By
anders pearson
04 Mar 2002
lani was up for the weekend. we intended to hang out with mimi while she was back visiting new york but managed to miss her at every turn.
<p>on friday night we went down to some club called the ‘slipper room’ in soho to see Avenue D (daphne and debbie’s dirty rap group) perform. everyone there was young and annoyingly trendy. there was excitement in the air because a rumor was floating around that Daft Punk was hanging out in the club that night. but no one knows what they look like so it turned into a game of ‘spot the french guys’. they probably look just like any of the other young trendy people though so i don’t think anyone was successful.</p>
<p>Avenue D was good though. they had 6 or 7 songs this time; much more than the 1 and a half songs they had last time we saw them. while it doesn’t seem possible, they’ve gotten even raunchier. apparently they’re even starting to build a small following.</p>
<p>on saturday caron came over and we went out for mexican food (living in a latino neighborhood means that i have to deal with a near constant assault of loud salsa and spanish dance music but redeems itself with the high availability of quality burritos) and watched Ghost World.</p>
By
Mark Boudreau
04 Mar 2002
Not everyone who visits this site went to Bates, but for those of us who did, I thought you might appreciate knowing about this:
<p><a href="http://www.bates.edu/x23053.xml">http://www.bates.edu/x23053.xml</a></p>
<p>The details that have been released so far say that basically, some Bates students got into an altercation with some locals, and a kid from the class of ’02 was stabbed to death.</p>
By
Mark Boudreau
01 Mar 2002
Wow. Mention your web site on Rush Limbaugh and you get a lot of visitors. The president of my organization understood this (Even when he implied that you could get a free copy of the Constitution/Dec. of Independence from our site), I’m sure, but we really weren’t prepared for the onrush of people. The web site (Apache/Linux) held up pretty well, even with load times over 1.0, but alas, our firewall couldn’t keep up. So things are/were pretty slow for most of this afternoon. I’ll be interested to see just how many people came as a result of the publicity.
By
anders pearson
01 Mar 2002
pretty much everyone who studies cryptography a little eventually thinks they’re clever and comes up with their own encryption scheme. of course, since they’re just amateurs, most of these schemes are easily broken by any expert who has time to crack it. but experts’ time is precious so the end result is thousands and thousands of (weak) amateur encryption routines floating around. still, coming up with your own encryption scheme is fun and good practice so here’s my attempt. i at least know enough to do a little analysis and maybe point out some of the interesting parts. it’s a pretty straightforward cipher so i’d be surprised if no one else has independently discovered it, but i couldn’t find anything similar in the small collection of crypto books in my apartment.
<p>first, i need to explain a little about pseudo-random number generators (<span class="caps">PRNG</span>s). since it’s really impossible to generate true randomness with a deterministic machine like a computer (as Von Neumann said: “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.”). so when computers need “random” numbers, they resort to <span class="caps">PRNG</span>s, often using a “seed” from the outside world. a <span class="caps">PRNG</span> is essentially a mathematical function that given a particular number as input will give you another number as an output in a way that doesn’t really have any predictableness or pattern to it. you generate a series of random numbers by feeding the output of each cycle back in as input. you can generally prove that for any starting “seed”, a given <span class="caps">PRNG</span> will eventually loop back to the beginning and give that seed as output after a certain number of cycles. the better the <span class="caps">PRNG</span>, the more cycles you have to go through before you get this repetition. the algorithms most cryptographic applications use will only loop after somewhere on the order of 2^256 cycles. since that’s more than the number of atoms in the universe, even though it’s not “true” randomness it’s usually good enough for practical applications.</p>
<p>the other key thing to understand with <span class="caps">PRNG</span>s is that they should be repeatable. meaning that if you give it the same seed twice, you will get the same sequence of random numbers both times. this is useful because it lets you check the results of some simulation that you may have used the numbers for. it also means that if you really want random numbers, you have to be careful to pick a seed that can’t be guessed. so usually some kind of outside source of randomness will be used as the seed, eg, a number based on the time between keystrokes as the user types.</p>
<p>also a note about one-time pads. one-time pads are the only <em>provably</em> secure cipher. as long as the key used is longer than the message being encrypted, is random, and the same key is <strong>never</strong> used more than once, a one-time pad provides perfect encryption. the problem is that the restriction of keys never being used more than once makes them somewhat impractical.</p>
