Here Biden supports McCain
http://www.youtube.com/watch?v=AJnC28lNQSo
Here Biden slams McCain
http://www.youtube.com/watch?v=SKR5zPqEhDA
which is it ? Im confused on his stances…
anyone able to clearify for me ? …
still trying to sort this one out for myself…
’tis a scary thing when a man seems to be only reading from a script….
About 2 weeks ago Aaron and I were shopping and I saw an end cap with a new Product or Products I should say called Green Works they are Cleaning supplies made by Clorox using Natural ingredients NO HARSH CHEMICALS and THEY DO NOT TEST ON ANIMALS!!!
I read all the bottles and smelled the Products. Which by the way for any of you who have Fragrance allergies because they are made from Plant and Mineral Based ingredients they barely have a scent at all. Aaron was actually suprised when I put one of each in the cart and said “when we get home I am throwing away ALL of the cleaning supplies in the closet!” His mouth dropped and said “you mean to tell me your giving up your scents?” I replied “Yes, I am”. And YES I DID, the very minute we unpacked all of our shopping bags I pulled the trash can over to the closet and tossed EVERY cleaning agent I had. That will be the last time I will EVER make that kind of deposit into a Landfill or subject my Family to any of those HARSH, DEADLY Agents again!!!
Traditional Cleaning agents use Chemicals believed to be causing:
Cancer, Infertility, Learning Disabilities, Respiratory Illness, Alzheimers, and much more
Here is what Green Works Products Offer by Providing Nautral Cleaners:
Use Renewable Resources: A natural resource qualifies as a renewable resource if it is replenished by natural processes at a rate that’s equal to the rate of consumption by humans. The plant and mineral-based ingredients in Green Works™ cleaners use materials that come from a resource that is renewable.
Make it Biodegradable: A biodegradable material is something that has the ability to safely and relatively quickly break down biological into the raw materials of nature and disappear into the environment. Much of the ingredients used in Green Works™ natural cleaners are biodegradable helping to minimize the impact on the environment.
Product Ingredients Sustainable: A sustainable product is something made from renewable resources, which means they can grow back quickly and can be harvested with minimal harm to the environment. Our goal with the entire line of Green Works™ natural cleaners is to use materials that are renewable.
Petrochemical Free: Petrochemicals are chemical products made from raw materials of petroleum. Green Works™ natural cleaners minimize the use of petrochemicals and are 99% petrochemical free.
NOT TESTED ON ANIMALS: Animals were not used to test the safety and efficacy of Green Works™ natural cleaning products. (this of course is my FAVORITE feature!!)
Currently on the Market and in my closet at home there is:
All-purpose Cleaner: Can be used from Kitchen to Bathroom, Counters, Appliances, Stainless steel, Sealed granite, Chrome, Cooktop hoods, Sinks and Toilets.
Ingredients: Lemon Oil, Coconut Based Cleaning Agent, Filtered water, Corn Based Ethenol, Contains No Phosphorous or Bleach
Glass & Surface Cleaner: Can be used on Glass Mirrors, Appliances, Stainless steel and Sealed granite. Ingredients: Same as the All-purpose cleaner with the addition of Soda Ash which is like a baking soda. This Product I can honestly say NEVER leaves streaks on my mirrors and I have a TON of Mirrors in our house & Lacquer including our entire bed unit in the Master Bedroom.
Bathroom Cleaner: Its names pretty much tells you its uses and its ingredients are the same as the All-Purpose cleaner.
Toilet Bowl Cleaner: Need I say more, with 3 bathrooms this really comes in handy and works very well!! Ingredients: Lemon Oil, Filtered Water, Coconut based cleaning agent, Xathan Gum (thickens), lactic acid (from Milk) & Citric acid (from Fruit). This product is essentially great for those of you who have experimenting toddlers and Dogs who like to partake of Bowl water from time to time because the chemicals you use now do not completely wash away they hang around in the ring etc….
Dilutable Cleaner: GREAT for Non-wood Floors, Counters, SInks, Stoves, Garbage Cans, Diaper Pails etc….Think of this as a new generation of Pnesol without the Harsh Smell or Chemicals. Ingredients: Same as the All Prupose Cleaner but has Potassium Citrate & Carbonate for Enhanced Cleaning!!
This Month they are coming out with a Natural DIsh Detergent which I am sooo Excited about. Now if they would just make Laundry detergent we would be set!!
Unfortunately these Products do not yet Disinfect but the Clorox Scientists are working on that and hope to have something developed in the next year or so. Until then our Home will have to stick with our trusty Clorox wipes to clean up after Chicken and such or when someone is sick….
Some people may think the Green Works Products are Pricey but really they cost less in the long run because they actually last longer since you use Less of the Product for the same jobs!
