algorithm - Dave's Blog

Search

Tweet from David Risney

2016 Jun 9, 4:02
Movie written by algorithm turns out to be hilarious and intense http://arstechnica.com/the-multiverse/2016/06/an-ai-wrote-this-movie-and-its-strangely-moving/ 
PermalinkComments

Tweet from David_Risney

2015 Apr 2, 10:43
Tesla's April fools headline fooled stock trading algorithms causing $1.50 jump: http://www.bloombergview.com/articles/2015-04-02/tesla-stockholders-can-t-take-a-joke …
PermalinkComments

Retweet of newsycombinator

2015 Feb 24, 6:31
Proving that Android’s, Java’s and Python’s sorting algorithm is broken http://envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it/ …
PermalinkComments

Stripe CTF - Level 7

2012 Sep 13, 5:00

Level 7 of the Stripe CTF involved running a length extension attack on the level 7 server's custom crypto code.

Code

@app.route('/logs/')
@require_authentication
def logs(id):
rows = get_logs(id)
return render_template('logs.html', logs=rows)

...

def verify_signature(user_id, sig, raw_params):
# get secret token for user_id
try:
row = g.db.select_one('users', {'id': user_id})
except db.NotFound:
raise BadSignature('no such user_id')
secret = str(row['secret'])

h = hashlib.sha1()
h.update(secret + raw_params)
print 'computed signature', h.hexdigest(), 'for body', repr(raw_params)
if h.hexdigest() != sig:
raise BadSignature('signature does not match')
return True

Issue

The level 7 web app is a web API in which clients submit signed RESTful requests and some actions are restricted to particular clients. The goal is to view the response to one of the restricted actions. The first issue is that there is a logs path to display the previous requests for a user and although the logs path requires the client to be authenticatd, it doesn't restrict the logs you view to be for the user for which you are authenticated. So you can manually change the number in the '/logs/[#]' to '/logs/1' to view the logs for the user ID 1 who can make restricted requests. The level 7 web app can be exploited with replay attacks but you won't find in the logs any of the restricted requests we need to run for our goal. And we can't just modify the requests because they are signed.

However they are signed using their own custom signing code which can be exploited by a length extension attack. All Merkle–Damgård hash algorithms (which includes MD5, and SHA) have the property that if you hash data of the form (secret + data) where data is known and the length but not content of secret is known you can construct the hash for a new message (secret + data + padding + newdata) where newdata is whatever you like and padding is determined using newdata, data, and the length of secret. You can find a sha-padding.py script on VNSecurity blog that will tell you the new hash and padding per the above. With that I produced my new restricted request based on another user's previous request. The original request was the following.

count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c
The new request with padding and my new content was the following.
count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo%80%02%28&waffle=liege|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c
My new data in the new request is able to overwrite the waffle parameter because their parser fills in a map without checking if the parameter existed previously.

Notes

Code review red flags included custom crypto looking code. However I am not a crypto expert and it was difficult for me to find the solution to this level.

PermalinkCommentshash internet length-extension security sha1 stripe-ctf technical web

Line Simplification

2012 Jun 3, 12:47

Neat demo of Visvalingam’s line simplification algorithm in JavaScript applied to a map of the US.

To simplify geometry to suit the displayed resolution, various line simplification algorithms exist. While Douglas–Peucker is the most well-known, Visvalingam’s algorithm may be more effective and has a remarkably intuitive explanation: it progressively removes points with the least-perceptible change.

PermalinkCommentsline-simplification demo technical javascript

C++ Algorithms: next_permutation()

2012 May 4, 1:56

Breakdown of the STL’s implementation of next_permutation.  Ever wondered how that works?

PermalinkCommentstechnical stl c++ algorithm permutation math programming

Can an Algorithm Write a Better News Story Than a Human Reporter? | Gadget Lab | Wired.com

2012 Apr 26, 9:53

As Hammond explained what he did, the critic became agitated. Times are tough enough in journalism, he said, and now you’re going to replace writers with robots? “I just looked at him,” Hammond recalls, “and asked him: Have you ever seen a reporter at a Little League game? That’s the most important thing about us. Nobody has lost a single job because of us.” At least not yet.

