Quick access to articles on this page:
more on the next page...
Why does the round constants in sha1 have those specific values?
Kt is the round constant of round t;
from SH1-1 - Wikipedia:
The constant values used are chosen to be nothing up my sleeve numbers: the four round constants k are 230 times the square roots of 2, 3, 5 and 10. The first four starting values for h0 through h3 are the same with the MD5 algorithm, and the fifth (for h4) is similar.
from Nothing up my sleeve number:
In cryptography, nothing up my sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for a nefarious purpose, for example, to create a backdoor to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π as the constants. Using digits of π millions of places into its definition would not be considered as trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit.
I'm digging into the code source of Sage and I see that a lot of functions are implemented with Shoup's NTL. There is also FLINT used. I was wondering what were the differences. I can see that NTL is in c++ and FLINT is in C. On wikipedia:
It is developed by William Hart of the University of Warwick and David Harvey of Harvard University to address the speed limitations of the Pari and NTL libraries.
Although in the code source of Sage I'm looking at they use FLINT by default and switch to NTL when the modulus is getting too large.
By the way, all of that is possible because Sage uses Cython, which allows it to use C in python. I really should learn that...
This implementation is generally slower than the FLINT implementation in :mod:
~sage.rings.polynomial.polynomial_zmod_flint, so we use FLINT by default when the modulus is small enough; but NTL does not require that
`int`-sized, so we use it as default when
n is too large for FLINT.
So the reason behind it seems to be that NTL is better for large numbers.
I was looking for a way to know what are the real differences between magma, sage and pari. I only worked with sage and pari (and by the way, pari was invented at my university!) but heard of magma from sage contributors.
From the sage website: The Sage-Pari-Magma ecosystem
The biggest difference between Sage and Magma is that Magma is closed source, not free, and difficult for users to extend. This means that most of Magma cannot be changed except by the core Magma developers, since Magma itself is well over two million lines of compiled C code, combined with about a half million lines of interpreted Magma code (that anybody can read and modify). In designing Sage, we carried over some of the excellent design ideas from Magma, such as the parent, element, category hierarchy.
Any mathematician who is serious about doing extensive computational work in algebraic number theory and arithmetic geometry is strongly urged to become familiar with all three systems, since they all have their pros and cons. Pari is sleek and small, Magma has much unique functionality for computations in arithmetic geometry, and Sage has a wide range of functionality in most areas of mathematics, a large developer community, and much unique new code.
I also noticed that Sage provides an interface to Shoup's NTL through
ntl. functions. Good to know!
A step by step tutorial showing you how to get admin credentials on a windows machine: http://imgur.com/gallery/H8obU
- reboot in start-up repair mode
- read privacy statement of one menu should open notepad
- thanks to notepad replace
sethc 1 with
- so now when you press 5 times on
shift it will call
cmd instead of
- you know have a shell, use command
net localgroup Administrators to get a list of the admins
net user <ACCOUNT NAME HERE> * to change one account's password.
If you're looking for a "fix", microsoft advise you to turn off sticky keys all completely
And here's another exploit for windows 98
Note that as soon as you can access the hard drive, you don't need to use the first trick and can switch around programs in system32 as you wish (except if windows is encrypted with bitlocker). For example you can do this with an ubuntu live cd and swap
cmd with the
magnifier tool and you will be able to do the same thing.
I posted a tutorial of awk a few posts bellow. But this one is easier to get into I found. It says Awk in 20 minutes but I would say it takes way less than 20 minutes and it's concise and straight to the point, that's how I like it.
EDIT1: And here's a video of someone using a bunch of unix tools (awk, grep, cut, sed, sort, curl...) to parse a log file, pretty impressive and informative: https://vimeo.com/11202537
EDIT2: Here's another post playing with grep, sort, uniq, awk, xargs, find... http://aadrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html
I wanted to get into educational videos and this is my first big try (of 13minutes). I made some quick animations in Flash and some slides and I recorded it. I didn't want to spend too much time on it. It doesn't feel that clear, my English kinda got stuck sometimes and my animations were... crappy, let's say that :D but it's a first try, I will release other videos and improve on the way hopefully :) (I really need to get more pedagogical). So I hope this will at least help some of my fellow students (or people interested in the subject) in understanding Differential Power Analysis
Note: I made a mistake at the start of the video, DPA is non-invasive (source)
I've always wondered how TOR (The Onion Router) worked and was a bit scared of digging into it. After all, bitcoin is pretty hard to grasp, how would TOR be different? But I found out that TOR was actually a pretty simple concept!
The official explanation is top notch. To sum up, instead of sending a packet to the destination (google.com for example), you choose a route of TOR nodes that will lead to that destination (usually 3 nodes). And for efficiency purpose you will keep that route for 10 minutes)
The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you
- The first node only see who's sending the packet (you) and who it is for (the second node). It decrypts the payload and send it to the second node.
- The second node only sees it came from the first node, decrypts the payload and send it to the third node
- The third node sees it came from the second node, decrypts the payload and send it to the destination (in clear if you don't use ssl)
From TOR's FAQ:
Can't the third server see my traffic?
Possibly. A bad third of three servers can see the traffic you sent into Tor. It won't know who sent this traffic. If you're using encryption, such as visiting a bank or e-commerce website, or encrypted mail connections, etc, it will only know the destination. It won't be able to see the data inside the traffic stream. You are still protected from this node figuring out who you are and if using encryption, what data you're sending to the destination.
To be able to do this, this is where the encapsulation or rather onion routing technique is used.
As we know the route we are going to take, we can encrypt several time our packet. For example: we'll encrypt the packet router B will have to send to router C with the public key of router A. So when router A opens the packet and decrypts it with its private key, he only sees the encrypted payload destined to router B. He can then send it to router B and the latter will decrypt it and send the payload to router C and on and on. I think the picture is clearer than my explanations.
Voilà! Not that hard huh?
PS: here's a list of potential attacks on TOR in their design paper
I just ran into amazing tutorials for sed and awk, two famous text processing tools on unix.
If you are on firefox I advise you to disable CSS (View > Page Style > No Style)
$ echo day | sed s/day/night/
There are still many text processing tools I need to learn, like strip, strings, xdd, grep, tr, xargs, cut, sort, tail, split, wc, uniq...