Now if I can just get them to provide refills in Biodegrable Cartons we would have the bottle recycling issue under control because we wouldnt have to toss the Plastic just refill it!!
Go forth and Create a Better, Healthier Environment for your Family,
} The Mrs {
I really enjoyed the movie “The Wedding Banquet”. Banquet indeed; a perfect word for all the cultural sensitivites firing off in the movie simultaneously on so many levels as if they were Chinese fireworks !!!
Due to lineage heritage and traditional conservative values of mainland China which the Tung family kept, a lot was to be expected of their son Wai in Manhattan. Wai’s mother took immediately to Wei-Wei and the baby. To Wai’s mother, Wai’s future with Wei-Wei means everything to the future of the Family name. And so, the elaborate ceremony has become organized by Wai’s mom with the help of family friends money. Wai is constantly annoyed with his mother’s pushing ‘nagging attempts to match him with many of the girls of the villages. She so badly wants a grandchild. Once found out Wei-Wei’s expecting, the baby is of utmost importance to Wai’s parents for continuing the legacy of the family. Wai is a successful real estate professional that works with his partner Simon, but when he’s with his parents, he’s still their little boy.
Thinking about how Wai feels, his mixed emotions really have no escape. Although he could find happiness in Simon’s arms, Wai struggles within about what the world “expects”of him. And so Wai seems to be just as unhappy as he knows he could be happy because he feels left incomplete with unexpressed, unresolved anger at himself because of his guilty feelings.
There is a vast array of many rituals for the global diversity of wedding ceremonies. In our classroom movie “The Wedding banquet” Wei-Wei changes her outfit at least four times through the evening. Not to mention the fifth outfit when pressured by their family friends she and Wai both unchanged into their birthday suits to christen the bed. Wei-Wei represented family heritage in a white gown and formal ritual in others, including a pink party dress but all the while is only herself when she is in worn torn jeans.
In 2003, I had a Chinese friend in Texas who wore her red dress to her wedding. She was 4 feet tall and married a 6 foot tall Norseman. If that wedding wasnt an explosion of culture shock I dont know what is! I’ll never experience another melding of families like I did that day. Both families unfortunately stayed apart because of a language barrier and extreme contrast in cultures. It is a sad fact that for some (like shown in the movie) that marriage can be used as an economical solution and not a decision for it’s original traditional commitment to natural human love and attraction.
I admire Wai’s father Mr. Gao because he does everything in his power to keep his personal composure just to uphold the Tung “family honor”. Mr. Gao’s love for his son’s happiness outweighed his struggle within overcoming his personal prejudices against Wai’s homogeneous lifestyle.
The movie really showed the depth of love a family can posses for each other. Simon and Mr. Gao are very special people. Mr. Gao is ashamed that Wai doesn’t want to fulfill their dreams, that he wants a life of his own, that he didn’t turn out as they had hoped. But he also cares about his lover Simon, and you know what has drawn them together is that they care about other the other’s of the family. Both love Wai for drastic different reasons. Wai’s happiness is the quintessential issue. The two men find together what bond can exist when prejudices are overlooked for the betterment of the bottom line.
It is all too often the world cannot find this common ground blinded by harboring hatred. Unfortunately these feelings with no outlet lead sometimes to unnecessary violence; such is human nature. Wai’s parents’ unconditional love should be seen as an inspiration to us all !
When preparing my approach to studying colonial immigration, I try to picture the multitude of emigrants who came settle in the “Americas”. Nothing made me appreciate the sheer overwhelming presence of such multitudes of people until I witnessed it tonight on my 62 Inch screen at home. As I write, I sit watching with over 70 million others at the 2008 Beijing Summer Olympic Opening Celebration ceremonies. I must admit, I am in absolute awe by the horde of 15,000+ Chinese performers and an estimated 91,000 in attendance at Hope Stadium heralding in the “commercial” hope for global unity. In my mind experiencing this rare unified monumental culmination of people from all around the world enabled the impact of emigration really to “sink in” for me when I directly compare this mass of people on my screen to the aspirations of new opportunities for emigrants of Colonial America.
During the 1730s in England, the economy was improving. Rising real wages for common laboring families began to increasingly enable potential emigrant prospects to stay rooted with their motherland. Factors such as this re-direct the shift of colonial emigration to non-English emigrants. In contrast, at that same time non-English colonial immigrant movements grew with the estimated magnitude of 100,000 Germans who migrated to British America. Three-quarters of these Germans landed in Philadelphia where a “great magnet” for colonial migration emerged. Then as many as 400,000 Germans were encouraged to be driven from their homeland to settle in Hungary, Prussia and Russia due to being pushed toward religious conformity by homeland princes, heavily taxing them and conscripted their youth for waging war and palace construction. Even the forces that be discouraged colonial emigration as an appealing alternative; however word of material success of fellow Germans in Pennsylvania intrigued growing numbers from their own homeland.
