Li Bai

In 2011, Facebook began requiring an SSL certificate for domains when viewing Facebook Page Application Tab or Canvas Page. An SSL certificate is now required on all sites in order to create interactive pages. Once an SSL certificate is obtained and put into play, the application can be viewed and interacted with within the Facebook framework itself giving the appearance that the application is being run within Facebook itself.

I’ve downloaded Facebook’s certificate from their site, extracted the fingerprint which I provided below.

SHA1 Fingerprint=45:BF:EE:62:8E:EC:0B:A0:6D:FB:86:0C:86:5F:FD:B7:15:02:A5:41

Amazon (https://www.amazon.com/gp/css/order-history?ie=UTF8&ref_=nav_youraccount_orders&amp😉

Thumbprint: ‎56 55 ef 6f ac 0a bd 86 d9 d3 09 70 be bc c6 33 e3 4b 05 e5
Thumbprint algorithm: SHA1
Issuer: VeriSign, Inc

Walmart (https://www.walmart.com/cservice/ya_index.do)

Thumbprint: ‎e3 ef c9 26 85 f3 ce ef 97 b5 60 88 ff ce 4b 70 92 17 86 01
Thumbprint algorithm: SHA1
Issuer: VeriSign, Inc

http://www.gmail.com

issuer: Google Internet Authority G2
Valid from 10/8/2014 to 1/6/2015
thumbprint algorithm :sha 1
thumbprint: ‎41 58 38 eb ef 83 5f c8 84 7e 69 b9 7d 41 df 6c 6f dc 43 66

MSN ceritificate
Valid: 10/27/2008 to 2/9/2017
Hash Algorithm: sha1
Thumbprint certificate: ‎5a 2b c5 7b 0d a9 47 f8 67 d2 0a dc e5 58 2d ce 8a 06 14 9e

developer.apple.com

SSL Client Certificate
SSL Server Certificate

Issued by: VeriSign Class 3 Extended Validation

Valid from 7/21/13 to 7/22/15

Fingerprint: SHA-256 – 4F:A0:D4:94:15:92:54:ED:9A:E8:CE:18:0E:7B:5A:E4:8E:BF:39:56:1E:1F:A6:7D:98:41:50:D3:68:C8:F5:6B
Fingerprint: SHA1- 82:14:68:1D:6A:B1:04:0A:98:9A:C7:A0:6C:10:16:A2:EF:45:0B:01

KMPG:https://www.kpmg.com/US/en/Pages/default.aspx
Fingerprint: =D9:4F:C4:2F:80:C5:DD:84:1F:AA:F3:97:14:A7:70:A5:82:B1:6E:F3
Signature Hash Algorithm: SHA 1
Thumbprint Algorithm: SHA 1
Issuer: Cybertrust Public SureServer
Valid from April 16, 2014 to April 16, 2015

CN = *.kpmg.com
OU = KPMG
O = KPMG LLP
L = Montvale
S = NEW JERSEY
C = US

HMAC in Amazon web service
Hash-based message authentication code (HMAC) is a mechanism for calculating a message authentication code involving a hash function in combination with a secret key. This can be used to verify the integrity and authenticity of a message.
This is the main authentication method used by Amazon Web Services. To use this form of authentication you utilize a key identifier and a secret key, with both of these typically generated in an admin interface.
It is very important to note that one of the BIG difference with this type of authentication is it signs the entire request, if the content-md5 is included, this basically guarantees the authenticity of the action. If a party in the middle fiddles with the API call either for malicious reasons, or bug in an intermediary proxy that drops some important headers, the signature will not match.
The use HMAC authentication a digest is computed using a composite of the URI, request timestamp and some other headers using the supplied secret key. The key identifier along with the digest, which is encoded using Base64 is combined and added to the authorization header.
Following are Amazon implementation over normal user names and passwords:
1. HMAC authentication guarantees the authenticity of the request by signing the headers, this is especially the case if content-md5 is signed and checked by the server AND the client.
2. An admin can generate any number of key pairs and utilize them independent of their Amazon credentials.
3. These are computed values and can be optimized to be as large as necessary, Amazon is using 40 character secrets for SHA-1, depending on the hash algorithm used.
4. This form of authentication can be used without the need for SSL as the secret is never actually transmitted, just the MAC.
5. As the key pairs are independent of admin credentials they can be deleted or disabled when systems are compromised therefor disabling their use.

