公钥加密

各种加密方法大体可以分成两类,一类是对称加密,另一类是非对称加密。

凯撒密码是对称加密中的一种,他的加密方法是把A变成B,把B变成C,于是解密的时候只要把字母替换回来就行了。也就是说,任何知道加密方法的人就可以解密。

RSA是一种非对称加密算法,他的特点是任何人都可以加密,但只有我可以解密。做个比喻,人人都可以把锁头扣上,但只有拥有钥匙的人可以开锁。这个分发出去的用于加密的东西叫做公钥,也被称作证书。而留在自己身边的“钥匙”就是私钥,是绝对不能被第二个人拿到的。

于是乎,你可以把公钥发给别人,别人把数据用你的公钥加密后传给你,你用私钥解密后阅读。在这个过程中,任何人截取到数据都是无效的,因为它没有你的私钥。

RSA还有一个特点,就是可以用私钥加密,用公钥解密。你会问,公钥人人都能拿到,相当于人人都能解密,那这样加密有什么意义呢?意义在于,它可以作为身份验证。用私钥加密的过程叫签名,而验证签名就是用对应的公钥解密。因为为只有用对应的私钥签名的文件才能用公钥解密,既然它可以用公钥解密,就一定是由对应私钥签署的,而私钥只有你有,于是这份文件就一定是你发布的。网络上的HTTPS就是依靠着个。一般来说,用私钥加密的都是MD5、SHA1 之类的,加密原文太耗系统资源。

对付这种非对称的加密方式,有一种叫做“中间人攻击”的攻击方法,它会使双方之间的通信完全暴露。我就偷懒不写了,大家自己找资料。

Sync with iDevice on Linux

It's a bit hard to connect an iDevice with Linux because Apple is not so open and we have to use iTunes to sync with our iDevice for a long time. Luckily we now have a set of tool so that we can control our device on linux. The most important two library are libimobiledevice(libiphone) and libgpod.

libimobiledevice, like it's name, is a library who provides the interface to access the iDevice. It provides a higher level of access such as photo, bookmark, install/uninstall softwares and even sync music. And it doesn't need jailbreak.

What I want to mention is how musics synchronized with an iDevice. Under the iTunes folder (You may never seen that before. That's ordinary.), there's a file called iTunesDB. That's the file which libgpod really works with. This file contains the name of songs, singers' names, your play lists and so on. Unfortunately, because Apple don't want it be modified by any programs except iTunes, they add some hash info into the file. If iPod found the hash is incorrect, it refused to display the songs. There was once a project called iPodHash, but it seems to be die due to a DMCA notice. Apple engineers have changed the hash algorithm for several times and the latest version haven't been reverse-engineering, as a result, now we can only sync with a old version of iOS.

If your iDevice is jailbreaked, you can change a key called DBVersion(Sorry, I forgot where it is.). It tells iPod which version of hash algorithm it should use so we could use a known hash on new iOS. This process depends on libimobiledevice too. It only support to sync with iOS 4 or older. That means it's useless even if you changed DBVersion on your iOS5 device. By the way, you may will not find a iTunesDB file but a iTunesCDB instead. It's a compressed version of iTunesDB using zlib.

I feel so sad that such a project is closed and now I can only sync with my iPod on Windows.

How to solve the "Connection Reset" problem

考虑到安全原因,这篇文章用英语写成。如果你没有足够的勇气读完它,请自觉退出。

This article is written mainly for those people in China. Be sure you are enough familiar with what you are reading and what you try to do.

================================================================

As we all known, in China mainland, we cannot visit sites like YouTube Facebook Twitter. And the Google sites are out of service frequently. It's because the Chinese government used some technical methods to prevent us from visiting them. The government has setup a system to do this. It's called the Great Firewall of China (GFW). This system keeps look on the gateway export. And if it finds something unusual. It will stop the connection.

The system usually inject a RESET into the TCP connection. To prevent this, we can use HTTPS(The S means Secure) instead of HTTP. So the system can not inject the RESET any more. It's easy to perform. You just need to replace the "http://" part of a URL with "https://". And the URL will look like this "https://www.facebook.com". Most of the sites support a HTTPS connection.

Unfortunately, this will not always works. Because the system also used another method called "DNS Redirection". As we all known, the computers on the Internet are identified by IP address. But human can't remember them easily. So we use some meaningful phases called "Domain". Some computers on the Internet provide the kind of service to translate the domains to IP address which is the only form computers can recognize. They are called the "DNS Server". DNS Redirection is that the DNS servers won't return the correct IP address (usually were instructed to do so) so that we can't visit the particular sites.

Luckily, we can assign an IP to a domain manually. That's the function of a file called hosts. There's a project called smarthosts on Google Code. It provided a set of IP address you may use. Paste them to your local hosts file and enjoy the Internet.

I will write more about the Internet censorship and how to avoid it. Check back later.