There are factors as to why Britain was not so Great after all, it had an increasing population exodus because the Crown drove the majority of Scots out of Northern Ireland for they had already served their military purpose. The kingdom centuries before had become a nuance in many ways that go beyond the topic of this dissertation. A majority of traced Ulster Scots landed in Boston whose safe passage was brokered by Presbyterian ministers. Colonial laws and prejudices by Presbyterian influences discouraged and suppressed the immigration of Catholics and Jews. In fact, selective “Immigrant Recruitment” was even invented by Slave owners seeking out Highland Scots and Germans who they knew were rigid and hardworking people. They were considered skilled tradesmen not just unskilled and uninspired “war fodder” like most 80% of all English convict emigrants.
Geodemographic evidence of overlay maps studied in class present the clear segregated social climate between emigrant cultures. It seems that they choose to cling to their native customs and language. Due to factors of cultural differences, formed two distinct groups the Highland Scots and Germans migrated more withdrawn to the remote frontier hills edging along the Appalachian mountains where land was cheap and withdrawn. They identified similarities in this terrain to that of their respective homelands, Highlanders and “Redemptioner” Germans anchored in American history to bear the extreme hard rugged lifestyles which lay beyond the colonies along the coast. They pioneered the forests further inland than other any other set of emigrant cultures. There in the wild frontier both cultures were to encounter and push back native Indians. In a sense interestingly enough, they created a technological and social demilitarized zone acting as a domesticating buffer between the frontier and advanced coastal colonies.
In addition to British emigrants, most coastal colonies were addicted to slave labor. This profound work force dependence kept slave labor the principle foundation of most all early plantation riches. Driven by disillusioned promoters of a “consumer revolution” the wealthy elite colonists could only thank themselves for impoverishing their peer settlers and further depress their life-long slaves. Contrary to popular misconception, most emigrants did not come to America of their own free will in search of liberation. IT is an unfortunate fact that almost all of the imported Africans remained slaves for life, passing the same status to their children. Europeans simply exploited and expanded slavery that was long before practiced by Africans of their own people.
Increased hardships within the different clusters of emigrants initially posed “no threat” to the colonial elite. On the colonial mainland slave encompassed births exceeded the people’s deaths enabling in the explosion of this population. So as larger numbers of enslaved Africans poured across the Atlantic and as the number of colored labor force escalated it monumentally eclipsed all “free” white emigrants. The colonies took notice of this trend and began to exclusively pursue only white “free” slaves in fear of an increasing risk of an uprising or rebellion. History repeats itself in pure cyclic form as just this last week in Mauritania Africa guerrilla militants overthrew the country’s first democratic voted government. This is a real-world example of how cultural attitudes have an invisible connection to political consequences… In contrast, another historic story within direct genre of Colonial America I’d like to study is the history behind how Liberia was originally founded by free American slaves.
Many cultural contributions of colonial time can still be identified in lifestyle choices of today. Such a simplistic example is the subconscious application of listening to heavy (almost ritualistic in nature) rhythms of base phonemes found in rap and screamo music of today . This cultivating behavior can be traced back to Jamaican drums beat in African slave quarters as a form of rebellious opposition toward plantation owners. With my being originally from the area, I know that Jews and Germans settled Cincinnati, Ohio. Germans in particular were attracted to the region because it reminded them of the hills of home. These Germans spread their culture with the timeless independent micro-breweries which are still abundant in that marketplace today.
Another is due to the increase of shipping goods across the Atlantic enabled women of that time to find new self-expressive outlets for fashionable and decorative sense within the household can be now evidenced by fashionable channels such as QVC at the fingertips of all American women today. Interestingly, information and shipping goods themselves could also be evaluated as immigrants. Today, these immigrants have political consequence daily with globalizing economics and innovations such as the internet. Today’s multi-media is changing faces of cultures everywhere; unifying them around the globe hybridizing the world. The country’s predominant English culture did and still does place a distinct economical disadvantage in America. One good example of this is the Philadelphia Restaurant named Gino’s where unless you can correctly annunciate your order in English, you cannot place orders at all. This presents a new political stage for cultural differences between the official practices of majority and clustered immigration.
