypted data.
· Differential Cryptanalysis: Differential cryptanalysis is the finding of similarities between various cipher-texts derived from similar plaintexts. This similarity assists in obtaining the key
· Known Plaintext Attacks: This type of attack involves retrieving the key from analyzing a known plaintext and its ciphertext.
· Linear Cryptanalysis; This attacks involves finding linear dependency between plaintext, ciphertext and key which helps in retrieval of the key.
· Man-in-the-middle: This attack is only possible if the attacker can eavesdrop on conversation of two parties and change the contents of their conversation. The attacker achieves this by pretending to be one of the parties in the conversation.
· Related Key Cryptanalysis: This refers to attack based on encrypting plaintexts with similar keys and analyzing the difference in output.
· Timing Attack: This attacks the algorithm by measuring the computation time for a series of decryption.

P. C. van Oorschot, A J. Menezes, S.A. Vanstone, “Handbook of Applied Cryptography,” CRC Press Inc., Florida , 1996.

W. Trappe, L.C. Washington, “Introduction to Cryptography with Coding Theory,” Prentice Hall, New Jersey, 2002

Strength Assessment of Encryption Algorithm (

D. Boneh, “Twenty years of Attack on the RSA Cryptosystem”, Notices of the AMS, Vol. 46 No. 2, February 1999.

Origami: the Japanese art of paper folding

Origami is a Japanese word which literally means to fold paper. Microsoft has chosen Origami as the code name for its Ultra-Mobile PC project. Most commercials tout the Microsoft Origami as a paperback PC designed to replace the text book. Its no surprise to see the similarities between the name Origami and the Microsoft UMPC which was recently launched. With English names becoming increasingly difficult to find for new projects and ventures, startups and technology firms have turned to foreign language as a substitute. If you need to learn more about origami- the japanese art of paper folding, check out their wiki page on wikipedia . And for more on the Microsoft origami project you can check it out at Microsoft Origami Project.

Super secret apple rumours

A funny comic strip, part of the backlash from the apple conference a few weeks ago where an over priced leather carrying case and speakers for the iPod was announced along with the Mac mini running on Intel processors
The hype usually surrounding the release of any apple product because of the high expectations people place on their products turned out to be the release of already widely available cheaper third party products and (lest I forget to add, they are not even as good as those already available) . This shows that if you are up there the only way you are allowed to go is up. Microsoft created the same effect with Origami band Tivo too, thus the only way to release a product is to follow suit, gone are the days when a simple press release would suffice or just shipping your product to retail shops, instead the norm now is to make sure your would-be customers as anxious as possible that way they preorder without even seeing or waiting for reviews of the products.

P.S. Ideas for the 6-G iPod
- 3.7" screen
- iTunes support for WMA enclosures
- Bluetooth capability to enable sharing of playlists, pictures, uploading of podcasts via bluetooh access points, push to talk with other ipod users and a nice internal mic and also listening to online radio stations
- peg the maximum volume to acceptable levels to reduce hearing loss; infact if you do any investing now do so in companies who manufacture hearing aids you dont need CNBC's Cramer to tell you that.

Update on Hack a Mac

The Hack a Mac challenge is over and lasted for 38 Hours. Although is was not the stated length of time, the University of Wisconsin put a stop to it as there wasn't clearance from the University's Security and Network Group to set up such a challange on thier network.
But the good news is that the Mac computer came out tops except for the few denial of service attacks which is not due to any vulnerability in the Mac.
This goes to prove that the Mac is as secure as we have always believed. I will say again, I am a Mac owner and proud of this result.