PermalinkCommentsnews algorithm ai newspaper journalism

Image Error Level Analysis with HTML5

2012 Apr 16, 1:59

Javascript tool says if a photo is shopped. It can tell by looking at the pixels. Seriously. Links to cool presentation on the theory behind the algorithm behind the tool: http://www.wired.com/images_blogs/threatlevel/files/bh-usa-07-krawetz.pdf

PermalinkCommentstechnical javascript jpeg photoshop

MapReduce Patterns, Algorithms, and Use Cases

2012 Feb 10, 3:42PermalinkCommentstechnical map-reduce programming howto

Show HN: Entire concerts algorithmically "reconstructed" from YouTube videos (switchcam.com)

2011 Dec 8, 11:07PermalinkCommentstechnical video concert music

4chan BBS - Genius sorting algorithm: Sleep sort

2011 Jun 20, 2:20"Genius sorting algorithm: Sleep sort 1 Name: Anonymous : 2011-01-20 12:22 Man, am I a genius. Check out this sorting algorithm I just invented.
#!/bin/bash 
function f() { 
    sleep "$1" 
    echo "$1" 
} 
while [ -n "$1" ] 
do 
    f "$1" & 
    shift 
done 
wait 

example usage: 
./sleepsort.bash 5 3 6 3 6 3 1 4 7
"PermalinkCommentshumor programming code technical 4chan bash sort sleep-sort sleep

Lifetimes of cryptographic hash functions

2011 Jun 20, 11:25A cautionary tale in chart form: lesson is make sure you can always upgrade your hashing algorithm or don't have security dependencies on hashing algorithms.PermalinkCommentsreference hash encryption security table technical humor

Amazon’s $23,698,655.93 book about flies

2011 Apr 27, 2:21Competing price setting algorithms create a very high priced book. "But Peter Lawrence can now comfortably boast that one of the biggest and most respected companies on Earth valued his great book at $23,698,655.93 (plus $3.99 shipping)."PermalinkCommentshumor internet blog science book commerce ad

RFC 3797 - Publicly Verifiable Nominations Committee (NomCom) Random Selection

2010 Dec 13, 11:12Used to generate publicly verifiable random numbers. For instance to pick 'xn--' for the IDN prefix from a set of prefixes, they decided on a hash, a set of stocks and a time in the future to generate the hash from the stock values. The resulting value is random and anyone can check the work to verify that it was chosen randomly.


Although, now looking back from the future I can't verify that they didn't generate this data after the stock quotes came out. And they're using MD5...PermalinkCommentsrfc algorithm random election ietf technical

lbrandy.com » Blog Archive » Using genetic algorithms to find Starcraft 2 build orders

2010 Nov 8, 3:31Genetic algorithm finds awesome SC2 build orderPermalinkCommentsai algorithm blog code videogames game starcraft2 sc2 genetic-algorithm

Google Prediction API - Google Code

2010 Aug 13, 11:46RESTful machine learning API from Google... "The Prediction API implements supervised learning algorithms as a RESTful web service to let you leverage patterns in your data, providing more relevant information to your users. Run your predictions on Google's infrastructure and scale effortlessly as your data grows in size and complexity."PermalinkCommentsrest ai google programming analysis machine-learning development technical

Gamers beat algorithms at finding protein structures

2010 Aug 4, 2:29Using games for good! Foldit players are solving real biochemistry problems. "Scientists have turned to games for a variety of reasons, having studied virtual epidemics and tracked online communities and behavior, or simply used games to drum up excitement for the science. But this may be the first time that the gamers played an active role in producing the results, having solved problems in protein structure through the Foldit game."PermalinkCommentsvideogame game biology science research

RFC 5843 - Additional Hash Algorithms for HTTP Instance Digests

2010 Apr 21, 6:51Adds SHA 256 & 512 to HTTP instance digest: 'The IANA registry named "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values" defines values for digest algorithms used by Instance Digests in HTTP. Instance Digests in HTTP provide a digest, also known as a checksum or hash, of an entire representation of the current state of a resource. This document adds new values to the registry and updates previous values.'PermalinkCommentshash cryptography http instance-digest sha security technical ietf rfc standard

Washington Driver's License Numbers

2010 Feb 24, 12:42Apparently Washington State uses an algorithm to generate drivers license numbers. Unless someone else has the same name and birth date your license number is based entirely on your name and birth date.PermalinkCommentsmath identity washington reference

Google Research Publication: MapReduce

2009 Oct 6, 3:18PermalinkCommentstodo mapreduce algorithm google paper distributed database technical
Older Entries Creative Commons License Some rights reserved.