Tuesday, February 19, 2013

Randomness is Security...

This is me - on the quest to find a rule for secure passwords that I can remember and reuse regularly.
Of course other wiser people spend much more time on this topic, but reinventing the wheel is quite fun, and nothing is more educating. And perhaps it will help you understand the problem of security a bit better.


Dictionary Hack

I assumed a cracking speed of 1000 guesses/second, and assumed a dictionary crack (i.e. simply trying out words in a predefined list and comparing the resulting hash to the target hash).

If you take a list of 4 million words (perhaps words used 99% in languages based on the latin alphabet), then testing each word in the list takes a total of:

4 000 000 / 1000 (seconds) => /60 (minutes) => /60 (hours) => /24 (days)
= ~1h 07

... around 1 hour and 7 minutes.
If you try repeating the words, say twice in a row, you now have 4 million extra words to test, each being the double a word from the original list.
Repeat three times, you have another 4 million rows.
... this makes for a nice linear progression;

So if you take a random word, say "closet", and repeat it 9 times: "closetclosetclosetclosetclosetclosetclosetclosetcloset" as you password, it would only take 8 hours to hack your password.



If you take more realistically, only half a million words, the password above would be discovered in 1 hour 30 minutes. (I would have taken less honestly, but the red line would hug the bottom axis and no relevant progression could be seen. So just imagine that for a realistic amount, only perhaps 5000 commonly used words which includes words you use for your password, hacking your password would be as fast as it takes you to click a mouse button).

Brute Force

Now if you just use random letters, numbers and symbols, your password could be: "A!diT0la%"
Brute Force works by trying out every possible character combination for a certain set of characters

So if you use all small letters [a-z] (26), capital letters [A-Z] (26), digits [0-9] (10), and some special signs [!"§$%&/()=?*'#+~] (16), for every possible character in your password, you have a total of (26+26+10+16 = 78) characters to chose from.

So for 1 letter passwords, you can try a maximum of 78 times before guessing the password.
At 2 letters it is already 78*78, because every character can be combined with itself and all other characters in the list, which makes for 6084 maximum guesses.
... this is exponential growth:


Already at a password length of 4 characters (ex. "$jO9") it takes 10 hours to go through all possibilities. If you just use 6 random lowercase letters [a-z] (ex. "lbocca") it takes ~85 hours (3.5 days) to try all possible guesses. Using 6 random characters with 78 options (ex. "§klOD&"), it takes 801 hours (~1 Month) to go through all options.

Randomness

Yes, the longer the password you use, the longer is the maximum time it takes for it to get cracked.
but "closetclosetclosetclosetclosetclosetclosetclosetcloset" is not as secure as "§klOD&"!

This is due to randomness(!) - the more predictable you are, the easier it will be to exploit you.

And using known words "closet" is more predictable than using random characters "§klOD&". And for a computer to check if you used "closet" 9-times in a row, or with a 1 at the end, really isn't that much more of a trouble.

So the goal when attempting to create security, is to be random enough to fool potential attackers, but organised enough to be able to remember your own password. (Try remembering "!9dA85Dso§d" ;)

This demonstrates beautifully, that  Security is always a matter of finding a balance between usability(can i remember my password?) and risk attitude (how ok is it if my password gets cracked?).


Update: here a link to some other opinions on word repetition in a password.

Friday, February 15, 2013

Restarting my running training...

I want to talk about a particular aspect of being good at something - the fact that if you stop doing it, after some time you actually lose form and start getting worse than you have previously been. That makes it all the harder to start again.

Last year I started running regularly, following a specific training plan, and even improved quite well, going from barely being able to wheeze out 5km in 30', to running half-marathons and doing 5km in 22'. After about 4 months of intensive training, I failed to recognize the need for long-term planned training, including recovery periods, and had a burn out. Now it's half a year later and I still haven't reached the same level of training control as during those 4 months.

Here is the list of arguments, that kept me from returning to my previous training ambitions:
  1. I had burn out, and couldn't run near the times and distances that I could during my previous training. (later i realized this was normal, and was just a sign, that I needed to take it easy for a month or so, running slowly and shorter distances, before beginning again with intensive training)
  2. I wanted to switch to triathlon training, which included bicycle and swimming training units, thus I couldn't naturally run as much as I did previously. (In theory true, but in effect I only swam and biked in alteration once a week. Thus I just trained less, running 1-3 times a week.)
  3. I was very occupied at home and work, and didn't have the piece of mind to simply start training properly again. 
  4. By now I was losing form, and thought that I shouldn't train so much as I had planned - so I let planned training units drop away.
  5. Then it got cold during Winter.
  6. I got sick.
  7. I weigh 6kg more than 3 months ago. My knee hurts a bit when I run. I can't sprint even just 400m.

But there's light at the end of the tunnel :P !
I miss running, and I miss feeling strong & healthy.

So even though I couldn't run 10km enjoyably and can't get a speed of more than 8km/h without killing myself, I am restarting my training.

I found a plan, that helps. But in the end I just want to get back to running.

