Hacker News: yoha

New comment by yoha in "Belgian programmer solves MIT’s 20-year-old time capsule cryptographic puzzle"

yoha — Fri, 03 May 2019 14:03:28 +0000

Well played! If only I had made my attempt earlier!

    2019-03-18T20:23:06+01:00
    AMD Phenom(tm) II X4 B50 Processor
    56.674783% (0x2912f5a00000 / 0x48792741a51a) ETA: 1 year 138 days (2020-09-18)

New comment by yoha in "Facebook Still Tracks People on Yelp, Duolingo, Indeed"

yoha — Wed, 06 Mar 2019 20:36:02 +0000

If I can chime in, I have made NHK Easier to help practicing on stories from NHK News Web Easy.

https://nhkeasier.com/

New comment by yoha in "Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds"

yoha — Fri, 28 Sep 2018 18:17:56 +0000

As I said in another comment, individual verifiability and non-coercion are mutually exclusive online. However, there are indeed solutions for the other properties (including global integrity), and compromises between individual verifiability and non-coercion. For instance, you can have a look at Helios [1] or Belenios [2]. Current research is looking for stronger guarantees, a better compromise, or a more interesting voting system (such as Single Transferable Vote or Majority Judgment).

[1] https://vote.heliosvoting.org/

[2] http://www.belenios.org/

New comment by yoha in "Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds"

yoha — Fri, 28 Sep 2018 17:30:20 +0000

That is indeed the main issue with verifiable voting. The usual solutions offer various compromises, but it is not possible to both guarantee the ability to verify that one's ballot is counted correctly, and that you cannot prove for whom you voted.

New comment by yoha in "Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds"

yoha — Fri, 28 Sep 2018 17:28:07 +0000

Yes, it's possible, and it is an area of research in cryptography. For instance, have a look at Helios and Belenios.

New comment by yoha in "Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds"

yoha — Fri, 28 Sep 2018 17:27:31 +0000

> That's only possible if you sacrifice some of the stronger anonymity requirements

Untrue. You can use strong encryption to ensure confidentiality and zero-knowledge proofs to ensure integrity. Then, you can use methods from homomorphic encryption to tally the ballots. There is a whole area of research dedicated to this.

Optimizing a breadth-first search

yoha — Mon, 23 Jul 2018 12:55:35 +0000

Article URL: https://www.snellman.net/blog/archive/2018-07-23-optimizing-breadth-first-search/

Comments URL: https://news.ycombinator.com/item?id=17592375

Points: 114

# Comments: 38

New comment by yoha in "Baffling ABC maths proof now has impenetrable 300-page ‘summary’"

yoha — Sun, 10 Sep 2017 14:22:58 +0000

"Automated proof" means that the verification is automated. Actually automating the process of finding proofs is still mostly an open problem.

Formal proof software will help you on small stuff, but you will still do most of the work, and you have to go much more in details, so it takes much more time.

New comment by yoha in "Cracking the 12+ Character Password Barrier, Literally"

yoha — Sun, 15 Jan 2017 15:29:00 +0000

> When you try to come up with random words to compose a password

That's why you don't. Give a 64ki word dictionary from your native tongue to your computer and let it choose four words uniformly at random out of it. This gives you a password from a distribution with 64 bits of entropy, and is reasonably easy to memorize with moderate effort.

This means an attacker is expected to proceed to 2\\63 hashes to crack such a password. It would take almost 4 year to crack its MD5 digest on the rig used in the demonstration. If you not using a password manager for external sites (which might not use proper KDFs), you can throw in a fifth word, and be safe for the foreseeable future.

New comment by yoha in "Modern C [pdf]"

yoha — Tue, 29 Nov 2016 06:25:28 +0000

Right, my bad. I tend to write loops in the former style, thinking of them as reversed(range(9)). This is another advantage of this style. I should have been more cautious when writing the second one.

New comment by yoha in "Modern C [pdf]"

yoha — Mon, 28 Nov 2016 18:57:25 +0000

The point is that a beginner does not need to care about signedness. When you get to that point, you can take the time to explain how to loop properly over it.

New comment by yoha in "Modern C [pdf]"

yoha — Mon, 28 Nov 2016 16:27:16 +0000

This is about weighing correction versus readability. In the "arrow operator" version, the readability is decreased; in the "proper" version, a type cast is required, and this can lead to bugs with values greater than 2^sizeof(ssize_t).

Obviously, I just follow the convention when contributing to an existing project.

New comment by yoha in "Modern C [pdf]"

yoha — Mon, 28 Nov 2016 16:08:20 +0000

Decrementing loops is the one place where I have indulged in some trickery. I do:

    for (size_t i = 9; i --> 0; )

This has the advantage to be very easy to pattern-match once known. Obviously, for a beginner, I would just do:

    for (int i = 9; i >= 0; i -= 1)

New comment by yoha in "Address to the American Psychological Association on Men (2007)"

yoha — Fri, 11 Nov 2016 10:20:33 +0000

No, it is perfectly fine. But it is also useful to know there are previous conversations to be read.

New comment by yoha in "Address to the American Psychological Association on Men (2007)"

yoha — Fri, 11 Nov 2016 10:18:57 +0000

Clickbait is making a link a bait so that you click on it. In other words, it pretty much means an appealing title.

New comment by yoha in "Cartoon Laws of Physics"

yoha — Sun, 06 Nov 2016 02:13:01 +0000

Ask your search engine:

    "ignition" filetype:pdf

How I've wound up being one of the people who don't update IoT firmware

yoha — Tue, 25 Oct 2016 09:11:56 +0000

Article URL: https://utcc.utoronto.ca/~cks/space/blog/tech/MyDSLRouterNoFirmwareUpdates

Comments URL: https://news.ycombinator.com/item?id=12786407

Points: 2

# Comments: 0

New comment by yoha in "Phasing Out SHA-1 on the Public Web"

yoha — Wed, 19 Oct 2016 07:43:46 +0000

You are talking about making a combined hash function from MD5 and SHA-1. Keep in mind that it is not trivial. For instance, if you just output both SHA-1 and MD5, you are actually only as strong as the weakest hash function (trivially for preimage, but also true for collisions, see [1]).

If you are interested in hash function combiners, have a look at Robust Multi-Property Combiners for Hash Functions [2], a recent paper on the topic. It aims at getting several properties at the same time (preimage resistance, collision resistance). For simpler schemes with a single property, just explore the bibliography at the end of the paper.

[1] https://cryptopals.com/sets/7/challenges/52

[2] https://eprint.iacr.org/2016/723

New comment by yoha in "A single byte write opened a root execution exploit"

yoha — Sat, 15 Oct 2016 18:04:15 +0000

Have fun:

http://crackmes.de/archive/

New comment by yoha in "Lost Diamonds: How our current system is failing underprivileged talent"

yoha — Fri, 30 Sep 2016 02:22:42 +0000

Oh, my bad, I got confused with the brackets (which are not on a digit key). I really should have checked. See, we all make mistakes!