This article “BitTorrent’s Encrypted P2P Chat App Bleep Opens To The Public, Adds Mac, Android Clients” ( http://techcrunch.com/2014/09/17/bittorrents-encrypted-p2p-chat-app-bleep-open-to-the-public-adds-mac-android-clients/ ) discusses a Peer-to-Peer (P2P) file distribution service called BitTorrent is announcing the availability of Bleep, an encrypted P2P chat app for voice calls and texts which is still in alpha phase though IOS and Android apps are now available for download along with the already existing Windows download. Bleep uses a server-less architecture built around a distributed hash table (DHT). Users sign into the service using their email, mobile telephone number or “incognito mode” (no personal identifiable information is necessary. The Bleep project manager Farid Fadale reports that it is being continually upgraded for better scale while it’s still in Alpha mode.
This article “St. Louis Police scramble radio traffic when protestors listen in” ( http://fox2now.com/2014/10/10/st-louis-police-encrypt-radios-to-keep-tactical-info-secret/ ) discuss the St Louis Police encrypting their radio conversations after learning protestors were listening to local radio traffic with cell phone apps. In recent instances, tactical information being relayed to officers was compromised. Such details about officer action were being shared over social media sites putting officers as well as the public at risk. Unfortunately this article doesn’t go about giving any information of what method of encryption is being used.

Addition to my post:
Both articles, have one important subject in common, the need for privacy. The P2P BitTorrent article seems more of protecting the personal privacy side of things and the St. Louis article, a more physical protection whereby eavesdroppers find out a location, notifying other parties and possibly putting the situation in more of a riot mode.

I came across this article when searching data integrity. The article highlights a strong need for data integrity in health information exchange.http://www.healthcareitnews.com/news/data-integrity-essential-hies-ahima-says

Also, something caught my eye on Security week, the article talked about smart meter are widely considered to be vulnerable

I came across this article when searching data integrity. The article highlights a strong need for data integrity in health information exchange.Link: http://www.healthcareitnews.com/news/data-integrity-essential-hies-ahima-says

Also, something caught my eye on Security week, this article talked about smart meter are widely considered to be vulnerable to false data injection. http://www.securityweek.com/smart-meters-widely-considered-vulnerable-false-data-injection

Mi article specifically talks about how salesforce uses security. It gives an example of how the company uses MD5 and hash function to secure its data exchange within the cloud. http://goo.gl/MYY3r

I found a commercial use of hash functions in Oracle databases.

The article says that when the Oracle kernel architects needed a search algorithm, they had many different options to choose from. Search algorithms can use either an authoritarian approach or a more discussion-based approach. For example, when determining a SQL execution plan, the simplest approach is to pick a very authoritarian algorithm.

Hashing algorithms are used when Oracle needs to determine if a block is in the buffer cache or when it needs to know if a SQL statement is in the library cache. Hashing is lightening fast and requires only a small amount of memory as opposed to a large amount of disk space or CPU time. There is basically a simple calculation, a jump to a memory location, and then hopefully a short in-memory sequential search.

Here is the article with the details.

http://searchoracle.techtarget.com/tip/Why-Oracle-hashing-is-so-cool

_______________________________________________________________________________________________________________________________________

Another application of hash algorithms in the industry is with Bitcoin.

The application most relevant to Bitcoin is called “proof-of-work,” which is a way of proving to someone else that a certain amount of computational work was expended.

If someone chooses a word at random (say, “doppelganger”), and you respond with a piece of information whose hash happens to be “doppelganger,” (or a string ufficiently similar to it) then they know that you spent a lot of time guessing before you finally found a piece of information that worked. Thus, they have proof that you executed a certain amount of computational work. This can be used to prevent email spam, by forcing anyone trying to send you an email to complete a small proof-of-work based on their email address, your email address, and the time.

In Bitcoin, proof-of-work is used to prevent people from lying. It works like this: when a miner wants to add a block of transactions to their ledger, they take the whole block chain, and add the latest group of transactions to it. They then hash it all together, and start doing the proof-of-work for that value – guessing values to hash to try to find a new value that’s sufficiently close to the target value. While they are doing this, miners all over the world are doing exactly the same thing, competing to be the first to find a proof-of-work that’s “good enough” in exchange for their service, and their successful block is distributed to all the other miners, and becomes a permanent addition to the block chain.

This is the link with the explanation:

How Does Bitcoin Work?

http://macperformanceguide.com/blog/2014/20140611_1804-diglloydTools-IntegrityCheck-data-validation.html
This article speaks about how hash is used to point to hidden files on a system for comparison. A user can copy a file and store it as a hidden copy for later comparison. The hash points to the hidden file and the previous file as well as the copies that follow no matter the number. This can be used for personal use but in a commercial environment this allows for quick and simple comparison allowing to see if the data or file has been altered in any way.

http://bioinformatics.oxfordjournals.org/content/26/18/i414.full
Also this article speaks about mapping DNA structures and essentially cataloging them using a hash table. A hash table uses a hash function to compute an index into an array in which the correct value can be found. In relation to integrity the hash can point to a specific structure and compare to see if it has changed, but more specifically uses compact reference points that represent enormous amounts of data which allows for a much faster search process.