Thanks to BKuhn

Loosely based on his blog, I've moved from just editing the blog on my server to actually running it locally, the using hg to push things. This actually matters because when I push to the server it'll automatically generate a blog post for me, plus I get all of the nice benefits of using a vcs along with it. Not a real update to tblog itself but just a nice infrastructure change. If I can get it to work properly that is. UPDATE: It's working \o/

Permalink

Linux Touchpad Driver

This one is just a reminder post: the kernel module for touchpads is psmouse

Permalink

Super Meat Boy and Electronic Super Joy

There are two primary PC platformers that I play: Super Meat Boy and Electronic Super Joy, and while I find both interesting I think that ESJ has quite a bit to learn from SMB. The first thing that comes to mind is that the former has the problem of false progression. As you play through the game, you gain new powers, but you can only have one power at a time. As a result of this, I end up getting frustrated at the game because it took away an extremely useful power that I had and for some reason the levels are designed to remind you that you don't have that power.

Permalink

Basic Crypto

So a few days ago, a friend asked me how to explain how xor "encryption" works on the basis that it might be useful for an initial understanding of how crypto works. I actually found it fairly interesting and so now it's a blog post. The only thing that I assume from the start is that you know what bits and bytes are, so don't worry about prior experience. First up is what XOR is: eXclusive OR. You take two bytes, let's say 01111000 and 10010110 and you look at both of them. If one has a 0 and the other has a 1 in that column, then the result has a 1. If both are 0s then the result is a 0. If both are 1s the result is a 0. In this case we end up with 11101110. The reason that this is of interest here is becuase it is reversible, 11101110 XOR 10010110 is 01111000 again. Because it can be undone, you can use XOR as one of the weakest possible forms of cryptography. Let's take a string of ascii characters, the "normal" letters and symbols that make up this page and most english text. If you and I can agree on a "key" beforehand, like 10010110 from before, then I can XOR every byte of the message with that key, and then when you receive it you can get the message back by XORing the encrypted string with the key again. Now if XOR were a good encryption method, the only way to decrypt the text would be if you had the secret key that was shared and everything would be good. When you use "symmetric" crypto like AES you are more or less doing this.

Now for the disclaimer bit: XOR is not an effective encryption method. You should never ever ever use XOR if you don't want your message to be read. XOR may be part of a good encryption method but it alone is not enough. To prove this, I'll decrypt a string right here. First off, XOR is vulnerable to analysis attacks. Ascii is a 7 bit protocol, the most significant bit is always 0. If I get your XOR encrypted string and the highest bit only very rarely changed, then I know that you are probably using UTF-8 or Extended ascii. If it never changes, you are probably using standard ascii. I can even push things further than this and decrypt the entire message. The letter "e" is the most common in the english language, and encryption methods such as XOR are deterministic. If I encrypt "e" with the same key, it will always give me the same bit pattern; do you see where I'm going with this? If I can find e, then I have a really easy time of things, even using brute force I only have to try 255 keys. 255 keys because a key of 0 would just leave the text unencrypted. When the letter that I know is e XOR the key is e, then I have the key and can decrypt the entire remainder of the message.

So there you have it, you (hopefully) understand the easiest and most breakable form of symmetric(same) key encryption. You might even be able to implement it if you're clever, and from there you might be able to move on to actually secure algorithms. This of course means another disclaimer: never roll your own crypto. Even if you don't make up your own algorithm your implementation will almost certainly be broken, gnutls and openssl exist for a reason.

Permalink