Self empowering drivers of change such as these mentioned, when explored deeper in cultural differences of immigrant culture combined with the attitudes evolved into today’s lifestyle show me that as a people we are now unfortunately merely dedicated to ourselves and our social justice agendas. I fear we are not dedicated to our country nor to community oriented prosperous opportunities as was with colonial generations ago when those who emigrated here sought to make a better future for themselves and their children. Even those who had no choice in the matter still had just as much spirit and hope of a new beginning. Such resolve; I am afraid the spirit has all too completely vanished and a subversive un-objectified sense of mobocracy and entitlement has crept into the common American mindset. Our plurist society has grown so obtrusive upon itself that In ways at times I feel I am a “new emigrant” today in my own country.
I happened across a site today that I wanted to share with everyone.
It’s called CandyStand.com it is a website by Wrigley’s and it features HUNDREDS of FREE Online Games to Play!!
They feature Sports, Arcade Games, Card Games, Puzzles, MultiPlayer Games and Trophy Games….
It’s really cool especially if you want your kids to have access to the computer but worry about what they are playing or seeing.
Bookmark CandyStand.com for them and I guarantee they (and you) will play for hours!! Oh, and did I mention there is a section where you can Play for Actual Prizes!!
I am definitely showing this to my Nephew this weekend when he comes, He’s gonna love it!!
} The Mrs {
The DataTable control provides a simple yet powerful API to display screen-reader accessible tabular data on a web page.
Im using it right now to populate a list so the user can personalize customization of the dataset at the presentation layer. Im excited because the YUI even supports Data Updates from the Presentation Layer on the user’s front-end.
So I have been experimenting and trying to extend the layer component design of the DataTable control with my own Design Patterns for a more managable web interface
all culture changes
culture is always changing
culture is a system
change in one piece others have to change
can’t change just one element
how culture changes?
innovations –> something new
e.g. invent light bulbs
changes in when you can work
changes in shift work
(work at night )
changes in cleanliness
diffusion –> borrowed from elsewhere
not something new
someone else invented it
e.g. Canada starts buying lightbulbs
similar culture changing from invention
become more similar to seller
might also find a new use for it
requires creation for electric grid
acculturation –>
adjusted and integrated new thing intoyour culture
your culture changes as a result
How change happens
resist change –>
people generally resist change
“but we’ve always done it this way”
cultural barriers
inappropriate to culture
psychological issues
sometimes culture does resist change
e.g. old order amish with electricity
sometimes creates new culture or new sub-culture
desire change –>
improvement in health
improvement in income
status
positive outcome-labor reduction
colonialism & globalism
nothing new –> always been one group
conquering guys next door
go off to live in a new place
(which may/maynot have people already )
colony –>
community owned by a bigger one
e.g. American colonies
Spanish colonies -e.g. mexico
colonization –> process of aking a colony
esp. taking people over
in modern world dont usually send people
colonialism –>
one country dominates another cultural takeover
text emphasizes government and military
we sell people things , so become dependant run thier economy rather than government
the result oh this in modern world globalization –>
rapid spread of economic /social /culture systems
not always happy about this
people with money come out on top
change runs “downhill”
from people with power money to the rest end result –> world becomes more similar
mcdonalds \ starbucks on every corner
very fast in modern world
veey rapid communication and transport
urbanization –>
people move to cities
always been happening
pushed out of rural areas by industrial agriculture
becomes big business not family oriented
needs fewer workers
“extranneous workers ” move to cities
pulled into cities
drawn by wage employment
mostly guaranteed income, more stable
not always a good thing
cities & individual agriculture both produce more pollution
slums -people without basic needs
use increasing amounts of land
diseases of development –>
urban people come into contact with environments previously on edge of cities
e.g.Lyme disease
example ;
hybrid corn (examples in text)
USDA decided to introduce a new kinds of corn to a community
send an agent familiar with local cultural
meet with farmers
everyone agrees new corn is better
yields more corn/acre for same investment
sell more corn, make more money
buy more things
initially –> great success
farmers grew corn satisfied with results
later –> stopped growing the new corn
new corn was different
people didn’t like to eat it, cook with it
next step –>
grow some old corn for themselves
grow some new corn for animals / market
http://highered.mcgraw-hill.com/sites/0072994681/instructor
On Saturday ‘A’ an I went shopping for various items for his Art Studio, The House etc…..
We got some really great items one is an Antique 1950’s Armoire for the spare bedroom which is to be delivered this Friday AM.
Another really awesome item we purchased is the PŪR® 3 Stage Horizontal Faucet Mount-Stainless Steel
It is amazing what a difference it makes in the Taste of our Drinking Water, Ice Tea, lemonade, Cooking and Much more!!
This is truly the crispest tasting water I have ever had ! There is not a bottled water in the world that tastes better than the Water this Filtration system produces.
It was so easy to install, I think it took Aaron maybe 5 minutes. It has a built in Electronic Filter Life indicator to help keep the water we drink and cook with the freshest it can be. It has a switch on it so we can use regular tap water for dishes, washing hands etc than with the flip of the switch I can fill my cooking pots for Pastas, Vegetables and more….
