diff --git a/_posts/2015-04-15-non-abbiamo-nulla-da-nascondere.md b/_posts/2015-04-15-non-abbiamo-nulla-da-nascondere.md index 56f2065..bf78fe9 100644 --- a/_posts/2015-04-15-non-abbiamo-nulla-da-nascondere.md +++ b/_posts/2015-04-15-non-abbiamo-nulla-da-nascondere.md @@ -58,13 +58,16 @@ Un normale cittadino inglese in due sole occasioni puo\` ascoltare la frase: “

- p { margin-bottom: 0.1in; line-height: 120%; }a:link { }“Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA thinks there are nearly 10,000” +Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA thinks there are nearly 10,000”

- p { margin-bottom: 0.1in; line-height: 120%; }a:link { }Con le parole di Bruce Schneier: “se mi dai sei linee scritte di pugno dall’uomo piu` onesto, potrei trovare qualche motivo per farlo impiccare!”.

+ Con le parole di Bruce Schneier:

+ “se mi dai sei linee scritte di pugno dall’uomo piu` onesto, potrei trovare qualche motivo per farlo impiccare!”. +

+

A questo si aggiunge che non e` sempre la verita` la paladina dei nostri diritti: spesso i pregiudizi sociali a cui si aggiunge la manipolazione dei mass media porta un innocente ad essere dichiarato colpevole falsamente ed innanzitempo. 

