How A Hacker Remembers A PIN

If you have more than a few bank cards, door-entry keycodes, or other small numeric passwords to remember, it eventually gets to be a hassle. The worst, for me, is a bank card for a business account that I use once in a blue moon. I probably used it eight times in five years, and then they gave me a new card with a new PIN. Sigh.

Quick, What’s My PIN?

How would a normal person cope with a proliferation of PINs? They’d write down the numbers on a piece of paper and keep it in their wallet. We all know how that ends, right? A lost wallet and multiple empty bank accounts. How would a hacker handle it? Write each number down on the card itself, but encrypted, naturally, with the only unbreakable encryption scheme there is out there: the one-time pad (OTP).

The OTP is an odd duck among encryption methods. They’re meant to be decrypted in your head, but as long as the secret key remains safe, they’re rock solid. If you’ve ever tried to code up the s-boxes and all that adding, shifting, and mixing that goes on with a normal encryption method, OTPs are refreshingly simple. The tradeoff is a “long” key, but an OTP is absolutely perfect for encrypting your PINs.

The first part of this article appears to be the friendly “life-hack” pablum that you’ll get elsewhere, but don’t despair, it’s also a back-door introduction to the OTP. The second half dives into the one-time pad with some deep crypto intuition, some friendly math, and hopefully a convincing argument that writing down your encrypted PINs is the right thing to do. Along the way, I list the three things you can do wrong when implementing an OTP. (And none of them will shock you!) But in the end, my PIN encryption solution will break one of the three, and remain nonetheless sound. Curious yet? Read on.

Continue reading “How A Hacker Remembers A PIN”

Number Twitters

Grab a shortwave radio, go up on your roof at night, turn on the radio, and if the ionosphere is just right, you’ll be able to tune into some very, very strange radio stations. Some of these stations are just a voice — usually a woman’s voice — simply counting. Some are Morse code. All of them are completely unintelligible unless you have a secret code book. These are number stations, or radio stations nobody knows much about, but everyone agrees they’re used to pass messages from intelligence agencies to spies in the field.

A few years ago, we took a look at number stations, their history, and the efforts of people who document and record these mysterious messages used for unknown purposes. These number stations exist for a particular reason: if you’re a spy, you would much rather get caught with an ordinary radio instead of a fancy encryption machine. Passing code through intermediaries or dead drops presents a liability. The solution to both these problems lies in broadcasting messages in code, allowing anyone to receive them. Only the spy who holds a code book — or in the case of the Cuban Five, software designed to decrypt messages from number stations — can decipher the code.

Number stations are a hack, of sorts, of the entire concept of broadcasting. For all but a few, these number stations broadcast complete gibberish. Only to the person holding the code book or the decryption software do these number stations mean anything. However, since the first number stations went on the air over one hundred years ago, broadcasting has changed dramatically. We now have the Internet, and although most web services cannot be considered a one-to-many distribution as how broadcasting is defined, Twitter can. Are there number stations on Twitter? There sure are. Are they used by spies or agents of governments around the world? That’s a little harder to say.

Continue reading “Number Twitters”

A Queen Mystery: The Legend Of The Deacy Amp

It sounds like a scene from a movie. A dark night in London, 1972. A young man walks alone, heading home after a long night of practicing with his band. His heavy Fender bass slung over his back, he’s weary but excited about the future. As he passes a skip (dumpster for the Americans out there), a splash of color catches his attention. Wires – not building power wires, but thinner gauge electronics connection wire. A tinkerer studying for his Electrical Engineering degree, the man had to investigate. What he found would become rock and roll history, and the seed of mystery stretching over 40 years.

The man was John Deacon, and he had recently signed on as bassist for a band named Queen. Reaching into the skip, he found the wires attached to a circuit board. The circuit looked to be an amplifier. Probably from a transistor radio or a tape player. Queen hadn’t made it big yet, so all the members were struggling to get by in London.

