Forgot your password?
typodupeerror

Comment: Re:Nice (Score 4, Interesting) 719

by CrashandDie (#44284007) Attached to: Edward Snowden Nominated For Nobel Peace Prize

You may want to stop drinking the Ghandi koolaid brought to you by Western Civilisation. From what I can tell (which is probably very biased as well), Ghandi isn't seen in some parts of India (Tamil Nadu, in my experience) as the great saviour of the nation as he is hailed by the media in the rest of the world.

He was someone who looked down on a number of castes, was an incredible imperialist, and hence very loyal to the British Empire. He didn't fight apartheid in South Africa because he believed the Whites were wrong, he fought it because he believed "clean Indians" were above "uncivilized races".

http://www.raceandhistory.com/historicalviews/ghandi.htm
http://www.trinicenter.com/WorldNews/ghandi5.htm
http://www.trinicenter.com/oops/gandhi2.html

Also, from Velu Annamalai's recommended readings regarding Gandhi:

Ambedkar, B.R. What Congress and Gandhi Have Done to the Untouchables. Bombay: Thacker, 1945.
Annamalai, Velu. Sergeant-Major M.K. Gandhi. Bangalore: Dalit Sahitya Akadiy, 1995.
Assisi, Francis. "Gandhi's Links with South Africa Examined." India West, 28 Sep 1990: 45.
Assisi, Francis. "Mahatma Gandhi's Links with SA Blacks Questioned." News India, 28 Sep 1990: 1.
Assisi, Francis. "Two New Books on Gandhiji." India West, 28 Sep 1990: 45.
Das, Nani Gopal. Was Gandhiji a Mahatma? Calcutta: Dipali Book House, 1988.
Edwards, Michael. The Myth of the Mahatma. London: Constable, 1986.
Gandhi, Mohandas K. Untouchability. Edited by Bharatan Kumarappa. Ahmedabad: Navajivan Publishing House, 1954.
Grenier, Richard. The Gandhi Nobody Knows. Nashville: Thomas Nelson, 1983.
Grenier, Richard. "The Gandhi Nobody Knows." Commentary (Mar 1983): 59-72.
Huq, Fazlul. Gandhi: Saint or Sinner? Foreword by V.T. Rajshekar. Bangalore: Dalit Sahitya Akadiy, 1991.
Kapur, Sudarshan. Raising Up a Prophet: The African-American Encounter with Gandhi. Boston: Beacon Press, 1992.
Rajshekar, V.T. Hinduism, Fascism and Gandhism: A Guide to Every Intelligent Indian. Bangalore: Dalit Sahitya Akadiy, 1984.
Rajshekar, V.T. Why Godse Killed Gandhi? Bangalore: Dalit Sahitya Akadiy, 1986.
Rajshekar, V.T. Clash of Two Values: Mahatma Gandhi and Babasaheb Ambedkar (The Verdict of History). Bangalore: Dalit Sahitya Akadiy, 1989.

Comment: Re:What's really needed... (Score 1) 129

by CrashandDie (#43764261) Attached to: Password Strength Testers Work For Important Accounts

Hi, thanks for the reply. For the record, I used to deploy these systems for a living.

The key is destroyed. That's the only way they can still use 3DES as the shared key, and still be FIPS compatible. When the key or card is issued, the AS generates a seed. This seed is known to both the token and the authenticator. Two other things are shared/known by both parties, the EC (Event Counter, the number of times the device has been used, randomly initialised), and the TC (Time Counter, ticks with roughly every second, most AS systems account for drift). The seed is used by both the AS and the token to generate a common (and exactly the same 3DES key).

Every time an OTP is generated, the last digit of the EC and the TC are prefixed to the actual OTP. As soon as the OTP is generated, the 3DES shared key is overwritten with a new one, which was seeded based off the previous 3DES key. The same key is never used twice to generate an OTP.

How does the server figure it out? Well, when the server receives an AA using an OTP, it looks at the first digit. It then looks up in its database what the last used EC was, say 3320, but the digit it read was a 4. It knows it has to test 3324, 3334, 3344, 3354, 3364[1], up to the upper limit before the token is considered "desynchronised". Same thing for the TC, except that this one is just current_time +/- token drift. Again, only the last digit is provided, which gives the AS two or three values max to check. Then comes the OTP, which the AS computes on the fly, for every EC/TC combination it calculated. If none match, the AA is rejected, and the token flagged.

If, however, the AS validates the AA, then it updates the EC/TC in its records, and also accounts for the drift of the token. It then also stores the new key, as defined by the EC and TC.
The token doesn't know whether the AS accepted the AA or not, which is why it overwrites its own key every single time.

AS: Authentication Server
AA: Authentication Attempt
The TC upper limit is usually 30. The EC range is roughly 1.5 minutes each way.

[1]: Say the OTP is 42000000, the in-database EC is 3320, then the AS has to run key = f( f( f( f( key, 3321), 3322), 3323), 3324). The TC is not used to generate the next key, for obvious reasons.

