Blogs to follow

I have created a repository that has an OPML file containing an assorted list of different blogs that are worth following.

Majority of the blogs are related to Cryptography, CTF write-ups, Mathematics and a bit of Physics (Quantum computation, cryptography).

Just import the OPML file to your favourite RSS reader and it will work out-of-box. It might be the case that some of the blogs are no longer maintained actively by the author(s).

Contributions to the list are highly welcomed ūüôā

Github Repository

Advertisements

April Fool — Cryptographers way

1st April is the day on which no information can be easily taken as fact and is also the day where pranking or fooling anyone tends to bring laughter rather than angry stares.

Yesterday, some of my friends were commenting how many people from different science streams have played elegant¬†pranks on their respective communities¬†and surprisingly (or unsurprisingly) they claimed that Cryptographers have never played any good April fool. Cryptographers have had their own share of April Fool incidents, maybe not as geeky as Google’s annual April fool (I loved the Quantum code testing*); but Crypto April fools have a certain stroke of brilliance in them that cannot be compared to others.

This year PHC (Password Hashing Competition) mailed the following to everyone, sharing this since not many seem to be aware:

After over two years of in-depth analysis and careful deliberation, today the panel is pleased to announce that LM Hash has been unanimously selected as the winner of the PHC. To many panel members, the choice was obvious.

Selection criteria includes the following, in no particular order:

– LM Hash leverages the well-studied and proven DES block cipher.

– Most users only select passwords that are 6 ‚Äď 8 characters long, so LM Hash‚Äôs¬†14-character limitation is more than reasonable for the majority of use cases.

РLM Hash is not case-sensitive, reducing the number of password reset requests and Help Desk tickets that result from users not remembering their precise passwords.

РMost LM Hash values have already been pre-computed and made publicly available, reducing load on authentication servers.

РLM Hash does not require the use of salt, which aligns with the American Heart Association’s guidelines for a low-sodium diet.

РLM Hash requires little energy to compute, thereby contributing to environment-friendly authentication systems.

As a Microsoft employee, Marsh Ray was the most vocal advocate for LM Hash, noting that Microsoft, IBM, and 3Com have had support for LM Hash since 1988. Alexander Peslyak added that LM Hash is the ideal PHC winner since it’s already well-supported in John the Ripper. Jeremi Gosney and Jens Steube were quick to agree, noting that LM Hash has all of the qualities they desire in a password hash.

Comparing LM Hash to other PHC finalists:

РUnlike LM Hash, Argon and Catena are resistant to TMTO, wasting valuable CPU cycles.

РBattcrypt uses Blowfish, which was developed by that charlatan Bruce Schneier. LM Hash uses DES, which was developed by IBM and the NSA. Which do you trust more?

РLyra2 relies on a sponge for security, which is by definition full of holes. LM Hash relies on a block cipher. Blocks don’t have holes.

– Pufferfish encrypts the palindrome “Drab as a fool, aloof as a bard.” LM Hash¬†encrypts the string ‚Äúkgs!@#$%‚ÄĚ, saving the user 24 bytes.

– LM Hash is far simpler than yescrypt! It can be described in one line,¬†whereas yescrypt can’t even be described in one book.

– Unlike Makwa, LM Hash is post-quantum!

– Parallel was designed by Steve Thomas, who you can’t trust to hash your¬†password. LM Hash wasn’t designed by Steve but by trusted Microsoft experts.

Being the choice of foremost thought leaders in the field, LM Hash is already a success:

РLM Hash will appear in the next Gartner Magic Quadrant for state-of-the-art password hashing.

РAcademic researchers have started applying for grants in order to investigate security proofs of LM Hash in the related-password model under relaxed misuse-resistance assumptions. Leading researchers already expect breakthrough indifferentiability proofs in the ideal cipher model.

РA new secure messaging application will generate one-time-pad masks from user passwords using LM Hash, promising higher security than legacy solutions such as TextSecure.

Rating in terms of other April fool stuffs around, I would easily rather this as first for sure. And since this post is about April fool another good prank played by a Professor on his student can be watched below:

 

*Google announced that it had successfully modeled all possible states of software using quantum superposition techniques.

