Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

# NP Complexityposted December 2013

Ahhhh, what is P, NP, NP-Complete and NP-hard. Found this quick explanation. Still reading on the subject. I feel like It might take me a lot of time until I can be able to explain that easily to someone who has no idea what it is.
true mastery of a subject is achieved when you can explain it simply
Here's a stackoverflow pretty simple explanation
A decision problem is in P if there is a known polynomial-time algorithm to get that answer. A decision problem is in NP if there is a known polynomial-time algorithm for a non-deterministic machine to get the answer.
comment on this story

# I've been interviewed by Direct Matin Bordeauxposted December 2013

Today I was interviewed by Emeline Marceau from Direct Martin Bordeaux, a free newspaper that is directly competing against 20 minutes in France.

I already had my first interview with Vincent Glad from Slate (and now Canal+) 3 years ago. But this is different as it should be printed in a real newspaper with a picture of me. Well nothing is sure yet, crossing fingers.

comment on this story

# ThePirateBay.sx -> ThePirateBay.acposted December 2013

The Pirate Bay, literally surfing the web with their pirate ship, changing their URL once again. more info

comment on this story

Basically, if your computer gets compromised, everyone can read what's in your cookies. So you'd better not store important information that are not encrypted.

What is the work around ? Storing a token + his identification. When someone logs in, I create a random token and store it in the database under its name.

Next time the guy comes around, I see that he has a token, I check if its identification coincides with the token, if it does I log the guy in.

I've seen hardcore implementations where the token (in the database, and in the guy's cookies) is refreshed on every page. I find that a bit troublesome as the cookie expires after 5 days (in my implementation) so it's no big risks.

I could also have put a timestamp forbidding anyone to log in with that token after 5 days. But I feel like it would be over protecting.

comment on this story

# 塞翁失马posted December 2013

ran into that fable, made me think of bitcoins and litecoins.

A farmer had only one horse. One day, his horse ran away. All the neighbors came by saying, “I'm so sorry. This is such bad news. You must be so upset.” The man just said, “We'll see.” A few days later, his horse came back with twenty wild horses following. The man and his son corraled all 21 horses. All the neighbors came by saying, “Congratulations! This is such good news. You must be so happy!” The man just said, “We'll see.” One of the wild horses kicked the man's only son, breaking both his legs. All the neighbors came by saying, “I'm so sorry. This is such bad news. You must be so upset.” The man just said, “We'll see.” The country went to war, and every able-bodied young man was drafted to fight. The war was terrible and killed every young man, but the farmer's son was spared, since his broken legs prevented him from being drafted. All the neighbors came by saying, “Congratulations! This is such good news. You must be so happy!” The man just said, “We'll see.”
comment on this story

# Someone Bought A Tesla Using Bitcoinposted December 2013

Here it is, Lamborghini is now accepting bitcoins and the first purchase was made for a Tesla.

"Lamborghini Newport Beach is proud to announce that we are fully capable of accepting Bitcoin as legal tender for vehicles, We are excited to be opening the door to this new currency."

# Have you been pwned?posted December 2013

HaveIbeenPwned.com is a new website allowing you to check if your mail + password has been leak by some of those famous data breach. It's pretty bad, mine is compromised. Fortunately I use different passwords for different kind of websites. I use a garbage password for websites I don't trust, I use an easy and quick password to type for websites I don't care about, I use complicated password for more important things like my server, my steam account, my gmail account, my facebook account etc... and I regularly change them. comment on this story

# What are litecoins?posted December 2013

WhatAreLitecoins.com is a new website that's looking to get litcoins to the public. The site looks really nice and it makes me want to do something about bitcoins. I think my next project will be a litecoin chart. I wish I had the qualifications to do a litecoin market but security wise and technically wise it seems really difficult at my level. comment on this story