Along the way, I discovered a useful bash command called ‘fold’ which does line breaks. I also discovered a command called ‘jot’ – but that is of little use to me here!
(...)
Read the rest of Letter Groups (192 words)

Link - (Come and Comment - I like comments!) | Original : Letter Groups | © Murky, 2010. | Add to del.icio.us
Post tags: bash, Cryptography, letter group, OS X

Related posts

• Command Line Cryptography (0)
• WordPress backup on demand to OS X (0)
• Running Wordpress on Mac OS X (0)
• Why is Cryptography Important? (0)
• Vigenère (4)

Some electronics (which can be miniaturised to fit onto the stolen card, hence making the attack more portable) is connected to the chip on the card. When a wrong pin is entered, it sends a signal to the chip making it think that a verification by signature was given, and the reader things the correct pin has been entered. With a crooked retailer, the electronics need not be miniaturised.

This allows the transaction to proceed and hence for the cardholder to be robbed.

With Chip and Pin, the bank assumes it is secure, and so will not refund losses due to cardholder negligence – so this is a big problem.

Mark Bowerman, spokesman for UK Payments Administration, acknowledged the Cambridge researchers’ paper, but rejected their conclusions.

“We are taking this paper very seriously, as maintaining excellent levels of card security is paramount,” he said. “However, we strongly refute the allegation that chip and PIN is broken.” (source)

Link - (Come and Comment - I like comments!) | Original : Chip and Pin is Broken | © Murky, 2010. | Add to del.icio.us
Post tags: Banks, Chip and Pin, Cryptography, Modern Cryptography

Related posts

• Venona (2)
• Using Spruchnummer to crack Lorenz (1)
• SHA-1 Broken (1)
• RSA (0)
• Quantum Cryptography (a background) (2)

Fortunately I came across example 12-18 on this site and it’s problem solved.

#!/bin/bash

# Will encrypt famous quotes in a simple monoalphabetic substitution.
#  The result is similar to the "Crypto Quote" puzzles
#+ seen in the Op Ed pages of the Sunday paper.

# http://www.faqs.org/docs/abs/HTML/textproc.html 

key=NOPQRSTUVWXYZABCDEFGHIJKLM
# The "key" is nothing more than a scrambled alphabet.
# Changing the "key" changes the encryption.

echo "If you have not specified a file, type your input, when done, enter ctrl-D"
echo ""

# The 'cat "$@"' construction gets input either from stdin or from files.
# If using stdin, terminate input with a Control-D.
# Otherwise, specify filename as command-line parameter.

cat "$@" | tr "a-z" "A-Z" | tr "A-Z" "$key"
#        |  to uppercase  |     encrypt
# Will work on lowercase, uppercase, or mixed-case quotes.
# Passes non-alphabetic characters through unchanged.

# to decrypt
# cat "$@" | tr "$key" "A-Z"

exit 0

I use OS X, so I saved this into a file called ‘ROT13′, and made it executable by going to the terminal and typing

chmod 755 ROT13

In the terminal, I can execute the file by going to the directory containing the file and typing ./ROT13 (I haven’t put my scripts directory in the path yet)

I type my input, hit return, then ctrl-D and return…. voila!

Changing ‘KEY’ will produce a different encryption. For example atbash uses this key: ZYXWVUTSRQPONMLKJIHGFEDCBA

Now, the next step is to write a script to create blocks of N characters (default, 5) – and a command line vigenere. Hmm, that’s harder!

Link - (Come and Comment - I like comments!) | Original : Command Line Cryptography | © Murky, 2010. | Add to del.icio.us
Post tags: Atbash, bash, Caesar Shift, Cryptography, Mac, OS X

Related posts

• WordPress backup on demand to OS X (0)
• Letter Groups (0)
• The Caesar Shift (1)
• Subversion on OS X (0)
• Stolen Laptop photographs thief (2)

Then this ebony bird beguiling my sad fancy into smiling,
By the grave and stern decorum of the countenance it wore,
`Though thy crest be shorn and shaven, thou,’ I said, `art sure no craven.
Ghastly grim and ancient raven wandering from the nightly shore -
Tell me what thy lordly name is on the Night’s Plutonian shore!’
Quoth the raven, `Nevermore.’