Deacon took the board back home and examined it closer. It looked like it would make a good practice amplifier for his guitar. He fit the amp inside an old bookshelf speaker, added a ¼ “ jack for input, and closed up the case. A volume control potentiometer dangled out the back of the case. Power came from a 9-volt battery outside the amp case. No, not a tiny transistor battery; this was a rather beefy PP-9 pack, commonly used in radios back then. The amp sounded best cranked all the way up, so eventually, even the volume control was removed. John liked the knobless simplicity – just plug in the guitar and play. No controls to fiddle with.

And just like that, The Deacy amp was born.

Continue reading “A Queen Mystery: The Legend Of The Deacy Amp”

A Brief History Of Radioactivity

More than one hundred years ago, Henri Becquerel discovered that uranium emitted penetrating rays similar to those used by Wilhelm Röntgen to take the first X-ray image (of his wife’s hand), starting a new era of far-reaching applications. There are of course many dangers that come with the use of radioactivity, but there are also many beneficial uses for our society.

Continue reading “A Brief History Of Radioactivity”

IuT ! IoT

Let’s build the Internet of USEFUL Things, not just the Internet of Things. IuT ! IoT

That’s what we’ll be doing over the next five weeks. The second challenge of the 2017 Hackaday Prize begins today. We’re looking for the best ideas we can find for useful connected devices. Twenty entries will recieve $1,000 and move on to the final round to vie for the top prizes ranging from $5,000 to $50,000.

There is no doubt that the future is connected. It has been our future since the advent of the telegraph, and we’re unarguably becoming more connected at a faster rate. The phone in your hand, pocket, or bag connects you to the bulk of human knowledge. But it doesn’t yet connect you to very many “things”. It won’t be that way for long.

Already we’ve seen cameras (security, baby monitor, and everything in between) appear as some of the earliest connected devices, and they’ve brought with them all of the unintended consequences of poorly secured computer gear connected to the wider Internet. At least remote cameras have a purpose; there have been more than enough product launches for things that don’t. Our go-to counter-example is the Internet-connected toaster which is the topic of our wonderful art from Joe Kim this morning. Who needs to toast remotely? Nobody.

Let’s Invent the IoT

Here is our chance to do it right. How can Internet of Things make life better? What things become more meaningful when added to a network and what does that look like? How do we continue to connect our world while safeguarding privacy and being mindful of security. Finding answers to these questions will lead you to Build Something that Matters.

IoT Security Is Hard: Here’s What You Need To Know

Security for anything you connect to the internet is important. Think of these devices as doorways. They either allow access to services or provides services for someone else. Doorways need to be secure — you wouldn’t leave your door unlocked if you lived in the bad part of a busy city, would you? Every internet connection is the bad part of a busy city. The thing is, building hardware that is connected to the internet is the new hotness these days. So let’s walk through the basics you need to know to start thinking security with your projects.

If you have ever run a server and checked your logs you have probably noticed that there is a lot of automated traffic trying to gain access to your server on a nearly constant basis. An insecure device on a network doesn’t just compromise itself, it presents a risk to all other networked devices too.

The easiest way to secure a device is to turn it off, but lets presume you want it on. There are many things you can do to protect your IoT device. It may seem daunting to begin with but as you start becoming more security conscious things begin to click together a bit like a jigsaw and it becomes a lot easier.

Continue reading “IoT Security Is Hard: Here’s What You Need To Know”

The Surface Area To Volume Ratio Or Why Elephants Have Big Ears

There are very few things that are so far reaching across many different disciplines, ranging from biology to engineering, as is the relation of the surface area to the volume of a body. This is not a law, as Newton’s second one, or a theory as Darwin’s evolution theory. But it has consequences in a diverse set of situations. It explains why cells are the size they are, why some animals have a strange morphology, why flour explodes while wheat grains don’t and many other phenomena that we will explore in this article.

Continue reading “The Surface Area To Volume Ratio Or Why Elephants Have Big Ears”