Here's my plan for running every 2 days and improving my condition over time. I'll keep posting on how I'm getting on with it (by highlighting in green what I've done):

Walk/Jog progression: 

Day 0:

  1. 5' walk/1' jog (x5)
  2. 4' walk/2' jog (x5)
  3. 3' walk/3' jog (x5)
  4. 2' walk/4' jog (x5)
  5. 1' walk/5' jog (x5)
  6. 30' jog
Day 13:
  1. 30'
  2. 30'
  3. 30'
  4. 35'
  5. 30'
  6. 30'
  7. 35'
  8. 35'                                      14. 35'                                      20. 45'
  9. 30'                                      15. 40'                                      21. 45'
  10. 35'                                      16. 40'                                      22. 45'
  11. 35'                                      17. 40'
  12. 35'                                      18. 45'
  13. 40'                                      19. 40'
Day 39...

... after 3 months I will be running 45' at a solid pace, my legs and body being accustomed to running again, without over-doing my training with any such things such as interval-training, progressions, or long-distance running.
So hopefully for this summer, I can start my next dream of successfully preparing and completing a marathon, and maybe even some triathlon competitions.

I want to get back to running, and go about it in a smart way that won't execute my body, but ensures my long-term happiness instead.

The power of "Just start doing it"

Generally, when I identify myself with a task - I think about how to get it done...
I think about it. - the root of all my problems.

I begin imagining all the interesting problems that a task carries with it. I imagine all the fun it would be to solve them. I even categorize into basic stuff that needs to get done, and the fancy stuff that is more of a "nice-to-have-but-not-necessary". But of course, the fancy stuff is what makes this task stand out - it is what appeals to me.
It is the fancy stuff that I identify with. It is what impresses other people, it is what lights a flame of interest and wanting to take part in them. It is the fancy things that represent what I feel and think, which define my individuality and allow for me to be satisfied with what I create.
And thus it happens, that I tend to forget about the basic stuff, since those are "obvious" issues.

But it is the basic aspects that are the heart & blood of anything that needs to get done. Take a look at yourself - when you consume a thing somebody else has created, say, read an article, attend a workshop - the first things that you look for are basic traits, that help you find an orientation and get an entry into whatever topic you're currently dealing with.
These basic things are what opens the door to all the fancy stuff that's hidden behind it. The quality of the basic things is 80% of whatever you are doing.

So just start doing the basic things, and worry about the fancy stuff when you get to it.

Thursday, January 17, 2013

Taking loneliness personally

... how does this even fit into the Blog topic?
For one, I take it that "smart" people must to some point know loneliness. I consider being smart directly related to thinking. And thinking requires being alone - not talking, not listening. Just thinking.

Just as a side note. Some people might object, that being smart also implies knowing when to not think, and rather act. But strategically seen - not operationally, i.e. in not in the radical short term - thinking is the conditio sine qua non of being smart, and becoming smarter.

But this post is about the dangers of thinking. Particularly when concerning other people. When trying to make sense of emotions.
When you think a lot, practically non-stop, your emotions don't just stop occurring, no matter how much thinking and feeling don't go together. Emotions need to be dealt with though, and that often doesn't work by thinking. Perhaps it comes with experiencing things, that one has a better grasp and feeling for one's emotions.

So I walk through the street, and someone looks at me, thinking that I look weird... and that girl there, she smiled when she looked at me, I image how nice it would be if I went and talked to her. My boss at work said what I had completed was lacking features - he probably thinks I'm useless; and that football fan asshole at the bus station wouldn't stop smoking. At acrobatics practice though my partner was really open. She usually isn't that honest with me. I probably misjudged her when we just got to know each other.

The point is, none of this is true. That guy in the street couldn't give a damn less about me, and the girl is allowed to be simply happy. My boss didn't complain about what I'd done and actually offered my some suggestions that would make my software more integrated into his work. The football fan was just relaxing after an entire day of teaching kids. And my partner - well I'll never get her.

... and even this second version... is just a version. It all depends on the view point. When you think about it, different view points can start making sense.
But emotions don't make sense. And when you are lacking balance with something, your mind starts making things up.
You interpret feelings into places where they just don't belong. Go through life and be aware of what you feel, but don't let it get in the way of your understanding of the world.

Being lonely means you think too much. And you know you're thinking too much when you start taking simple facts of life personally.
Be open.
Be honest.
Show others what you feel, and be open to experience what they are feeling.
Honestly, if you can experience more with other people with less thinking, you'll be much less lonely. And personally, you'll feel much better.


Tuesday, January 8, 2013

Slightly dull but done is better than interesting just started

Hehe - the implication of the blog title, is supposed to be that I'm smart, but that I can't seem to get things done. I mean, I do get things done, but they never seem finished to my satisfaction. (... might sound arrogant.)

Being a reluctant student at university, I plague myself with educational tasks that I don't really want to do, the latest of which being my Seminar. I have to create a 20 page research essay on some topic.

I got going quite well, but then got mired down in muddy incomplete and mutually exclusive economic theories, and I ground to a halt.

Firstly, what helped me the most was to accept that I wasn't going anywhere.

My evenings suddenly became tolerable, I didn't stay up late into the night trying to figure out things I had no clue about. And I started to re-write my essay, leaving out much of the tasty things that I had wanted to include.
I'm not quite done yet, but I hope in 3 more days to have a presentable copy.

But what this experience made me think of the most, was the fact, that I seem to repeatedly find myself in situations, where I start out well, and then get into trouble because I try to do something fancy and exciting.
Nothing speaks against it, but tbh. I consider getting dull things fully done to be more exciting than starting  exciting things.


Maybe if you get some slightly dull things done easily, you still have time to do some other cool things.