<p>my cipher essentially makes use of a <span class="caps">PRNG</span> to generate keys for one-time pads. here’s how it works:</p>
<p>Alice and Bob have a shared number K<small><sub>A-B</sub></small> that they generated randomly (using a “true” random number generator) that’s about 128 bits long (or longer if they’re really paranoid). they’re the only ones that know the number and have gone to great pains to keep it secret. there is also a <span class="caps">PRNG</span> P which is public, has a really long period (ie, it’s a good <span class="caps">PRNG</span>) and is repeatable.</p>
<p>when Alice wants to send a message to Bob, she generates another random number S (also about 128 bits long). then she takes the bitwise <span class="caps">XOR</span> of S and K<small><sub>A-B</sub></small> (<span class="caps">XOR</span> is the exclusive-or logical operation: 1 <span class="caps">XOR</span> 1 = 0, 1 <span class="caps">XOR</span> 0 = 1, 0 <span class="caps">XOR</span> 1 = 1, 0 <span class="caps">XOR</span> 0 = 0). she uses the result of this <span class="caps">XOR</span> as a seed for P. the string of random numbers that P produces, she uses as a one-time pad key for encrypting her message M. she takes the resulting ciphertext C and sends (C,S) to Bob. </p>
<p>to decrypt, Bob takes S, <span class="caps">XOR</span>s it with K<small><sub>A-B</sub></small> and feeds it to P to produce the one-time pad key. with that he decrypts C to retrieve M.</p>
<p>that’s all there is to it. what i think makes this algorithm interesting is that it offloads all the security to K<small><sub>A-B</sub></small> being secret and large enough that guessing it would be pretty much impossible and to the <span class="caps">PRNG</span> not being predictable. if fact it should be fairly simple to prove that cracking this scheme is <em>entirely</em> dependent on discovering a pattern in the <span class="caps">PRNG</span>. while i’m not an expert, i believe that there are some pretty good <span class="caps">PRNG</span> algorithms out there. however, i would guess that, similar to how we suspect but haven’t ever proven that factoring large numbers is extremely difficult, the best we could do for a <span class="caps">PRNG</span> is suspect but not prove its lack of predictability.</p>
<p>the drawback may be that since you have to generate a new random S for every message, the generation of S could be slow if you require that S also be truely random. i’m not sure if that’s really a requirement though; it’s probably good enough if S was generated from a <span class="caps">PRNG</span> that was given a truely random seed. in that case, we could also prove that the speed of encrypting and decrypting is pretty much dependent on the speed of the <span class="caps">PRNG</span>.</p>
<p>the advantages are that if you have a <span class="caps">PRNG</span> which you know to be efficient and secure, you can do encryption that is just about as efficient and just as secure.</p>
<p>from a theoretical point of view, the cipher may be interesting because it is provably as secure as the <span class="caps">PRNG</span>. eg, Rabin public key encryption, though not used very much, was considered a big theoretical advancement because it was provably as secure as factoring large numbers. ie, you could crack Rabin encryption if and only if you could factor large numbers. <span class="caps">RSA</span> on the other hand, <em>may</em> someday be shown to have other weaknesses.</p>
By
sarah
27 Feb 2002
I dumped a pile of pictures of me up on my site. Sort of a retrospective of my first night out shooting. I’m planning to take more next week. Actually, I took a pile and they sucked, so I’m waiting for a gf from down for the weekend and take some more… and help me using this bloody camera…
By
Mark Boudreau
27 Feb 2002
“Without concord, one option is left: Congress must step in to protect valuable creative works on the Net and thereby benefit consumers by giving them another choice for movie viewing.” — Jack Valenti
<p>Umm. You know what he is asking for don’t you? He wants <a href="http://www.wired.com/news/politics/0,1283,50702,00.html">Fritz Hollings to save the day</a>. I want to know why the fact that movies can’t be “distributed securely” on the Internet is a justification for the government regulating an entire industry.</p>
<p>I don’t mean to preach to the choir. But Fritzy is holding hearings on this topic this week, and it very well may come to pass that the government and the entertainment industry dictate how our computers can be set up. In addition, it would already be illegal to bypass the security that they’d like to place on <span class="caps">OUR</span> computers. Ugh.</p>
<p>And just because some of you may live outside the US, <a href="http://www.wired.com/news/politics/0,1283,50658,00.html">don’t assume that you are safe.</a></p>
By
lani
27 Feb 2002
well, except for the moment when i regurgitated a bit of my lunch, i’d put the veggie dog on my successful meat substitute list. not that you really need to find a “substitute”, but if you’re going to please make it palatable. now i am pro tofu. i will eat tofu in any form possible (raw, sweet, with cherries on top), EXCEPT for “tofu pups.”
