david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. I'm also the author of the Real World Cryptography book. This is my blog about cryptography and security and other related topics that I find interesting.

Quick access to articles on this page:

more on the next page...

I'm turning nuts posted November 2013

I feel like I've been doing a hackaton these past few days trying to finish my sudoku solver. I had to hand it in 2 hours ago but still haven't finished... I really hope this won't affect my grade too much.

I've been learning a lot of Emacs, C, using gcov, gprof, LaTeX... I'm so confused right now and my code has became so dense that it's hard for me to debug it.

Yesterday, suddenly, I found something really stupid in my sudoku grid generation that I couldn't fix. A day after, I found the solution, randomly, fixing it created a huge load of other issues. I have been re-inspecting my whole code all day long and I'm stressed by this deadline that I already passed.

Gosh that is a hard course.

And... because of this, I missed a day writing on my new application. I was on a 9-day strike :(

comment on this story

What is the enlightenment I'm supposed to attain after studying finite automata? posted November 2013

I'm studying automata, it's sort of a "logical" subject that reminds me of studying mathematics. It looks cool, it only asks your brain to think, not to memorize, and you don't really know what's the real use of it.

If you want to take a peak at what I'm studying, you can find a similar course on Coursera given by Jeff Ullman from Stanford (yes, obviously I should have moved to the US and attend Stanford).

Well, someone nicely asked what I was thinking on Stackoverflow, and someone else nicely answered.

comment on this story

NSA infected 50,000 computer networks with malicious software posted November 2013

Example about Belgium:

One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customer’s telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
more info here comment on this story

Réseaux posted November 2013

I have an exam of Réseaux (Network) tomorrow and the slides of my prof are... how could I say this... not really clear. We have practical applications classes but they were... organized in the worst possible way. The subject did seem interesting at first but I felt like I learned nothing. Hopefully for the past few weeks I've been using the wonderful online course An Introduction to Computer Networks given by Nick McKeown and Philip Levis both very competent profs from Stanford. It seems like I should have gone there for my master of Cryptography :) Anyway, I'm doing with what I have here and I feel blessed studying Cryptography right when free online courses started becoming a thing.

The course is available here.

comment on this story

Bullrun posted November 2013

Bullrun or BULLRUN is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA). The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the NSA's BULLRUN Classification Guide, which was published by The Guardian, BULLRUN is not a Sensitive Compartmented Information (SCI) control system or compartment, but the codeword has to be shown in the classification line, after all other classification and dissemination markings. Information about the program's existence was leaked in 2013 by Edward Snowden.

from https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29" target="_blank">wikipedia.

comment on this story

Sudoku Solver posted November 2013

My Programmmation class first part is about coding a sudoku solver. We have to do everything in english, we have to commit with svn, we have to write a final report with LaTeX.

Every week we're given some vague guidelines and we have to dive deep into C to first, understand what we have to do, and secondly, find solutions in a language we've never really played with before. We have to turn in what we did every week, if our code doesn't compile it's a zero, if it does compile it goes through a multitude of tests that quickly decrease your grade (out of 20). Let's just say I spent many nights and early mornings coding and I started the first week with a 2/20.

It felt like a crash course, it felt unfair at times, but holy cow did I learn some C in a really short amount of time. Props to my professor for that, and I wish I had more courses like that. I might not get the best grade out of this course but I sure learn the most things there.

I've also committed everything I've done on a public git repo so everyone can see how it looks like here :

https://github.com/mimoo/sudoku

You can compile with make, learn how to use with ./sudoku -h

It can read sudokus of different sizes from 1x1 to 64x64 as long as it is presented like this :

#this is a comment

5 3 _ _ 7 _ _ _ _

6 _ _ 1 9 5 _ _ _

_ 9 8 _ _ _ _ 6 _

8 _ _ _ 6 _ _ _ 3

4 _ _ 8 _ 3 _ _ 1

7 _ _ _ 2 _ _ _ 6

_ 6 _ _ _ _ 2 8 _

_ _ _ 4 1 9 _ _ 5

_ _ _ _ 8 _ _ 7 9
2 comments