The folly of Passwords

If you’ve been following the news at all, you’re sure to have heard of all the various breaches at major companies and even government agencies. Nearly all of these breaches revealed an absolutely horrible password culture. You could search Google for tons of analysis of these leaked passwords, you could read my short analysis in the GNY Webzine, or you could examine them yourself.

Long story short, people are not computers. We suck at remembering long lists of secure passwords of varying case which are alphanumeric in nature. We can be intimidated into revealing our passwords. The human element tends to be what undermines the current system moreso than any other factor. Removing the human element solves lots of problems. Basically, if we use public key cryptography along with some safe-guards, we can create USB-sticks which can act as passwords. In scenarios where they can be easily replaced (A school/workplace), they can severely improve the state of security that is offered by a normal password system. If anyone is interested, I wrote up a short paper on my idea, why I think it has merit, and a short python code sample which demonstrates the ease with which such a USB-Stick can be formatted and then authenticated (albeit, the script itself isn’t exactly a hallmark of security, it’s a POC )

UsbPass_Abstract.pdf

Pastebin link to the script

NOTE: Running the script will very likely destroy data on your USB stick. Since it writes to the first bytes, it will at the very least damage its partition table, making it unrecognizable to the OS.

Do not insert your USB stick until prompted by the script if you wish to try it out. Run it as root.

A Lonely Place For Dying – An opinion

A Lonely Place For Dying is an indie movie that’s taking a fairly original approach to distribution. Basically, they are trying to get funds for a theatrical release by first distributing the movie via Bittorrent  in five segments. The first four are going to be released monthly, and the final one will be released a month after the premier of the planned theatrical release. The idea is basically to get funds by relying on donations from kind-hearted people.

Personally, I love this idea. It simply seems fair when compared to the fascist stance of the movie industry towards piracy, and the anarchistic and prone-to- zero-profit “dump it online and hope for the best” approach. Instead of forcing you to pay to see something that may or may not suck (as is the industry norm), you get to “try before you buy”. If you believe in the movie, and enjoy it, supporting it is as easy as donating $5 to their cause. However, the true beauty of this model is in the endgame.

Basically, they are giving you the first 4 parts, totally gratis. The idea is to intrigue viewers into donating so that a theatrical release is possible, and concurrently making them as interested as possible in the ending, as to entice the same people to go to the cinemas, along with all the non-p2p people. Essentially, this model will only work with a high-quality title, since otherwise, donations would be scarce, and cinema-attendance would be low (Judging from the first part, this movie will almost certainly be worth it). So far, it may seem like they’re giving you a taste and forcing you to pay up to see the end, but that’s not the case, and another reason why I’m a fan of this. I think the fact that they are releasing it for free a month later is an extremely consumer friendly move. By then, cinema revenue will be dwindling or totally gone, and releasing it to the public won’t hurt them. It gives a chance for people who cannot afford or are otherwise unable to view it at a cinema a chance to watch it. It gives people who didn’t think it was worth the movie ticket a chance to evaluate the full movie. Perhaps most importantly, its a sign of treating the consumer as a friendly entity rather than as something to squeeze every last penny out of (which is the case with the Theater-DVD cycle).

Furthermore, releasing it in this manner won’t do anything to kill DVD sales, if they choose to release it on DVD. Why? Simply because people already download DVDrips, regardless of whether or not they’re legal. If anything, this will compel some of the pirate-only crowd to purchase a copy in support of their consumer-friendly stance.

By now I’m probably starting to sound like I was paid to write this: I wasn’t. I simply really believe in this method, and am pretty excited about it. It gives movie producers incentive to create really enticing, gripping movies. It gives consumers the respect they deserve, and it embraces the a major part of internet culture which is usually attacked viciously by Hollywood.

I really wish this movie the best, and I hope (even though the chance is small), that this method will catch on. First with Indie movies, then hopefully to big-production ones. Thanks for reading, and be sure to check this great film out, and support the cause!

E-mail archiver – Python

I’m taking a summer course at a community college this year, basically to brush up on physics, since I’m about to take Advanced Physics in the Fall, and haven’t looked at anything related to physics (except mathematics I suppose) since the ninth grade. They require me to have an email-address. Problem being, the school-issued one conflicts with my private G-mail account, so logging off and in and off and in is annoying. So, I wrote this short script, which logs into my school account, checks for any new emails, and downloads each new email into a file called “mail[number].html”. I have it running as a Cron job, and was going to have it send me notifications about new emails, but since I’m running a pretty hacked up LXDE over Openbox, python-notify doesn’t work :/.

Anyway, I tried to keep it short,sweet, and well commented. If you’re going to use this on a machine that isn’t secure (IE, your personal laptop), I’d suggest writing a function that retrieves your password and keeps it from sitting there in plaintext, like it is in my script.

The Almighty Pastebin Link

Python Frequency Analysis

It’s pretty common knowledge that frequency analysis is one of the most important tools that can be employed against an encoded message. I’ve recently been reading “The Code Book” by Simon Singh (A great read), and decided I will attempt to create computer programs which implement some of the algorithms he describes. This is a pretty simple script, its also pretty short. You drop whatever text you want into ./input and run the script. It will print (to the terminal) the frequency with which each character appears.

Maybe this will be useful to somebody? If it is, I encourage you to modify/distribute/ and most importantly improve!!

Written on Python 2.7.1. Should work with 2.6.x with little or no modification.  I’ve had it handle files of ~50mb, for files this large, RAM usage spikes, but it works .

Take me to the Code!