david wong

Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Quick access to articles on this page:

more on the next page...

Cameron Winklevoss AMA on Reddit posted December 2013

winklevoss

There's an AMA on reddit right now from one of the Winklevoss brother. If you never heard of them, they were the one who originally came up with the idea of facebook but got it stolen after trying to hire Zuckerberg to code it. They're pretty famous in the bitcoin community for having bought 11million $ of bitcoins before April's big crash. The wonderful thing is, they hold on to their bitcoin during the crash. They must be very clever people because they're now, richer than ever.

Some of the interesting stuff from that AMA :

Have he sold any bitcoin?

I have yet to sell a single bitcoin.

What's the future of bitcoins?

small bull case scenario for Bitcoin is a 400 billion USD dollar market cap, so 40,000 USD a coin, but I believe it could be much larger. When this will happen, if it happens, I don't know, but if it happens, it will probably happen much faster than anyone imagines.

How did he learn about bitcoins?

Partying on a beach in Ibiza, where else?

Other altcoins?

I have not invested in any altcoins because I don't believe that any of the "problems" or issues that they address can't be addressed by Bitcoin itself.

There is a dog coin that seems to be a big joke : www.dogecoin.org

░░░░░░░░░▄░░░░░░░░░░░░░░▄░░░░ ░░░░░░░░▌▒█░░░░░░░░░░░▄▀▒▌░░░ ░░░░░░░░▌▒▒█░░░░░░░░▄▀▒▒▒▐░░░ ░░░░░░░▐▄▀▒▒▀▀▀▀▄▄▄▀▒▒▒▒▒▐░░░ ░░░░░▄▄▀▒░▒▒▒▒▒▒▒▒▒█▒▒▄█▒▐░░░ ░░░▄▀▒▒▒░░░▒▒▒░░░▒▒▒▀██▀▒▌░░░ ░░▐▒▒▒▄▄▒▒▒▒░░░▒▒▒▒▒▒▒▀▄▒▒▌░░ ░░▌░░▌█▀▒▒▒▒▒▄▀█▄▒▒▒▒▒▒▒█▒▐░░ ░▐░░░▒▒▒▒▒▒▒▒▌██▀▒▒░░░▒▒▒▀▄▌░ ░▌░▒▄██▄▒▒▒▒▒▒▒▒▒░░░░░░▒▒▒▒▌░ ▀▒▀▐▄█▄█▌▄░▀▒▒░░░░░░░░░░▒▒▒▐░ ▐▒▒▐▀▐▀▒░▄▄▒▄▒▒▒▒▒▒░▒░▒░▒▒▒▒▌ ▐▒▒▒▀▀▄▄▒▒▒▄▒▒▒▒▒▒▒▒░▒░▒░▒▒▐░ ░▌▒▒▒▒▒▒▀▀▀▒▒▒▒▒▒░▒░▒░▒░▒▒▒▌░ ░▐▒▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░▒░▒▒▄▒▒▐░░ ░░▀▄▒▒▒▒▒▒▒▒▒▒▒░▒░▒░▒▄▒▒▒▒▌░░ ░░░░▀▄▒▒▒▒▒▒▒▒▒▒▄▄▄▀▒▒▒▒▄▀░░░ ░░░░░░▀▄▄▄▄▄▄▀▀▀▒▒▒▒▒▄▄▀░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▀▀░░░░░░░░

comment on this story

Reed-Solomon posted December 2013

picture of a cd

The last things we studied in Arithmetic are the Reed-Solomon codes. It's a type of code you use to, not encrypt your information, but create redundant information in your final code. So when you read your code, if there are errors or missing parts, you can still decode it. It's not perfectly redundant like dog's ADN is. The redundant code is changed in a certain way so you can guess what the missing parts are.

A few days ago I was on the road to La Fête des Lumières (in Lyon) with 4 germans I met in Bordeaux. The driver had an old CD with a few mainstream and german songs on it that he wanted to play, problem, the CD was damaged, solution? None. Didn't need a solution. The CD still played, although sometimes it was indeed jumping, most of the time it was playing correctly. How is that?

Well, the information burned on the CD is coded thanks to Reed-Solomon's algorithm so that you can still guess what was burned on it through particular redundant code. This redundant code is (and I'm taking a guess here) what is used when your computer asks you "do you want to check if there was no error?" right after burning your CD.

more info on wikipedia

comment on this story

NP Complexity posted December 2013

Ahhhh, what is P, NP, NP-Complete and NP-hard. Found this quick explanation. Still reading on the subject. I feel like It might take me a lot of time until I can be able to explain that easily to someone who has no idea what it is.
true mastery of a subject is achieved when you can explain it simply
Here's a stackoverflow pretty simple explanation
A decision problem is in P if there is a known polynomial-time algorithm to get that answer. A decision problem is in NP if there is a known polynomial-time algorithm for a non-deterministic machine to get the answer.
comment on this story

I've been interviewed by Direct Matin Bordeaux posted December 2013

Today I was interviewed by Emeline Marceau from Direct Martin Bordeaux, a free newspaper that is directly competing against 20 minutes in France.

I already had my first interview with Vincent Glad from Slate (and now Canal+) 3 years ago. But this is different as it should be printed in a real newspaper with a picture of me. Well nothing is sure yet, crossing fingers.

comment on this story

Storing plain passwords in cookies posted December 2013

I've always stored plain passwords in cookies. And today I decided to educate myself about cookies a bit. Well, I was expecting that : you should not store plain passwords in cookies.

Basically, if your computer gets compromised, everyone can read what's in your cookies. So you'd better not store important information that are not encrypted.

What is the work around ? Storing a token + his identification. When someone logs in, I create a random token and store it in the database under its name.

Next time the guy comes around, I see that he has a token, I check if its identification coincides with the token, if it does I log the guy in.

I've seen hardcore implementations where the token (in the database, and in the guy's cookies) is refreshed on every page. I find that a bit troublesome as the cookie expires after 5 days (in my implementation) so it's no big risks.

I could also have put a timestamp forbidding anyone to log in with that token after 5 days. But I feel like it would be over protecting.

comment on this story