Ideal e-voting system

Long time since last post; but the reasons as always being that I am busy trying to get in rhythm, learning to cook efficiently ūüėõ and so on..

Recently Australia had its first experiment with e-voting, which while good¬†doesn’t exactly fits the ideal description of what is expected from e-voting schemes. I myself am not a firm believer in the e-voting systems. The main problems that are not answered, which according to me as the bases of any voting scheme, are the properties of Verification, Privacy and Classification

  • Verification:¬†How to verify if votes casted had lead to legitimate elected candidate? How is it possible for voters to verify if the person elected was indeed from majority?

Example: In a classical voting system, a voter puts a vote on paper, folds it and drops it inside the designated box. In this case, a voter knows for sure that his/her vote is being considered and would be counted in the final outcome. Furthermore, the voter can also be assured that the vote cased is a real and valid vote. This verifiability property seems to be missing from e-votings. Although it is worth noting that many protocols do offer this property where the voter can check his/her vote against final tally. (Estonian voting protocols are prime example)

  • Privacy:¬†In¬†an ideal voting system a voter will be free from social aspects of voting i.e. from the pressure of friends, family and society in general. In classical setting, a voter is free (theoretically*) to vote as there wont be anyone peeking over the shoulder of the voter or a family verifying that it is voted for bias voting. In e-voting, this scenario seems unlikely! How and when would be voter cast a vote such that he/she is not being influence by social environment or is isolated enough to cast a vote that is in a sense anonymous. Given this situation, e-voting makes a very bad candidate for a democratic e-voting system.

Some protocols do exist that allows for the voters to re-cast votes and the last vote casted is considered as a valid one. But that does not exactly provide a optimal solution.

  • Classification:¬†How would a vote that been nullifies be verified as being intentionally nullified or due to some technical glitch?

Example: (Valid for India) Whenever a voter wants to decline voting due to no suitable candidate standing for the election, then he has two options:

  1. Declare that at the polling station which might possible earn him retribution from the winning candidate after the election session.
  2. (in case of Ballot paper)To invalid the vote by stamping (casting vote) at odd location or stamping more than one candidate.

This option of invalidating the vote (and remaining anonymous), besides not casting the vote, seems to be missing in e-voting.¬†Furthermore, current e-voting systems are also not being ‘democratic’, so to speak.

* Theoretical in a sense that there are lots of realistic stuffs that do infact influence the voting outcomes (Bribing, fake-voting, vote-for-money…)

Apostille by MEA (Ministry of External Affairs), India [PART 2]

This is in continuation of my previous post Apostille by MEA (Ministry of External Affairs), India [PART 1].

This information is current as of April 2nd 2014 and applicable for educational documents ONLY.

The following is true for Maharashtra State Government. State attestation can be completed in one day, in official work hours.

State Attestation:

I.                   After completing the previous step, collect the following documents:

  • One Xerox copy of your passport, make sure that the Xerox has both the pages of your passport. The address page and the identification page. This Xerox copy must be self-attested. Be sure to also carry your passport.
  • All the original documents with due stamps from university and notary stamp.
  • One written application to Joint Secretory stating why you seek state-attestation. ¬†Be sure to attach all relevant information in it for e.g. the name of the program and university which seeks apostille etc. The application must be signed by applicant.
  • Two passport size photos.
  • 1 blue pen and 1 black.
  • One nice book or perhaps portable video player to pass time (trust me it would be life saver).
  • Attestation is free of charge but be sure to carry change cash as you will need to pay for some Xerox.

II.               Travel to Mumbai. It is highly recommended that you travel as early as possible (on weekdays and non-national or state holidays only). 

  • The address one needs to travel first is:

Higher & Technical Education Department, Government of Maharashtra, Room No. 422, 4th floor, ¬†Mantralaya, Mumbai ‚Äď 400032. Tel No.: 022-22043018.