The 3 stage system removes 99% of Chlorine, Heavy Metals, Agricultural Pollutants, Sediment (Rust), Industrial Pollutants, and Microbial Cysts…..
I never even knew this stuff existed in our Tap water, Did you??
It turns out that all of those things that are in our drinking water are responsible for us being sick & we didnt even know it!!
Tap Water causes the Following:
Cancer
Gastrointestinal Illness
Liver & kidney Problems
Nervous System Disorders
Cardiovascular & Reproduction Problems
Blood Disorders
Learning Disabilities
High Blood Pressure
Nausea, Cramps, Diarrhea and Headaches
The unit we purchased is about $45.00 to $50.00 and the filters are $30.00 but in the long run isnt it worth it to not get any of the illness your Regular Tap water causes??
I also found out that if you have a refrigerator that has a water system on the front you may believe that water is filtered but it is not. Unless there is a Filter connected that has to be changed every 100 Gallons you are just getting Colder Tap water from your Fridge and running the risk of getting Disease.
I never knew any of this til this past weekend and I wanted to be sure to spread the news……
} The Mrs {
Its amazing to me to think I wish I was as happy and as free as this baby gorilla !!!
Theres so much hope for the world I find from his spirit in this photo !
The USS New York was built with 24 tons of scrap steel from the World Trade Center It is the fifth in a new class of warship - designed for missions that include special operations against terrorists. It will carry a crew of 360 sailors and 700 combat-ready Marines to be delivered ashore by helicopters and assault craft.
Steel from the World Trade Center was melted down in a foundry in Amite , LA to cast the ship’s bow section. When it was poured into the molds on Sept 9, 2003, ‘those big rough steelworkers treated it with total reverence,’ recalled Navy Capt. Kevin Wensing, who was there. ‘It was a spiritual moment for everybody there.’
Junior Chavers, foundry operations manager, said that when the trade center steel first arrived, he touched it with his hand and the ‘hair on my neck stood up.’ ‘It had a big meaning to it for all of us,’ he said. ‘They knocked us down. They can’t keep us down. We’re going to be back.’
The ship’s motto? ‘Never Forget’ HAVE YOU FORGOTTEN?? .bmp)
When deciding who you will VOTE for this year for President keep in mind we need someone who will not Flip Flop on a day when the country may need him the most!!
Also always take the time to thank any Military Personnel you see for their service for if they were not ‘OVER THERE’ fighting we would most certainly be fighting here!!
Your FREEDOM is a GIFT do not forget that!! } The Mrs {
Steel from the was melted down in a foundry in Amite , LA to cast the ship’s bow section. When it was poured into the molds on Sept 9, 2003, ‘those big rough steelworkers treated it with total reverence,’ recalled Navy Capt. Kevin Wensing, who was there. ‘It was a spiritual moment for everybody there.’
Knowledge-based authentication (KBA), where the user is required to prove the knowledge of a single secret in order to authenticate herself, is by far the cheapest method to confirm one’s identity. Because of its simplicity and low costs, it is one of the most popular authentication methods on the internet. By now, it has become quite natural to identify ourselves by typing in our user id and a password in order to gain access to remote resources or authorize various transactions.However, knowledge-based authentication has a number of challenges and, in fact, it has become the primary target for on-line criminals. In this paper, Daniel Nagy presents a novel approach to knowledge-based one-factor authentication that solves many problems, thwarting most common attacks against such systems, while retaining its simplicity and convenience. It is achieved by the means of identity-based public key cryptography: the public/private key pair is generated directly from the unique user id and a secret password. Both provable and zero-knowledge authentication are discussed.In financial applications, it is essential that users can accurately estimate the value with which they are entrusting service providers. (That’s what made me a believer of ING Direct) In particular, this value needs to be clearly bounded from above; the damage from any malicious or erroneous action on the service provider’s part should not exceed this limit. The proposed authentication method does not let the service provider to unilaterally compromise the user’s security with respect to other systems — a feature certainly lacking from many authentication schemes currently in use.
The proposed method has broader applications than authentication. For example, it allows for a digital signature scheme that matches paper-based signatures more closely in that the signer does not need to own any unique key
for a signature, just have access to a general-purpose signing application (a pen
) that can be shared by any number of users and know a secret that she can remember.
Overview of Knowledge-Based Authentication
Long before the invention of computers, passwords, passphrases, lock combinations and signatures became widely used means of one-factor knowledge-based authentication for gaining access to resources or authorizing transactions. The public became familiar and comfortable with such things many generations ago. In most cases, computer technology attempts to imitate these methods as closely as possible. This is reasonable, because they are results of a long evolution of ideas and sufficient experience and trust has been accumulated with them.