<p>oh how i despise them. i tried them raw. i tried them cooked. i even tried them with condiments. but i tried in vain.</p>
<p>so when anders wanted to pick up veggie dogs at the store, i admit that i could still taste tofu pup. but the voice of reason told me that you have to try more than one brand, especially of these things. anders had to leave before we ate them, so i thought i would promote their tastiness. i’d say they had a milder taste than tofu pups with a hint of soy fields in kansas. i’m not sure if they are my chosen snack yet, but maybe that has more to do with me eating them dry and with a pita. i suspect that with the right toppings thought that they’d be quite delectable. suggest a french rose sec.</p>
By
anders pearson
25 Feb 2002
ok, so i’ve finally made the newest version of the thraxil source code available for inspection.
<p>as i try to make clear in the <a href="code/README"><span class="caps">README</span></a>, it’s not really in a condition that one could take it and just install it on another machine and expect it to work. this release is more so people can take a look at the code, point out any problems they see, or just see how certain things work.</p>
<p>enjoy.</p>
By
anders pearson
25 Feb 2002
after discovering that feb 22 != mar 22 and therefore prasanth wouldn’t be visiting this last weekend, i found myself with some unexpected free time. so i went down to DC to hang out with lani, cj, and my sister who was down visiting cj (after she’d spent a couple days hanging out in new york with me).
<p>corey (my sister) had to catch a train back up to maine on saturday afternoon so we pretty much only had friday night to all hang out together. so we got a bunch of beer, ordered some pizzas and stayed up all night watching movies. children of the corn 2 and 3 were cj’s picks (he’s a bit of a horror movie fan). then tank girl, one of my all-time favorites that neither lani nor my sister had seen.</p>
<p>we eventually passed out and slept a while. on saturday we brought corey to the train station then lani and i went back to hang out at her place. lani had a japanese study group meeting that she had to go to. they were meeting at a cafe in her neighborhood and i tagged along because i didn’t have anything better to do. it was really warm, i’d just filled my belly with food, i hadn’t slept much the night before and everyone around me was talking in a language i don’t know. so i fell asleep. i’ve slept in plenty of strange places before but i think this was the first time i’ve dozed in a restaurant/cafe type environment. </p>
<p>when they finally poked me awake and everyone left lani and i went to the Asylum for those wonderful 25 cent pints. after dinner we watched, with lani’s roomate kim, this japanese action movie called <a href="http://us.imdb.com/Title?0116015">non-stop</a>. it bills itself as “a cross between pulp fiction and run lola run”. i wouldn’t give it quite that much credit but it was pretty amusing and strange.</p>
<p>on sunday we walked down to a organic grocery store to procure fruit for breakfast. they had a vast selection of soy cheeses; i was most impressed. we pretty much lounged around for the rest of the day till right before i had to go when lani attacked me with scissors. well, she mostly attacked my hair. a very subtle trim designed to make it do less of a crack-addict-esque frizz thing.</p>
<p>on the bus back, i discovered that the batteries in my diskman had died so i was pretty much forced to watch some horrible movie about racecars with sylvester stallone. ugh.</p>
By
sarah
24 Feb 2002
Shit: noun, verb, exclamation, denegration;
<p>the ‘final act’ of a great meal.</p>
<p>An act of giving with no expectation of return.</p>
<p>A purging of the purpled prose of life.</p>
Shit—it falls with scarce a thought and much relief.
<p>The ultimate act of solitary solidarity with the self.</p>
<p>A woman, giving birth, is not alone,</p>
<p>but here there is no divison of the sexes,</p>
<p>in the ingored, ignoble action </p>
<p>of the cycle of life.</p>
<p>Is poetry that different?</p>