  • There are two ways you can travel there, by local bus, which runs every day during morning from every major bus stop or by local train. My city has bus daily directly till Mantralaya so I cannot provide accurate information about local trains, but from the enquiries I did with people around Mantralaya, local trains for Church gate were ideal option for reaching there.
  • Once you have reached there, from 9:30 the distribution of gate pass begins. First task is to secure a gate pass, fill up all the relevant information on it. Once filled up, queue for getting your pass authorized. You need to furnish original identification card to get your pass authorized. ID card can be: Driving License, PAN Card, and Passport.
  • Your gate pass would provide you the entry time as after 14:00. For now, keep the pass secured with you.
  • The reason to secure the gate pass earlier is due to the huge influx of people that gather for securing pass at later time.

III.            Around 13:20, line up for entry to Home department.

  • The Home Department of Maharashtra Government is situated in another building. The complete address is:

Section officer, Home Department, Government of Maharashtra, 9th floor, New Administrative Building, Opp. Mantralaya, Mumbai ‚Äď 400032. Tel No. 022-22022688

  • This building in directly behind the one where you secured the gate pass. The other building does not require gate pass.
  • You need to note down purpose of visit with the security person. Additionally you need to furnish ID proof as well. Just write down 9th floor in place of department you wish to visit.
  • Once inside you can either take elevator or stairs to reach 9th floor. When I reached inside, there were queues (!) to use the elevator. I took up stairs rather than wasting time waiting for my turn.
  • On 9th floor the Home Department is exactly to the left side, if you arrived from staircase.
  • Go inside the first compartment of the Home Department.
  • Inside, the first table would provide you with first set of stamps and the other tables with signatures.
  • You will be asked for ID proof (if presenting the documents yourself, in case of proxy, a signed consent letter is required)

IV.             After completing with Home Department

  • Head back to the road where you sought the gate pass. Now head down the road, you will find yourself at a ‚ÄėT‚Äô junction. Head left to find some Xerox shops.
  • Take two copies of all the original documents. Take Xerox of both sides.

V.                Head back to Mantralaya

  • Go to 4th floor of the Mantralaya building. On that floor ask anyone to point you towards Higher and Technical Education Department.
  • Inside, seek the lady (as of now) sitting at the desk which is infront of the cabin in the department.
  • Ask her to provide form for state attestation.
  • Fill the form in Black ink only. You will need to note down all the documents and its associated unique number on the form, which you seek attestation for. Also specify contact details of two persons in you locality to vouch for your behavior.
  • Paste you passport size photo to the application form.
  • Staple the written application and passport Xerox to the form.
  • Submit all the above along with Originals and Xerox of the same.
  • It will be checked and stamped in an hour or so.
  • For me it took 2 hours since the Joint Secretory was busy in meetings.

That’s all with state attestation. Final apostille procedure will be detailed in next post.

TIPS :

  • The toilets and wash rooms are 2 minutes distance from Mantralaya building (You cannot use the one available inside the building). It is near the bus stop.
  • There are some good places for having lunch or light snacks nearby. Be sure to ask the police force in case of any assistance in finding right place.
  • When you receive your documents back, be sure to double check if all the documents are stamped and signed. It happened with me that one document was unsigned.
  • You can use the free time in between taking gate pass and queuing for Home department by reading nice book or listening music etc.

Apostille by MEA (Ministry of External Affairs), India [PART 1]

I finally received my documents with apostille seal on them.  In this post, all the procedures and necessary steps in details along with some tips that might help people in getting their documents apostilled in timely and non-frustrated way, is listed.

All the information would be split into 2 parts. Second post would soon follow.

This information is current as of April 2nd 2014 and applicable for educational documents ONLY.

Pre-attestation:

My documents originated from Maharashtra state, hence I needed state attestation prior to submitting documents for apostille. According to the stated information at MEA Official Site, one needs to get educational documents attested by Joint Secretory of Higher and Technical Education.

Unfortunately, the information listed on the MEA site is incomplete, as before the Joint Secretory can affix the documents, it must be stamped by the originating university’s registrar/controller of examination followed¬†Notary by notarized person, ending with stamp from Home department of the state government. Thus the following steps apply:

I.              Get all the originals that you wish to aspotille, stamped from the relevant university (incase of higher education documents) or relevant examination board (incase of secondary or higher secondary education documents).

