david wong

Hey ! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Claude Shannon November 2013

Learning about Shannon's theorem in class I got curious and googled the guy.

One extract I found interesting in his wikipedia biography :

Shannon and his wife Betty also used to go on weekends to Las Vegas with M.I.T. mathematician Ed Thorp, and made very successful forays in blackjack using game theory type methods co-developed with fellow Bell Labs associate, physicist John L. Kelly Jr. based on principles of information theory. They made a fortune, as detailed in the book Fortune's Formula by William Poundstone and corroborated by the writings of Elwyn Berlekamp, Kelly's research assistant in 1960 and 1962. Shannon and Thorp also applied the same theory, later known as the Kelly criterion, to the stock market with even better results. Claude Shannon's card count techniques were explained in Bringing Down the House, the best-selling book published in 2003 about the MIT Blackjack Team by Ben Mezrich. In 2008, the book was adapted into a drama film titled 21.

Apart for inventing most of cryptography concepts, and doing chess IA, he also made a fortune from gambling and playing with stocks. Interesting.

comment on this story

bordeaux1 url November 2013

My portfolio/vitrine/online resume... call it what you want, which is available on davidwong.fr, is now available on david.wong.emi.u-bordeaux1.fr as well. I thought that was pretty cool to have a bordeaux1.fr url. I think I can also have a univ-lyon1.fr since my account is still active but I can't be bothered looking at where it is.

Anyway, just this small piece of news in the ocean of bitcoin/litecoin news I've been posting here. Exams are coming soon and I should blog more about them than cryptocoins but yeah...

comment on this story

To the moon November 2013

There we are, bitcoins reached the 1000$/btc bar. We are living history. The price of 1mBTC is 1$ now. I don't know what to think anymore. I've been following bitcoins since they were bellow 20$. Reading everything on /r/bitcoin and HN. I would never have imagined that. comment on this story

Bitecoin and Litecoin reach a new peak! November 2013

Bitcoin reached 877$/bitcoin today. I had 11 bitcoins that I bought for 450$ in total (40$/bitcoin) and which I lost trading and losing my wallet as well. I'm raging every time I think of the free holidays I could have paid myself with them.

But not all is lost, I have some litecoins and they just reached a peak of 14$ / litecoin. They're following bitcoins' rate closely and they're just waiting to become "mainstream" as well to boom.

Fingers crossed.

comment on this story

Satoshi's original paper on Bitcoin November 2013

8 pages of simple explanations

and a "explain me like I'm 5" post on http://www.reddit.com/r/Bitcoin/comments/1reu69/if_you_have_not_read_satoshi_nakamotos_original/cdmlnfd?context=1" target="_blank">reddit :

Bitcoin is a giant public ledger saying who sent what coins to whom. People have private keys, which they use to sign coin transfers. It's easy to verify signatures. That way only you can give away your coins. But that doesn't prevent you from giving the same coins to multiple people. For that we have the ledger, which puts all the transfers in a particular order that everyone agrees on so you can't pay someone with coins you already spent. Transactions are published on a p2p network. To put them in order, people take sets of transactions, add a random number, and make a cryptographic hash of the whole thing. (Feed data into a hash function and you get an unpredictable number.) If the hash is a low enough number it's a valid block and it becomes part of the blockchain. If it's too high, you change the random number and try again. The block also includes the hash of the previous block, so that puts everything in sequence. It takes a lot of tries to get a low-enough number, so only one block is published every ten minutes or so, by some random person who got lucky. This puts everything in order. It's expensive to do that, so when someone successfully generates a block, they get paid by a special bitcoin transaction that awards them some brand-new coins. That's mining.
comment on this story

Newegg trial: Crypto legend takes the stand, goes for knockout patent punch November 2013

"We've heard a good bit in this courtroom about public key encryption," said Albright. "Are you familiar with that?" "Yes, I am," said Diffie, in what surely qualified as the biggest understatement of the trial. "And how is it that you're familiar with public key encryption?" "I invented it."