Poe also wrote ‘The Gold-Bug’ which involves some cryptography as an integral part of the plot.

53‡‡†305))6*;4826)4‡.)4‡);806*;48†8
¶60))85;1‡(;:‡*8†83(88)5*†;46(;88*96
*?;8)*‡(;485);5*†2:*‡(;4956*2(5*—4)8
¶8*;4069285);)6†8)4‡‡;1(‡9;48081;8:8‡
1;48†85;4)485†528806*81(‡9;48;(88;4
(‡?34;48)4‡;161;:188;‡?; (source)

This is a monoalphabetic cipher, each character stands for one, and only one, letter of the alphabet. For instance, ‡ represents ‘o’.

Some of the works of Edgar Allen Poe can be found on Project Gutenberg.

Link - (Come and Comment - I like comments!) | Original : Happy Birthday, Edgar Allen Poe | © Murky, 2009. | Add to del.icio.us
Post tags: Author, Classical Cryptography, Edgar Allen Poe, Monoalphabet

Related posts

• The Caesar Shift (1)
• Monoalphabetic Substitution (1)
• Atbash (2)
• Vigenère (4)
• Using XOR (0)

First we must consider the nature of light (this can be generalised to any particle once we get all quantum mechanical, but let’s stick with light for now).

Classically, light can be thought of as a wave. It’s a transverse wave meaning that the ‘oscillations’ of the thing doing the waving are at right angles to the direction that the wave is travelling in. Another example of transverse waves are waves on the surface of water.

Picture showing waves horizontally and vertically polarised

These oscillations defined a ‘plane’ in which the waves are oscillating, and this plane can be oriented at any angle. Waves on the surface of water are vertically polarised. Though the plane of polarisation can be any angle, it is convenient to pick two planes which are at 90 degrees to each other. We can express any polarisation by talking about how much of each is present. Hence, we can talk of ‘vertical’ and ‘horizontal’ polarization. Here is an applet which demonstrates this.

You can see polaroid filters in action if you have a pair of polaroid glasses (often sold as ‘anti-glare’). Find a light shining on a surface such as a desk. You don’t want to be ’square on’ to the surface, the light should be bouncing at an angle, 45 degrees is a good start. For the most obvious effect, don’t use a mirror.

Look at the surface through your polaroid glasses, then rotate them 90 degrees, and keep looking. You should see the glare change in brightness. You will find that polaroid glasses are best at reducing glare from horizontal reflections when held normally. (See: Brewsters’ Angle)

If you use your glasses for driving, you may find that you have trouble with the LCD screens on petrol pumps, this is because the LCD screen relies on polarising light!

If you take a polarised filter, this will ensure that all the light which passes through has the same polarisation. Classically, if a particular wave comes in with an amplitude of A, and a plane of polarisation at angle θ to the plane of polarisation, the amount of light which emerges has amplitude Acosθ.

Picture showing the effect of multiple polarising filters

Suppose that we have two polaroid filters. Unpolarised light hits the first and emerges polarised. It emerges with amplitude, A (on average). This light hits the second filter. The two filters have an angle θ between their planes of polarisation – the amount of light which emerges is Acosθ. So, if the filters are aligned, the second filter has no effect. If it is turned 90 degrees, no light emerges (note, if it is turned 180 degrees, it has no effect – the sign of the amplitude doesn’t matter, it’s not ‘negative light’!)

(Note that for real filters, there is a little scattering, so 90 degrees doesn’t give total black, and zero degrees does give some reduction in intensity)

Imagine we have two filters, aligned at 90 degrees. No light emerges. This is because the cosine of 90 degrees is zero.

Now, insert a filter at 45 degrees between the two. What happens? More ’stuff’ can only make the amount of light getting through smaller, right? The cunning reader will have assumed that I wouldn’t ask the question if the answer were obvious. Some light emerges. In this circumstance, two filters allows through less light than three.

This counterintuitive result is easily explained. Imagine the second filter is at an angle of θ compared to the first.  The third is at 90 degrees. In other words, the angle from the second is (90-θ). From the first filter, we have light with amplitude Acosθ. This is then reduced by the third filter by cos(90-θ). The overall light intensity is now Acosθ.cos(90-θ) or Asinθcosθ, this reduces to A(sin2θ)/2. In other words, we get most light out when sin2θ=1, or when 2θ=90°, or when θ=45° 

The newly inserted second filter is changing the polarisation of the light.

