### 25.3.06

## that's what they said

"Over our lifes preside the great twin leitmotifs of the 20th century - sex and paranoia"

J G Ballard - Introduction to 'Crash'

"I mean it would be a sad life if you'd never fallen in love. And a far happier one if you only had to do it the once."

One of The Stranglers, Guardian

"A person falling intp a manhole is rarely helped by making it possible for him to fall faster or more efficiently."

Joseph Weizenbaum - 'Computer Power and Human Reason'

J G Ballard - Introduction to 'Crash'

"I mean it would be a sad life if you'd never fallen in love. And a far happier one if you only had to do it the once."

One of The Stranglers, Guardian

"A person falling intp a manhole is rarely helped by making it possible for him to fall faster or more efficiently."

Joseph Weizenbaum - 'Computer Power and Human Reason'

## geometric proof that the sum of the cubes is equal to the square of the sum

### 17.3.06

## Secure hashing

In mathematical terms, a secure hash function is a function f from the natural numbers {1,2,...} to some finite subset of the natural numbers, which may as well be {1,2,...,n} (and usually is in practice). A secure hash is characterised by the fact that it's very difficult to find f^(-1), the inverse function. In fact in practise the only way to find f^(-1){k}, the set of numbers which map to some number k, may be to go through all the natural numbers, working out the hash of each one. Of particular importance is that it should be computationally unfeasible to generate a 'collision', or two values whose hash is the same.

Hashes have many cryptographic applications. The canonical example is the method for tossing a coin or making a similar decision over a communication line. Suppose that two people, Alice and Bob, want to play chess by email. Chess is a good game for this, because no information is kept secret from either player. The only problem Alice and Bob have is in deciding who will start. Usually chess players do this by one of them hiding a pawn of either colour in their closed hands, and the other choosing a hand. They can't do this by email, unless the one that guesses trusts the other to tell the truth. Similarly, if one of them tosses a coin, the other will have to trust them to accurately report the result.

A good way to do it is to proceed as follows; Alice chooses either Black or White. She writes this in a text file:

and adds a few junk characters to the file:

Then she turns this string of symbols into a number. She can do this in lots of standard ways computers use to represent text as numbers. In ISO-8859-15, a very common computer alphabet, the text file translates to the number

which is expressed in hex or hexadecimal notation, using 16 digits, 0-9 and a-f, instead of the usual ten.

She then finds the hash of this number. If she does it using a very standard and simple hash function, MD5, she'll end up with a number between 0 and 2 to the power of 128. In this case she gets

again in hex. She sends this number to Bob. Then Bob writes back, guessing whether Alice's chosen colour is Black or White. Let's say he guesses White.

Alice writes back to him, letting him know that he has got it wrong. She includes the original text that she took the hash of, "Blackqwertyuiopxxxx314159hellohello". If Bob doesn't trust her, he can check that the hash of this message is the same one that he received from Alice.

The security of this procedure rests on two properties of the hash function. Firstly, it's effectively impossible for Bob to recover Alice's text file from the hash, to find out whether it includes the word 'Black' or 'White'. The only way he could try and do this is to work out the hashes of as many text files as possible which include these words and compare them to Alice's hash. But Alice can easily thwart this strategy by adding more junk characters to the file, so that it becomes impossible for Bob to check enough possibilities. Bob's strategy also doesn't allow for false positives, when he might find a text string different from Alice's including the words Black or White, which purely by coincidence has the same hash as Alice's.

Secondly, it's also impossible in practical terms for Alice find a collision; two strings, one including 'Black', and one including 'White', which have the same hash. If she could do this, she could send that hash to Bob, and then send him the text string containing the opposite colour to the one he picks. To do this, she would have to check an enormous number of strings containing both words, until she found one of each with the same hash. Bob can try and make this difficult for her by insisting that she include other information specified by him, such as the date, in the original message. This limits Alice's search for a collision, and stops her from reusing the results of her search in subsequent games.