  • Be sure that the stamp is on original and the stamp states: ‘This documents has been verified and found OK’ OR ‘This documents has been checked and found authentic’ etc.
  • The stamp must also accompany signature of relevant examination authority like registrar/controller of examination etc.
  • In my case, the people at University refused to provide me such stamp claiming such stamp is not provided on originals or even on provisional certificate. First day was spend trying to convince them, but when all option failed, a direct application to Vice-Chancellor (VC) did wonders. The VC ordered the authorities to provide me with the stamps as he was pretty much aware of what exactly apostille is and its purpose!¬†Overall, this process took 3 days.

II.            Get all the documents notarized by a notary person. You can search for notary person near you from this page. The notary must be of Rs. 25 stamp.

  • ¬†It might happen that the Notary person would deny notarizing the original documents, as happened in my case. The solution to this problem would be to approach the Notary person with reference from someone who knows him and if it still doesn’t work then contact the Home Department of your state and have the person talk with them to clarify the issue.
  • This process should at-most take 1 hour, but due to reasons above it took me around¬† 5 hours to convince and then for them to provide me with notary.

Next part would be about state attestation and final apostille procedures.

Fusion of Quantum Mechanics and Shakespeare

What would have happened if Shakespeare had known Quantum Mechanics and the Schr√∂dinger’s cat? Apparently the following :

“To be, or not to be, or maybe both

–that is the question:
Whether ’tis nobler in the mind to calculate
The slings and arrows of outrageous quanta
Or to take arms against a sea of interpretations
And by opposing end them.
To sleep, to wake —
No more, but both –and by a sleep to say we end
The headache, and the thousand natural shocks
That Bohr bequeathed. ‘Tis a consummation
Devoutly to be wished. To wake, to sleep–
To sleep–perchance to dream: ay, there’s the rub,
For in that sleep of Copenhagen what dreams may come
When we have shuffled all our mortal calculations,
Must give us pause. There’s the Aspect
That makes calamity of so entangled a life.
For who would bear the Bells and Wittens of time,
Th’ position’s wrong, the proud momentum’s contumely
The pangs of despised theory, the quantal law’s decay,
The insolence of academic office, and the spurns
That patient merit of th’ unworthy unlearned takes,
When he himself might his quietus make
With a bare bra-ket? Who would fardels bear,
To grunt and sweat under a weary state vector,
But that the dread of something not quite real,
The undiscovered counterfactual, from whose bourn
No traveller returns, puzzles the will,
And makes us rather bear those classical ills we have
Than fly to others that we know not of?
Thus common sense does make cowards of us all,
And thus the native hue of resolution
Is sicklied o’er with the pale cast of Heisenberg,
And enterprise of great position and momentum
With this regard their currents turn awry
And lose the name of action. — Soft you now,
The fair Dirac — noble and precise, in thy orisons
Be all my spins remembered.”

via Wavewatching

Google fool day

Every year on April 1, Google enthusiastic audiences get many hilarious news. However, none of them can be compared to the prank with the news from April 1, 2004 the launch of the e-mail service Gmail capacity, one gigabyte, because that is really the news was true.

Google jokes on April 1 even have a devoted separate article in Wikipedia

This year, the company launched a “show” with the news of the suspension of the upload¬†facility¬†of new videos on Youtube until 2023.¬†In the news it is ¬†reported that the service has already made enough movies to conduct a¬†“contest.” Out of them over a span of ten year, an overall winner will be selected.

Next, is a search engine that smells : Google nose

nose

A character input system through the drums and one-button keypad build by Google Japan branch

The company has also launched a “treasure hunt” on Google Maps.

Finally, Youtube has¬†started “selling” collection DVD-ROM drive with the best excerpts from the videos of Youtube.

Perhaps the list will continue to increse because the day is not over yet and Google may have more tricks up its sleeves.

Beauty in Mathematics

Excellent lecture on the true beauty in Mathematics. Worth listing to atleast once.

Beauty in Mathematics

Enrico Bombieri
Professor Emeritus, Institute for Advanced Study

Often mathematicians refer to a “beautiful” result or a “beautiful” proof. In this special lecture,¬†Enrico Bombieri, Professor Emeritus in the School of Mathematics, addresses the question, “What is beauty in mathematics?”