Thursday, March 09, 2006

Origami is Ultra Mobile PC afterall

The Microsoft origami project turned out to be the Ultra-Mobile PC after all the suspense it was due for launch a week ago, only for the suspense to be extended an extra week. The UMPC as defined from Microsoft website is  " a new kind of computer. It combines the power of Windows XP with mobile-ready technologies that make it easy to access and use your software on the go. With small, lightweight, carry-everywhere hardware designs, you can connect and communicate, accomplish any task anywhere and at any time, and be entertained and informed wherever life takes you. "
The hardware specs of the UMPC are as follows
  • Windows XP Tablet PC Edition 2005 OS
  • Approximately 7" diagonal display (or smaller)
  • Minimum 800 x 480 resolution
  • Approximately 2 pounds
  • Integrated touch panel
  • WiFi- and Bluetooth-enabled

    It also comes with full version of software unlike the pocket pc' which use  seriously scaled down version of the actual software. The software include Micros ft Office, Movielink, Microsoft Streets & Trips '07, One Note 2004 and Foldershare ( a new Windows Live Service), MSN messenger, Windows Media Player, Outlook Express and shortcuts to MSN spaces, MSN Music and MSn Games and with the regular classic games like Solitaire, Hearts and now Sudoku.
  • On the website there are 360 views of the Samsung and Asus version. The samsung version can stand upright like a picture frame. The keyboard is novel, it is split into two parts and each half appears on the lower left and right hand corner of the UMPC. The keys on each half is spread around a quadrant and it also includes a stylus.
    More info on the UMPC when I get one in hand

    Wednesday, March 08, 2006

    Software design process

    I got this picture as an email (don't know who or where the source is) and it just reminded me of the whole software design process
    1. How the customer explained it a.k.a Design Specification
    This is the first stage in the process, and starts with the end user requests, the customer explains what he or she wants the software to do or achieve

    2. How the project leader understood it and the Analyst designed it a.k.a Problem Analysis and Logic design
    At this stage the project leader based on the information obtained from the requirement specification tries to find out what exactly needs to be done and how it is to be done using flowcharts, pseudo code.

    3. How the programmer wrote it
    Yeah after the analyst tired to design a nice system the programmer comes up with the code and form the picture u see he usually misses the boat but not as much though

    4. How the project was documented
    Anyone who has written code before, would know that documentation is just a necessary evil and if it wasn't compulsory 9 out of 200 programmers won't document their code but when you inherit code from another programmer without documentation you would wish there was better documentation

    5. How the customer was billed
    :) This customer was billed for a roller coaster whereas what he actually got implemented was pole pivoted at one end...well the software company has got to pay bills, live up to the expectations of its investors so I would even say these guys were moderate.

    6. Support Support Support
    I would class this with support after the product goes life and code maintenance. Clearly always limited ornon existent

    7. What the customer really needed
    Wow.. clearly so far of from what was understood, designed and implemented and he paid a lot

    Tuesday, March 07, 2006

    Hack a Mac

    Folks, decision day is around the corner by Friday March 10th 2006, we will all know if the Mac OSX is as secure as Mac folks have preached. The University of Wisconsin has put up a Mac OS X security challenge and the details of the challenge can be found on this page
    I am a Mac owner and would be keen to see what the results are. I am definitely hoping the system would not be compromised as it would give me bragging rights over my windows peers. So Kendall watch out :)

    Monday, March 06, 2006

    Have a package to ship via courier? Then track it on google maps

    Hi Folks, just stumbled on to an interesting page which lets you track your courier shipments using google maps. All you need is to put in your tracking number for your UPS, FedEx, USPS, or DHL/AirBorne package and visually follow your package right to your doorsteps. You can check it out at Track me. Leave me a feedback and tell me if it worked for you as I have no package to ship right now and sorry my Canadian folks , it currently does not include Canada courier post shipments. I will be getting in touch with the developer of the program to see if Canadian couriers and Royal Mail courier from England could be included. :)

    RIM- Now they have settled, is it back to business as usual?

    Research In Motion Limited or RIM for short is a Canadian mobile device company with its headquarter in Waterloo, Ontario. RIM is famous for its blackberry first introduced in 1999 and allows users to be able to send and receive e-mails, text messages, browse the web and recently make and receive phone calls. The ability to send and receive e-mails on the fly has made the blackberry not only a popular but has also made it addictive.
    Rim has currently settled a patent suit with NTP for $620.00 Million dollars and this guarantees that its operations are not hampered in the US which is where presently they have their largest market share. But one thing of note is while going through the dispute papers is that RIM made mention of the fact that their e-mails served to clients in the United States go through their servers in waterloo. Does this imply that e-mails served to the Congress or the White House officials have to go through Waterloo, unlikely I think but I believe that the US government would have done their due diligence on the security implications of this.
    Not withstanding RIM is looking to improve their share capital and satisfy investors, hence the need to have settled rather than play Russian roulette with the bread and butter of their business operations in the US. But competitors are springing up everywhere from Nokia, Motorola, PalmOne, Visto, Seven and Good Technology, and it will be interesting how each player would be seeking to ensure that the popular AOL phrase "you 've got mail" is served to consumers on their platform.

