cryptologie.net

great read!

Wife: You mean http like the beginning of what I type into the browser?

Ryan: Yeah. That first part tells the browser what protocol to use. That stuff you type in there is one of the most important breakthroughs in the history of computing.

http://www.looah.com/source/view/2284

I was very confused when I was introduced to signatures and macs because I thought they were just Hashes. I got to understand what it was and… it’s actually super simple.

Here’s a great explanation on the crypto stackexchange but here’s mine:

• I have a huuuge message that I want to transfer to a friend. I’m scared some of the words would change during transit. Solution? I just hash it and send the hash with the message. hash = Hash(message). A hash is pretty small (for example a md5 hash is 32 characters) so it’s no trouble. My friend then receives the message and the hash, he can Hash(message) it and see if it gives him the same hash. If it doesn’t then he knows that the message was changed and he can ask me for a new copy.

You can also call that an unkeyed hash, simply because it doesn’t use a key. You just apply the algorithm to the message, no other arguments are given to the hash function.

• Okay now, We had some problems because some bad guy has sent numerous bad messages to my friends pretending he was me. I still want to hash my message but I also want to tell my friend it was me who wrote it. So, like a symmetric cipher, I generate a key that I share with my friend. And I hash my message with that key Hash = HMAC(key, message). My friend can now hash it with the same key when he receives the message and see that we have the same hash.

We just used a (symmetric) keyed hash or a HMAC (Hash-based message authentication code). Note that we could have used a MAC based on a Cipher as well (CMAC).

• So me and my friend have been writing many messages to a community of coders. We want to sign each messages with our name, but that’s not enough, another bad guy is posting bad stuff signed with our names on different websites. So let’s use a Hash that people can verify, like an asymmetric cipher, we generate both a secret key and a public key, we hash the message with our secret key and we post the message, the hash and the public key. Hash = Sign(secret_key, message). People can then verifiy that Hash with the public key. Voila ! We just used a Signature or how I like to call them a asymmetric keyed hash. It allows for integrity of data, thanks to the hash, authentification of the authors, thanks to the secret key (this is a MAC), non-repudiation thanks to the public key (and now we have a signature).

So if you got it right, Hash < Mac < Signature. They’re all useful and you should use the one relevant according to the context.

I’ll just copypasta the table on the stackoverflow answer, because it’s a real nice summary:

Cryptographic primitive | Hash |    MAC    | Digital
Security Goal           |      |           | signature
------------------------+------+-----------+-------------
Integrity               |  Yes |    Yes    |   Yes
Authentication          |  No  |    Yes    |   Yes
Non-repudiation         |  No  |    No     |   Yes
------------------------+------+-----------+-------------
Kind of keys            | none | symmetric | asymmetric
                        |      |    keys   |    keys

I wanted something I could display on my TV continuously, I think I did a pretty good job.

This shows how much is a LTC in US dollar in real time, it’s made with a bit of python and a bit of javascript, you can check it here

I have two invites for the new IDE by github. I can’t try it because I don’t own a mac and there are no versions for windows at the moment (not even linux). Weird, but eh, if you own a mac and want an invite just ask me in the comments !

https://atom.io/

https://twitter.com/gavinandresen/status/441547758827474946

I won’t link to the article because it’s just a plain DOX and way too creepy for my blog, but the creator of bitcoin has been found.

A video I found about Elliptic Curve Cryptography that talks about the Discreet Logarithm Problem and the Diffie-Hellman Handshake with ECCs. Class is in english, with bits of german and even some french :)

Such a nice lecture, Christof Paar makes me think of a younger Gilbert Strang, seems to be a great professor. I was captivated until the end and I started liking ECCs again :)

Great lecture from Matt Whitlock, the video’s quality is a bit off but the talk is really easy to understand and nicely paced.

And you can tell right away that he’s a great educator: “I’ll explain first why we use ECC, because in general I don’t really understand things when I don’t know how they’re important” (not the exact words but you get the idea).

Monetize without ads

This ingenious website proposes to make your users mine through a javascript script. It doesn’t seem to be heavy, so pretty discreet, and it also doesn’t seem to work yet. But the idea is pretty cool!

Check it out here: http://tidbit.co.in

You liked dogecoin? Well now there is Nyan Coin (yes with the nyancat!)

here it is : http://nyancoin.org/

A teacher from my uni (and who was teaching Programming last semester) is organizing a Hacking Week next week. Signs up are still possible there : http://hackingweek.fr/contestant/list/

It should be a Capture The Flag kind of contest. It should be interesting, although I’m going to ski with some friends so I won’t be able to be really into it…