In the computer world, one-factor authentication based on typing a single password dates back to the first multiuser systems. Its primary shortcoming is that passwords have to be assigned in a centralized fashion; the users cannot pick their passwords themselves. Otherwise, there would be no guarantee that no two users will pick the same password: if the password picked by a new user is rejected on the grounds that it has already been taken, the user would learn someone else’s password, which is unacceptable. The probability of this happening by chance is uncomfortably high.
To mitigate against the above outlined risks, unique user ids have been introduced early on. In some cases they are centrally assigned, in other cases the user can pick one that is not already taken. But authorization requires both a valid user id and the corresponding password, meaning that learning someone else’s user id does not immediately compromise the security of the system. Some systems make them public (e.g. UNIX™), others keep even the ids secret (e.g. most on-line banks). In such systems, users can change their passwords at will, thus protecting themselves against the possibility that their secret has leaked. The overwhelming majority of current knowledge-based authentication systems follow this paradigm (user id + password). Throughout this paper, we assume that the user id is known to potential attackers.
The attacker has two options to obtain the password: he can either steal or guess it. Also, in some protocols under certain circumstances it is possible to hijack a session without knowing the password. In this paper, we consider attacks on the communication channel and on the server. There are two kinds of attacks which lie outside of the scope of our research:
It is important to emphasize, that most humans are not able to remember a large number of high-entropy passwords, while the costs of protecting them in some recorded form is often unacceptably high. Losing access because of a forgotten password also constitutes a failure condition, while rarely used passwords have a tendency of being forgotten. Actually, one of the advantages of one-factor authentication is that there is only one item to protect from both theft and loss. Thus, it would be advantageous, if the user could use the same password for many services, without giving up too much security.
Without Public Key Cryptography
In this case, at least at some point in the protocol, the user and the server share the secret password. This means that if the server has been compromised (which includes corrupt operators), the attacker immediately gains access to all the other systems, where the user uses the same password. This is a substantial security risk.
In the simplest case, the server has an authentication database relating each user id to the corresponding password. The user proves his knowledge of the password by transmitting it to the server. In this setup, even the passive compromise of any part of the system, that is eavesdropping on the communication or stealing the database results in compromised security.
Protecting either the database or the communication channel by means of symmetric (invertible) encryption does not add much in terms of security, as the key must be available on both ends, meaning that it can be stolen.
One-way encryption can protect the communication channel or the database, but not both:
The communication channel can be protected by a challenge-response protocol where the server provides the salt (which is unique for each session) for some one-way string-to-key transformation so that the terminal can perform it and send the result to the server, which can verify this result. The attacker has a very limited use of the information learned from eavesdropping, if the salt is unique for each session and the string-to-key transformation satisfies certain cryptographic assumptions. He can use it to verify his guesses of the passwords off-line. A man-in-the-middle attacker may hijack a session if the content is not integrity-protected with some MAC based on the shared secret, but cannot learn the passowrd and use it for access to other systems or this same system at a later time. However, the entire unencrypted password database can be stolen, if the server gets compromised.
Alternatively, one can store a single string-to-key transformation’s result for each user id with the corresponding salt in the database, but then the password needs to be sent through the communication channel, from where it can be stolen. This can happen either by eavesdropping the communication between the terminal and the server or by tricking the user into connecting to the attacker’s server and providing his password. Similarly to the previous case, if the authentication database gets stolen, the attacker can launch a dictionary-attack offline.
In order to hamper dictionary attacks, the string-to-key transformation should require considerable computational effort even in the legitimate direction (about half a second or so), imposing a possibly prohibitive computational cost on the attacker. This is typically achieved by iterating the same salted hash-function several thousand times. Note, however, that the search can be performed in parallel on many computers. Unfortunately, gathering enormous computational power through viral infection is uncomfortably easy, due to the lax security of most internet-connected PCs.
Public Key Cryptography to the Rescue
The most widespread use of public-key cryptography on the web is site-authentication through SSL, coupled with a secret key negotiation for protecting the communication channel. As seen in the previous section, one can protect the database using salted and iterated one-way string-to-key transformations. Thus, eavesdropping the communication or stealing the authentication database do not reveal the password to the attacker.
However, if the attacker succeeds in decieving the user to connect to its server, the password gets delivered on a silver plate. Since verifiing the site’s authenticity requires effort on the user’s part, one can always find some users who do not go through all these hoops. This is known as “phishing” and has become one of the most damaging criminal activities on the internet.
Also, there is nothing to prevent the server’s corrupt administrator from logging the entered passwords and selling them on for profit. If the password gets used on a different system (remember, many people use the same password for accessing different systems), it is next to impossible to find the source of the leak.