    Sitemeter : Coolest counter and site monitoring on the web

    Sitemeter is a site where you can obtain JavaScript code for monitoring your site. IT includes counter and allows you analyze various information of the visitors to your website or your blog
    The free version allows you to view your visitor's

    1. Domain
    2. IP Address
    3. ISP
    4. Location
    5. Operating System
    6. Browser
    7. Screen resolution of monitor
    8. Referring URL
    9. Search Engine used and search words
    10. Time Zone
    11. Entry and Exit pages and number of pages viewed

    Integrating the code into your site or blog is a simple copy and paste and you can configure the meter to ignore your own visits to your website (you are usually the most loyal visitor) based on either IP or storing a cookie on your computer.
    The information received can be analyzed by detail, referrals, location and entry and exit pages.

    Saturday, March 04, 2006

    Mac OS X look and feel within Windows XP

    I stumbled upon FlyakiteOSX from which is a software pack that changes the look of Windows XP to that of Apple's MAC OS X. The 23 MB software replaces the system file that gives windows its 5 years old look ( that like a 90 year old old in OS user interface years) to resemble the look of Mac OS X. I would have installed Vista but I haven;'t been able to get invited to test it and I didn't allow my  love for it after Bill gates demo of it at CES allow me do something as unsafe as buying the Vista installation CD's on eBay at that time although they aren't on sale there anymore. I really am not a fan of anything from apple (ipod is No 1 on my Top 10 most unwanted handheld devices)  so I haven't installed it but if you want to take a look at how it feels you can visit which is a website that allows you see how the program looks like when installed on your system and the installation process is reversible by just restoring your system to a stored restore point. If you do end up testing I won't mind your feedback on using it.

    Friday, March 03, 2006

    Blackberry settles patent dispute

    Research in Motion , the company that developed the blackberry has finally settled their 3 year old patent dispute with NTP. They could have settled earlier for $450 million but instead they wanted to  pursue all their legal options and allowed the case drag on for so long. With a fear of an injunction, that could  shut down their service in the United States very likely they finally decided to settle for $612 million dollars. Even if they borrowed $450 million back then the interest rate wont have added another 40% well it just shows that patent infringement is big business.
    I wonder when they will implement that in my beloved home country Nigeria imagine having the patent for mobile phones back in Nigeria and forcing Nokia, SonyErricson and Samsung to pay you for the sale of each device or even the GSM telcos themselves. Because with this NTP victory you really don't need to invent anything or have any product you just have to have an idea what it would behave like when developed :) and the idea should be as vague, broad/all encompassing as possible

    Wednesday, March 01, 2006

    Pimp your hi5 page with emebedded videos of your favourite artists

    The whole point of this post is to let you know how you can embed the video of your favourite artist right in your profile

    In other to perform the task you have to login in to your hi5 page and view your profile form your profile . You then have to select "Edit" profile to get to the "Edit profile" tab
    This takes you to the personalize tab within the "Edit Profile" tab and from this tab you can actually change your background to an image, this is acheived by copying the URL of any picture you have posted on the internet even your hi5 picture (much more trickier) into the "Background image URL" field . Remember to save your changes .

    Next open a new browser window or tab and go to Videocodesforfree website. When you are on the website, search for the video of the artist you want to embedded his or video. Click the link and you are presented with from the search results. You are then directed to the page where you retrieve the html code for the player and you are even given a variety of choices of the type of embedded player you want and by clicking the "Copy to clipboard" button on the "Insert the code below into your website: (embed) " section you would now have the code for the video

    Finally navigate to the "Lifestyle" tab and within the "about Me" or "I'd Like to meet" field you can paste the code copied from Videocodesforfree site by right clicking or CTRL-V shortcut and you can then save your profile. The changes appear immediately when you view your profile Posted by Picasa