Comment: Re:Why (Score 3, Interesting) 193

by CrashandDie (#43762447) Attached to: UK Consumers Reporting Contactless Payment Errors

A lot of credit cards in the UK have the Chip'n'Pin system, which requires a physical connection to be made to the payment terminal. Simply "swiping" becomes less and less common, so people have to type their PIN every 5 minutes to pay for a few quid worth of $product. I used to work in the industry, and there was a certain amount of pressure from consumers to be able to do something as quickly and effortlessly as possible, but the magstrip simply isn't deemed secure enough.

The idea was to use NFC, so people could just wave their card for any purchase under 10 or 20 quid, and be on their merry way.

Comment: Re:"UN Says: Why Not Eat More Insects?" (Score 1) 626

by CrashandDie (#43712303) Attached to: UN Says: Why Not Eat More Insects?

Exactly. I recently saw some news regarding a local (Toulouse, France) entrepreneur who started growing insects in a small business lot (see 24s into the video to have an idea of what it looks like). The video I initially saw was more recent, and from a different channel (can't seem to find it right now), but indicated that in a room of maybe 40 square meters, he was capable of producing in excess of 10 tonnes a month (I'm fuzzy on the actual numbers, so do not hold it against me if I'm wrong).

The price, however, was relatively prohibitive: 150euros / kg. In comparison, the average cheap meat, in France, goes for around 8-10 euros / kg for the consumer; production is about 4-5euros / kg. The price difference, as explained by the CEO in the video, comes from all the "R&D" that is being done to find new ways of consuming the insects. They're actually trying to market a cereal-bar partially made from ground insects, as it provides a massive boost in protein, without a great deal of fat, and has the "nutty" taste reported in other posts above. In the video linked to earlier, some french dude who's good with chocolate alleges the taste is closer to a cereal than it is to meat (for the dried variety), and uses it in macarons and whatnot.

Also, I recall he sells the ground stuff as "farine alimentaire", which really means "human-consumption-grade flour". If that's what they can put on the ingredients list, it's only a matter of price and efficiency before we start seeing that stuff mixed in to whatever KFC/McD is serving these days.

Then again, it's always better than horse meat?

Comment: Re:right... (Score 5, Informative) 193

by CrashandDie (#43656617) Attached to: Using YouTube For File Storage

Have you ever used a QRCode? Ever noticed that most algorithms don't recognise the QRCode when it's sharpest and level with your screen? Usually, you don't have the time to have the code be level, or in focus, before the algorithm picks it up.

That's because QRCode are nigh indestructible. They could add a watermark and the code would most probably still be readable (depending on the level of error correction you apply when encoding).

For example, I took one of the Wikimedia QRCode examples, and drew on it. It still worked. Then I skewed the image using MS Paint. It still worked. Then I decided to go from 172 pixels to 86 pixels (using MS Paint's resize function). It still worked (zoomed to either 100% or 200%). Then I decided to "reduce its resolution", so to speak, by resizing that reduced image to 200%, then back to 50%, then back to 200%, etc for 4 or 5 times, until I ended up with this. It still worked.

Now, I'm sure that I *wanted* this to work. There will be dozens of cases where even the most stupid tear of paper or poor lighting will prevent that QRCode from being decoded. But somehow, I don't think that YouTube's HD video encoding will be much of an issue for QRCodes.

Tested with QR Droid on a Wiko Cink King, scanning off a 23" 1080p screen.

Comment: Re:FWD.us? (Score 1) 484

by CrashandDie (#43425645) Attached to: Zuckerberg Lobbies For More Liberal Immigration Policies

But right before you're being put in the plane, you have an iPod strapped to you, with the earplugs forcibly integrated into your ears. There's only one song, and it loops indefinitely. Obviously, your family or next of kin will have to reimburse the government for that iPod, and the RIAA can sue the same people because you illegally listened to a song over and over again.

Also, all deportations will happen on the same day of the week, to coincide with the song.

"Friday, friday, gotta get down on friday"

Comment: Re:no (Score 3, Interesting) 250

by CrashandDie (#43023075) Attached to: Cryptography 'Becoming Less Important,' Adi Shamir Says

The problem is most owners have no clue how to do code signing

Paraphrased: "The problem is most owners have no clue how to safely store a gun." Or even: "The problem is most owners have no clue how to do proper parallel parking."

Just because you give everyone access to a tool doesn't mean everyone knows how to use it. That's where education comes into play. The same way we educate individuals how to talk, or behave in society. Education is important, hence, that's why it is mandatory up to a specific level.

I'm not saying everyone needs to know how to do proper code signing, but then again, not everyone knows how to service their car. But just because some people don't know, or don't want to learn doesn't mean that everyone should be banned from servicing their car.

And there is the real problem: we use the excuse that knowledge is optional to impose restrictions on others. You may not know how your door lock works now, but if you were so inclined, you could still replace it with one of your choosing. You could learn about the mechanics and even make your own. Or you could remove it altogether. Why couldn't you do the same with the lock on your computer?

The sooner you fall behind, the more time you have to catch up.

Working...