In a more sophisticated authentication method (used, for example, by HushMail™ [Hush]), the server has the user’s private key encrypted with a symmetric key derived from a password using a one-way string-to-key transformation and the public key in clear text in its authentication database. In order to authenticate, the user sends a unique id, the server answers with the encrypted private key, and from that point on the user signs every request with her private key. In case of HushMail™, the unique id serving as key to the encrypted private key database is also derived from the password, providing some preliminary authentication.
This solution, if the private key is generated and encrypted on a trustworthy terminal, prevents the server from ever seeing the user’s password and forces the attacker to attack either the symmetric cipher protecting the private key or the public key itself. A good string-to-key transformation may slow down off-line dictionary attacks against the symmetric key.
It is very important to provide appropriate integrity protection for the private key, for otherwise a malicious server or an active attacker can mount an attack by tricking the user into signing with something else than her private key, and then infer her true private key from the resulting signatures. For example, the OpenPGP encrypted private key packet does not provide appropriate integrity protection. [Klima, Rosa]
Curretnly, such systems are implemented by passing a java applet to the client, providing another point of attack. In theory, however, this kind of authentication could be standardized and the necessary software installed on the terminals (e.g. as part of the web-browser). But this system has some drawbacks, too.
In fact, it is not a one-factor knowledge-based authentication but a faux two-factor knowledge and possession based authentication, where the “possession” part is stored by the server and given to the — yet to be fully authenticated — user. Thus, the security of the system depends on the security of the password, the security of the symmetric cipher and the security of the public key system together. The compromise of any one of these leads to the compromise of the security of the system. The loss of the password by the user or the encrypted private key by the server will lock the user out. Also, since the authentication is interactive, it can only be used over a duplex communication channel, even for one-way communication.
Finally, as counter-intuitive as it may sound, regularly changing the password in this setting results in deteriorating security: since the encrypted private key is given to the user before authentication, the attacker can collect the private keys encrypted with all the passwords and it suffices to break only one of them. In order to mitigate the risk of cracked passwords or public keys, the whole key has to be changed.
Therefore, the system is not pareto-secure [Grigg], since it can be improved without any tradeoff, as demonstrated in the next section.
String to Key Pair
One can eliminate the symmetric cipher from the above scheme and generate the public/private key pair directly from the passphrase by seeding a secure pseudorandom number generator with the user id and the password. Since the signing operation can be expected to be performed on different implementations, it is beneficial to use a digital signature scheme that does not have a subliminal channel, in order to prevent malicious implementations from leaking the secret key though signatures. For this reason, and its good reputation in the cryptographic community, I suggest the RSA signature algorithm.
This decreases both costs and risks of the defender compared to the stored encrypted private key scheme, while not decreasing the cost that it imposes on the attacker. The cost of storing encrypted private keys with high levels of reliability and integrity by the security provider are removed, as are the risks of successful attacks (of any kind) on the symmetric key encryption used to protect the private keys.
Since generating an RSA key pair requires a large amount of random data, it is instrumental to use a fast, yet secure pseudo-random number generator. The key-stream generator of the RC4 stream cipher is a good choice, if we discard the first 256 bytes, as suggested by RSADSI, to overcome the weakness of the key schedule. As the generation of an RSA key takes a considerable amount of time anyway, there is no reason for an additional string-to-key transformation; one can key the RC4 keystream generator directly with a concatenation of the user id and the password, with a unique separator in between and a unique terminator in the end, to prevent collisions. For separation, I suggest the line-feed character (ascii 0x0A), since it cannot be entered from the keyboard anyway at an arbitrary position. For the same reason, I suggest the C string terminator (ascii 0x00) for termination. Non-ascii characters should be encoded in UTF-8. Of course, this limits the user id and the password to 254 bytes, but for most purposes this is enough.
Another important consideration is the key size (N). The amount of required random data is roughly proportional to the square of the key size, as the expected number of discarded prime candidates before finding a prime is proportional to the length of the prime. So is the number of required primarily tests, which is the computational bottleneck in a pure software implementation. Thus, the time required for generating a key pair from a string is clearly super-linear in the key size. While the system can be attacked both on the public key level and on the password level and both attacks become more difficult with the increased key size, as the password can only be verified by checking whether or not the resulting first prime is a divisor of the public modulus, increasing the key size is not necessarily a rational decision.
The other parameter affecting security is the entropy of the password (H). The computational effort to break the password exceeds O(2HN). The computational effort to factor an RSA modulus is currently believed to be in excess of O(2N/8). It is clear that beyond some sufficiently large N, further increasing the key size strengthens the public key much more than the password to the point that increasing the password entropy becomes the rational choice.