Hashes have many cryptographic applications. The canonical example is the method for tossing a coin or making a similar decision over a communication line. Suppose that two people, Alice and Bob, want to play chess by email. Chess is a good game for this, because no information is kept secret from either player. The only problem Alice and Bob have is in deciding who will start. Usually chess players do this by one of them hiding a pawn of either colour in their closed hands, and the other choosing a hand. They can't do this by email, unless the one that guesses trusts the other to tell the truth. Similarly, if one of them tosses a coin, the other will have to trust them to accurately report the result.

A good way to do it is to proceed as follows; Alice chooses either Black or White. She writes this in a text file:

`Black`

and adds a few junk characters to the file:

`Blackqwertyuiopxxxx314159hellohello`

.Then she turns this string of symbols into a number. She can do this in lots of standard ways computers use to represent text as numbers. In ISO-8859-15, a very common computer alphabet, the text file translates to the number

`426c61636b71776572747975696f707878787833313431353968656c6c6f68656c6c6f`

which is expressed in hex or hexadecimal notation, using 16 digits, 0-9 and a-f, instead of the usual ten.

She then finds the hash of this number. If she does it using a very standard and simple hash function, MD5, she'll end up with a number between 0 and 2 to the power of 128. In this case she gets

`0e42633f6c2f4003652482b2c907a157`

again in hex. She sends this number to Bob. Then Bob writes back, guessing whether Alice's chosen colour is Black or White. Let's say he guesses White.

Alice writes back to him, letting him know that he has got it wrong. She includes the original text that she took the hash of, "Blackqwertyuiopxxxx314159hellohello". If Bob doesn't trust her, he can check that the hash of this message is the same one that he received from Alice.

The security of this procedure rests on two properties of the hash function. Firstly, it's effectively impossible for Bob to recover Alice's text file from the hash, to find out whether it includes the word 'Black' or 'White'. The only way he could try and do this is to work out the hashes of as many text files as possible which include these words and compare them to Alice's hash. But Alice can easily thwart this strategy by adding more junk characters to the file, so that it becomes impossible for Bob to check enough possibilities. Bob's strategy also doesn't allow for false positives, when he might find a text string different from Alice's including the words Black or White, which purely by coincidence has the same hash as Alice's.

Secondly, it's also impossible in practical terms for Alice find a collision; two strings, one including 'Black', and one including 'White', which have the same hash. If she could do this, she could send that hash to Bob, and then send him the text string containing the opposite colour to the one he picks. To do this, she would have to check an enormous number of strings containing both words, until she found one of each with the same hash. Bob can try and make this difficult for her by insisting that she include other information specified by him, such as the date, in the original message. This limits Alice's search for a collision, and stops her from reusing the results of her search in subsequent games.

### 11.3.06

## "What would Joe Strummer do?"

(seen on a sticker at a bus stop)

### 8.3.06

## American pit bulls, or coursework for school

We may be known as a nation of couch potatoes, but it seems that Britons are grasping the 21st century with both hands: we now spend more time watching the web than watching television, according to internet giant Google.Guardian

A survey conducted on behalf of the search engine found that the average Briton spends around 164 minutes online every day, compared with 148 minutes watching television. That is equivalent to 41 days a year spent surfing the web: more than almost any other activityapart from sleeping and working.

who are these people who spend less time online than they do sleeping or working? c'mon guys, a properly balanced lifestyle is 8 hours of each!

### 7.3.06

## currently listening to

sploitcast, a radio show about computer security, whatever that is. they talk to a few interesting people and (unlike the good boys of LUGradio) let them ramble on for as long as they like about their subject of expertise, be it magnetic card cloning, google's token authentication, or 'phishing' attacks.

the main guy is called harrison, has a lovely east coast voice, and is also a mathematician.

the main guy is called harrison, has a lovely east coast voice, and is also a mathematician.