Take your time on polarisation, it’s important that you understand the above if you’re to comprehend subsequent articles. We’ll put this aside for a while, though – the next step is to talk about photons.

Link - (Come and Comment - I like comments!) | Original : Quantum Cryptography (a background) | © Murky, 2008. | Add to del.icio.us
Post tags: Cryptography, Light, Modern Cryptography, Physics, Polarisation

Related posts

• Venona (2)
• Using Spruchnummer to crack Lorenz (1)
• SHA-1 Broken (1)
• RSA (0)
• Quantum Cryptography (0)

Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else… They were way, way outgunned and they absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it’s on Discovery’s radar and they won’t let us go near it.

A great quote from the video:

You do have about 3000 people in the room who aren’t under such legal arrangements.

The full video is here, and starts with a great talk from Savage about his obsessions.

The point is that keeping the information ’secret’ does not stop the bad guys getting it – it stops the rest of us knowing that our information is insecure. If you’re reliant on security by obscurity you have no security at all. Given that RFID is a widely distributed technology, the RFID chips should be able to withstand full scrutiny if they’re to be trusted for the purpose.

They can’t withstand that scrutiny, as evidenced by the reaction of the lawyers, and by this video.

With a bigger antenna on this I can go into Starbucks and get the [details] of everyone there.

It’s a shame discovery didn’t feel able to nod at the lawyers, and then make the programme anyway – including the conversation with the legal people. Still, when you’re depending upon ad revenues, it’s not as easy as all that – at least in the short term. A good argument for the BBC TV Licence!

(*) Although the announcer in the UK does often mix concepts of mass, pressure, force etc. Not sure about the guy in the US – the people in the show sometimes do this too, but that comes across to me as more of a ’shorthand’ – as they obviously know the difference!

Link - (Come and Comment - I like comments!) | Original : Mythbusters Gagged | © Murky, 2008. | Add to del.icio.us
Post tags: Adam Savage, Cryptography, Law, Mythbusters, RFID, Security, Stupid Security, Television, Video

Related posts

• Stupid Security (0)
• You’ve got to love the muppets… (0)
• World Cup, Computers and the Yanks (0)
• Take a Seat (0)
• Stupid Security (0)

It was changed as it was ‘inappropriate’. He tried to change it to ‘Lloyds is Rubbish’ – or ‘Barclays is better’ but this was not allowed. He tried ‘censorship’, but was told his password had to be six letters or less!

1. “No it’s not” is more than six letters.
2. A bank suggesting a password that’s seven letters long is too long is sadly mistaken
3. Why was an employee at the bank even able to see the whole password?

When the password is set, it should be done by having the customer enter it secretly in the branch, at the time the account was opened. If done by post, then it should be by an anonymised form which bears a reference number allowing the computer to tie the password to the account, but not for the person entering that password to know the account.

Anyone employee needing to verify a customer should be told by the computer to ask for the ’second, tenth and eleventh’ characters of the password, they should enter them – but not be able to see the characters before a correct verification (so if just one letter is wrong, the employee can’t know what two were).

At no time should an employee be able to link a full password to an account. The only time an employee should even see a full password is if they’re in the section of the head office which handles the anonymised forms.

Unless I’ve overlooked something, this seems indicative of a security flaw… and as someone with shares in the bank concerned, it worries me. I’ve written to the bank to try and find out what’s happening here.

The bank said: “It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer’s permission. “

Link - (Come and Comment - I like comments!) | Original : Bank unilaterally changes password | © Murky, 2008. | Add to del.icio.us
Post tags: bank, Cryptography, protocol

Related posts

• Why is Cryptography Important? (0)
• Vigenère (4)
• Venona (2)
• Using XOR (0)
• Using Spruchnummer to crack Lorenz (1)

Essentially the idea is that based on some seed data, some complicated sums are done to give a location.

People get to that location for a meetup.

A map tool is available which does the sums for you. You set the date, click your area and it gives you a location.