Most humans can comfortably memorize a password with approximately 50 bits of entropy, especially if it is used on a regular basis. Factoring 1024 bit numbers seems to be on the far edge of feasibility for the forseable future. Using 1024-bit keys, verifiing a password takes about a second on a modern PC. Thus, a million PCs deditcated to cracking our password would finish in about 35 years. This is about the same order of magnitude as the factorization of 1024-bit numbers. Remember, that this is a signature key, not an encryption key, so if it expires before it gets cracked, it cannot be abused. Thus, using 1024 bit keys and changing them together with the passwords each few years appears to be a balanced, secure decision.
Generating an RSA key pair involves generating two N/2 bit primes. If these primes are congruent to 3 mod 4, the public modulus will be a Blum integer. The advantage is that the best known zero-knowledge proof of factorization of Blum integers is a lot more efficient than the best known zero-knowledge proof of factorization. Thus, we propose the following method for generating an N or N-1 bit RSA key, where N is divisible by 16:
0x0A separator, the password and the 0x00 terminator.Calculating the optimization parameters is superfluous in most cases, as a signature operation is performed only once after generating the key (remember that the key is generated each time from the user id and the password), so we cannot gain anything by precomputations.
If the public key is available, the generation of the private key can be sped up by obtaining q by dividing the public modulus by p in step 6, rather than generating it from the keystream. This saves about half the time.
A pure java implementation of the above algorithm with N=1024 and e=65537 takes typically 15 seconds on a 500MHz PC. If the public key is available then half that time. In C, it is about an order of magnitude faster.
The resulting key pair can be used both for provable authentication through a signature and for zero-knowledge authentication in a very efficient manner.
Most public key infrastructures (PKIs) support RSA keys, thus such a key can be certified using any of these. Both OpenPGP and X.509 certificates can be supported with such a system.
Provable Authentication
Using the above key-generation process, one can RSA-sign each request to the server, as described in [PKCS#1]. The server can then verify whether the signature is correct and whether the request is not a replay of an earlier one. This is in direct analogy with the numbered and signed deposit and withdrawal slips used by banks for centuries.
Such a signed request constitutes a proof to a third party. This is desirable in many applications.
Since the RSA signature protects the integrity and the authenticity of the request, there is very little an attacker can do to make illegitimate requests on the legitimate user’s behalf.
When registering for the service, the user generates the key pair using the above procedure and registers with her public key. It is worth noting that the service provider does not need to know how the public key was generated and how the user obtains the secret counterpart. Thus, the same server-side interface can be used for both one-factor and two-factor authentication.
Note, furthermore, that the registration and/or certification of the public key can happen after the first signature(s), just like in the case of paper-based ones. There is an important difference, however. Until the public key becomes available, there is no easy way to verify that two documents have been signed by the same person. Thus, it is recommended to transmit the public key with each signature, if deferred registration is allowed.
If the integrity of the communication-session is sufficiently protected by some other means, this same key can be used for zero-knowledge authentication as well (see e.g. [Freige, Fiat, Shamir] for details), when the service provider, while being satisfied about the identity of the user, is left with no third-party proof. This is analogous to verbal pass-phrases for accessing a secret bank account. Of course, this rules out any kind of arbitrated dispute resolution.
Using the same public key for provable and zero-knowledge authentication significantly simplifies the key-distribution problem.
We have presented a cryptographic technique that matches the standard procedures already widely used in the banking industry: the use of signed deposit and withdrawal slips to initiate transactions and that of proving identity without leaving evidence. As has been pointed out to me by a bank employee, performing authorization after having the request communicated is instrumental to security. This practice commonly followed in traditional banking and almost completely ignored in on-line financial services allows the security service to learn about an attacker’s intent before the successful impersonation and aids detecting and assessing the nature of the attack while still in progress. The proposed technique, in the author’s opinion, stands good chance of acceptance because it is more analogous to security procedures that people are familiar with.
As building blocks, we have used time-honored cryptographic primitives and algorithms. The costs of assessing the security of the proposed technique should be acceptably low, as a large body of past experience can be leveraged. Similarly, the development costs of secure implementations are lowered by the fact that it can be built from pre-existing building blocks. The integration into existing systems can and should be facilitated by standards-compliance whenever possible.
References
Shameless I know but it increases visibility of our site……
Plus Vivienne and Knox are the cutest little things aren’t they??
Spend money on these issues of People & Hello Magazine proceeds from the $14 Million
Brad Pitt & Angelina Jolie made from these pics is going to charity!
Bravo, Jolie-Pitts for your never ending pursuit to Pay it Forward!! ….and your quest to repopulate the world….LOL
} The Mrs {