A nice piece of journalism about how Diffie stood out in court to "knock out the Jones patent with "clear and convincing" evidence (which is the standard for invalidating a patent).".

Learning more about the guy who is behind the Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange">Diffie-Hellman handshake.

more info here comment on this story

Done! November 2013

So after a long night staying up and coding I finally handed in my project including my report in LaTeX.

I'm not really proud of what I did, I felt like I could have done much better if given more time (okay I slacked and I had enough time).

BUT, as I already said earlier, I've accomplished a lot and even though I'm done with this project I still kinda want to keep working on it.

Things that I've learned doing this class :

  • C is awful. But now I know the basics. I wish we had one more project to code in C to really get it though.
  • Makefile? Headers? I still don't really get the structure of a C project (and I'm ashamed).
  • I know Linux! Okay I don't know Linux that much, but I'm getting really causy there. I installed debian on a VM and I'm considering setting up a dual boot on my laptop now.
  • Emacs emacs! I was postponing learning it because I was afraid, and just forced myself to use it for this project and goshh am I fast when I use it. When I go back to Sublime Text I just want to C-M-F, C-A, C-K, C-Y...
  • LaTeX! As a Math major I've always been ashamed not knowing it. Now that I got a taste of it I'm wondering if I should use it to write my book on.
  • Svn and Git. I'm not a stranger anymore! And I use them for all my websites as well now :)

I think that's it, but I feel like I've learned a lot and I wished this course was a year thing rather than a semester thing.

The course is not over yet though and next week we'll dive into java for... a quick swim since it will be our last week.

comment on this story

I'm turning nuts November 2013

I feel like I've been doing a hackaton these past few days trying to finish my sudoku solver. I had to hand it in 2 hours ago but still haven't finished... I really hope this won't affect my grade too much.

I've been learning a lot of Emacs, C, using gcov, gprof, LaTeX... I'm so confused right now and my code has became so dense that it's hard for me to debug it.

Yesterday, suddenly, I found something really stupid in my sudoku grid generation that I couldn't fix. A day after, I found the solution, randomly, fixing it created a huge load of other issues. I have been re-inspecting my whole code all day long and I'm stressed by this deadline that I already passed.

Gosh that is a hard course.

And... because of this, I missed a day writing on my new application. I was on a 9-day strike :(

comment on this story

What is the enlightenment I'm supposed to attain after studying finite automata? November 2013

I'm studying automata, it's sort of a "logical" subject that reminds me of studying mathematics. It looks cool, it only asks your brain to think, not to memorize, and you don't really know what's the real use of it.

If you want to take a peak at what I'm studying, you can find a similar course on Coursera given by Jeff Ullman from Stanford (yes, obviously I should have moved to the US and attend Stanford).

Well, someone nicely asked what I was thinking on Stackoverflow, and someone else nicely answered.

comment on this story

NSA infected 50,000 computer networks with malicious software November 2013

Example about Belgium:

One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customer’s telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
more info here comment on this story

Réseaux November 2013

I have an exam of Réseaux (Network) tomorrow and the slides of my prof are... how could I say this... not really clear. We have practical applications classes but they were... organized in the worst possible way. The subject did seem interesting at first but I felt like I learned nothing. Hopefully for the past few weeks I've been using the wonderful online course An Introduction to Computer Networks given by Nick McKeown and Philip Levis both very competent profs from Stanford. It seems like I should have gone there for my master of Cryptography :) Anyway, I'm doing with what I have here and I feel blessed studying Cryptography right when free online courses started becoming a thing.

The course is available here.

comment on this story

Bullrun November 2013

Bullrun or BULLRUN is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA). The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the NSA's BULLRUN Classification Guide, which was published by The Guardian, BULLRUN is not a Sensitive Compartmented Information (SCI) control system or compartment, but the codeword has to be shown in the classification line, after all other classification and dissemination markings. Information about the program's existence was leaked in 2013 by Edward Snowden.

from https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29" target="_blank">wikipedia.

comment on this story