Due to problems with the seed data (US stock market) and time zones a new rule has been introduced today for people east of 30 degrees west. This is taken care of automatically by the map tool. There are several pieces of code for implementing this – though most have yet to be updated to reflect the 30W rule.

The idea is that the seed data is processed using an algorithm called md5. This algorithm produces a ‘hash’ of the data. it is difficult to find alternate data which produces the same hash. A small change in the data produces a big change in the hash.

The idea of a hash is a way of producing a ‘fingerprint’ of a file. I.e. I could send you a file, but how would you know it hadn’t been tampered with? Well, I could phone you, you could recognise me and I could read you the hash of that file (which you can then generate and check).

A hash can also be used as a zero knowledge proof. I.e. I wanted to prove to you that I had discovered some fact. I might not want you to know the fact (yet). For example, I might know the first line of the ‘Times’ editorial for next saturday. I could generate a hash of that line and give it to you – when the paper is published that information can be checked.

In this case, the md5 algorithm is used to give a reasonable pseudo-randomisation of one number into another. It’s just a bit of fun.

I’ve not gone to a geohash event myself – but I like the concept.

Link - (Come and Comment - I like comments!) | Original : GeoHashing | © Murky, 2008. | Add to del.icio.us
Post tags: Cryptography, GeoHashing, GPS, md5, Modern Cryptography, xkcd

Related posts

• Venona (2)
• Using Spruchnummer to crack Lorenz (1)
• SHA-1 Broken (1)
• RSA (0)
• Quantum Cryptography (a background) (2)

All the stuff of a good Le Carré novel.

I’d be surprised if someone wasn’t already working on a screenplay or novelization. A thought that’s depressing as it follows an actual murder.

(Update: Now there’s talk of missiles. Lovely – Murk)

Link - (Come and Comment - I like comments!) | Original : The Cold War is Back? | © Murky, 2007. | Add to del.icio.us
Post tags: Cold War, Cryptography, Espionage

Related posts

• Spies (0)
• Why is Cryptography Important? (0)
• Vigenère (4)
• Venona (2)
• Using XOR (0)

The Stupid Security Awards is an open competition run by Privacy International to discover the world’s most pointless, intrusive, annoying and self-serving security measures. The awards aim to highlight the absurdities of the security industry. The awards were first staged in 2003 and attracted over 5,000 nominations from members of the public from around the world.

The competition is judged by an international panel of well-known security experts, public policy specialists, privacy advocates and journalists. Together they decide on the following award categories:

• Most Egregiously Stupid Award
• Most Inexplicably Stupid Award
• Most Annoyingly Stupid Award
• Most Flagrantly Intrusive Award
• Most Stupidly Counter Productive Award

Unworkable security practices and illusory security measures do nothing to help issues of real public concern. They only hinder the public, intrude unnecessary into our private lives and often reduce us to the status of cattle.

It’s hard to know just where to start, but the recent scares about airports have lots of possibilities, for example the reduction in hand luggage size – as if someone could smuggle something nasty in slightly larger luggage, but not slightly smaller. In addition there’s the fact that liquids can’t be taken through security – but can be bought on the far side of security but not if travelling to the USA, bottles of water bought at the airport are much more dangerous when flying to the US. Obviously.

There’s also the whole idea that ID cards will axiomatically make us secure (potential terrorists would have valid ID too).

The full announcement is here, and says:

The airline industry is the most prominent offender, but it is not alone. Consider the UK rail company that banned train-spotters on the grounds of security (e.g. see this article(external). Or the security desk of a US office building that complained because paramedics rushing to attend a heart-attack victim had failed to sign-in. Or the metro company that installed a $20,000 biological weapons/gas detector and placed it openly next to a power plug so terrorists could conveniently unplug the device.

In 2003, the final list was published with this leading paragraph:

"The extraordinary number of nominations indicates that the situation has become ridiculous" said Mr Davies. "Security has become the smokescreen for incompetent and robotic managers the world over".

Link - (Come and Comment - I like comments!) | Original : Stupid Security | © Murky, 2006. | Add to del.icio.us
Post tags: Cryptography, Security, Stupid Security, Terrorism

Related posts

• Mythbusters Gagged (1)
• Stupid Security (0)
• Worlde Gonne Madde? (0)
• Why is Cryptography Important? (0)
• Vigenère (4)