Crypto & Security

Comment

Comment by Brooke Fujita on March 2, 2009 at 6:08pm

Interesting article on a new Google project: Google Native Client. Secure desktop apps but all over the web??

Comment by Brooke Fujita on February 13, 2009 at 8:04pm

Comment by Brooke Fujita on November 14, 2008 at 5:17pm

xkcd on Crypto

Comment by Daniel Leuck on September 18, 2008 at 10:43am

Brooke: Regarding writing the enigma machine in GWT, I wonder: are script tags allowed?

You can call in and out of Javascript from GWT using JSNI. We do this quite a bit on our current project.

Comment by Brooke Fujita on September 12, 2008 at 4:42am

Yo there, Dan:

Yeah, I do like the GWT, I would love to try out the 1.5 release. Regarding writing the enigma machine in GWT, I wonder: are <script> tags allowed? I would need to use that to load the entry point...

Comment by Daniel Leuck on September 9, 2008 at 12:30am

Hey Brooke - I love that the description of the group is encoded :-) I see from your ROT13 widget you are getting into Laszlo. Thats great!

Re: Writing the enigma machine's cipher in Javascript.

I just finished writing a wiki sytax -> html converter that runs on the client for ooi. I wrote it in Java and converted it to Javascript using GWT's compiler. You are limited to classes available in the JRE emulation environment, but it beats writing complex logic in Javascript (at least for me), and the compiler emits highly optimized code. You might want to try this approach.

Comment by Brooke Fujita on August 21, 2008 at 11:58am

In case you didn't know, the image for this group is of a 3-rotor Enigma, the cipher machine created by Nazi Germany for use in World War II.

As luck would have it, I just watched that Matthew McConaughey movie U-571 on NHK Satellite TV the other night. Can't believe the tomatometer for this stinker is leaning towards the fresher side. History was re-written in order to sell this movie. Argh, I am only sorry that I tuned in too late to see Jon Bon Jovi get decapitated by flying debris. Seriously.

By the way, one of the major historical inaccuracies: the British Navy scored the first Enigma machine when they captured U-110 in May of 1941. But even before that, Polish mathematicians in Poland's cipher bureau had figured out the internal wirings of the Enigma machine, and at great risk, managed to pass this information along to the Allies in 1939 just before the German invasion.

The advanced encryption used by Germany led to the development of cryptanalysis at Britain's Bletchley Park, and of course paved the way for modern computing.

Comment by Brooke Fujita on August 6, 2008 at 5:56pm

Dan Kaminsky finally outlined the DNS vulnerability that was reported about 4 weeks ago (article on The Register). It appears to be a DNS forgery variant of DNS cache poisoning. If an attacker of a DNS server can quickly and correctly guess a 16-bit transaction ID, then the attacker will be able to replace DNS entries with their own spoofed ones. There has been one confirmed attack so far, where the attacker caused AT&T subscribers to be re-routed to fake Google pages.

For the curious, you might want to see how safe your ISP's DNS servers are. Try the "Check My DNS" button on Dan Kaminsky's site; or the "Test My DNS" link here. The key here is to see the amount of randomness of transaction IDs and query source ports in your ISP's DNS servers.