@@ -99,4 +102,4 @@ Un normale cittadino inglese in due sole occasioni puo\` ascoltare la frase: “
Francesco Mecca -
\ No newline at end of file + diff --git a/_posts/2016-07-08-pres-berk.md b/_posts/2016-07-08-pres-berk.md new file mode 100644 index 0000000..301ddb6 --- /dev/null +++ b/_posts/2016-07-08-pres-berk.md @@ -0,0 +1,262 @@ +--- +title: A short talk about cryptography at the Berkman Klein Center +date: 2016-07-07 +author: pesceWanda +layout: post +categories: + - PesceWanda +tags: + - Berkman Klein internship + - Berkman Center internet and society + - cryptography + - TOR + - nothing to hide + - public key private key + - encription +--- + +The 7th of July me and [Aaron](http://studentprivacy.ca), as intern at the [Berkman Klein for Internet and Society](http://cyber.law.harvard.edu), gave a presentation on the basics of cryptography and a quick overview on the essential tools. +1o +What follows is a short summary of that presentation. The slides are available [here](/wp-content/uploads/2016/fwneas.pptx) + +### Whose Security? + +Let's define what security is. Security is the possibility to being set free from structural costraints, and as that we can distinguish various levels of security depending on who we are. + + +Also, if we want to investigate security we should also define our threats: security, as being set free, from intelligence surveillance can be our target. Our concerns as different if we consider instead security from censorship or corporation data mining. + +![uber god view](/wp-content/uploads/2016/godmode.png) +![facebook law enforcement form](/wp-content/uploads/2016/fb.png) + +What is shown above is the [Uber God View](http://www.theverge.com/2016/1/6/10726004/uber-god-mode-settlement-fine), a tool Uber used to track a Buzzfeed's journalist locations, and the Facebook standard form that is given to law enforcement when requested. + +### Security is a state of mind + +Security is hard. It is really rare to reach a state of complete security and even in that case, it depends on our target. + +What is important is to train ourselves to security. Security is a state of mind and there are no tools that automatically protect us without our active partecipation. + +Let's explore that in details. + +### The layers of security + +We can distinguish four layers of security: + +* Device Security; +* Network Security; +* Message Security; +* Human Security. + +###### Device Security, where everything happens + +Device security is related to the "physical host". + +If the computer we use is tampered, at the hardware level, or the phone is bugged, there is no way to escape using higher level tools. + +In other words, it doesn't matter if we use a super secure password if our computer is registering all our keystrokes and send them to a third party. + +Also, device security is useful if we consider that our device can fall into the hands of attackers that may be able to traceback all the activities. + +Some precautions for this purpose: + +* full disk encryption; +* minimal set of application installed; +* open source operating systems. + +###### Network Security + +The network is the infrastructures that our device is attached to. In most of the case, when we consider our computer is the internet (and the GSM network in case of mobile phones). + +Network security is essential to evade censorship, behavioural tracking and identity theft. + +Some tools that may help in this case: + +* vpn; +* tor; +* p2p networks; +* mesh networks. + +And for the web: + +* opensource web browsers (such as firefox); +* no google apps on android phones; +* https. + + +###### Message Security + +Message security is the level of protection regarding the content that you want to send or receive. + +Message security is essential if you want to avoid any third party snooping and the confidentiality of your messages. + +The tools we can use in this context: + +* OTR; +* opensource messaging protocols (XMPP, matrix); +* Signal; +* PGP. + +Also, always remember that encrypting the content of the message doesn't guarantee that your identity and the metadata are hidden. + +###### Human Security, the weakest link + +Everything comes down to the human level at a certain point. + +This is way it is important to train ourselves in security. + +If we consider [Kevin Mitnick's history](https://en.wikipedia.org/wiki/Kevin_Mitnick), or the recent [FBI deputy director hack](http://thehackernews.com/2015/11/fbi-cia-director-hack.html) we see that social engineering plays a big role when we want to undermine the security of an individual of interest. + +But security matters even if we are not target of interest. + +For example let's consider our password. If we use the same password on every site and one cracker manages to gain access to just one of them, our whole activities online can be exposed and our identity stolen. [This is relevant](http://www.nydailynews.com/news/national/mark-zuckerberg-twitter-account-hacked-password-dadada-article-1.2662351). Myspace had its database breached and the password of Zuckerberg (even a simple one) was exposed. Given that he used the same password on twitter and other sites, his multiple accounts were compromised. + +### What is TOR and how it works + +When you visit a website with your mobile phone or a browser on your computer lots of things go on under the hoods. + +Your computer, as a client, makes what is called an [handshake](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) with the server. + +After telling the server that the client is interested in its content, a series of packets containing data is exchanged. + +That is the content of a connection. Inside this packets there are a multitude of information of two kinds: + +* the web page or the content we are trying to visualize; +* information on the status of both the server and the client. + +The informations contained in every packet can be analized to understand the "identity" of the client that is requesting the content on the server, first of all the IP that is a sort of web address that every computer on the net has. + +Not only, during the transmission of this packets, various entity on the communication channel can analize the content and mine our data. + +![Cute infographic](/wp-content/uploads/2016/tor-https-0.png) + +TOR still uses this kind of routine to gather the content of a web page, but instead of connecting directly to the destination server it goes through a series of other servers called relay: instead of going directly from A to B, it goes from A to C to D to E to F to B. + +If the web was a kindergarden Alice instead of telling directly her phrase to Bob, she would tell the word to a friend that in turn would tell the word to a friend and so on, until Bob heards the word, without knowing that Alice said that at the beginning. + +At this point you should ask yourself: are the data more protected if it goes through a network of relays? It actually is given that every time you send a packet through the TOR network, it gets encrypted so that no one knows it's content. + +To tell the truth, actually the relay (called exit node) that will send the packet to the destination server, knows the content of the packet but does not know the origin. + +Ultimately a website can be entirely hosted on the TOR network, called the onion network, so that the packets never exit from the relays and the relay don't know the phisycal location of the server, so every entity on the network reach a perfect level of anonimacy. + +### Who owns the relays? + +Actually every one can host and own a relay if they are willing to do so. +I personally host one right now and there are many others that share a little fraction of their network connection. + +![My little raspi is moving some packets right now](/wp-content/uploads/2016/screenraspy.png) + +Running a relay node is very easy and everybody should do so. Running an exit node instead is more troublesome and I don't suggest it if you are not a big entity that can handle some sorts of occasional trouble. + + +### Don't play the fool on the TOR network + +Of course TOR doesn't guarantee you perfect anonimacy. At the end it all comes to the human layer. + +It's no use to surf the web through TOR if we then log in to our personal blog or our personal facebook page. + +But there are other subtle factors that can be exploited by web companies to gather info and track their users.A + +Such factors are: + +* the size of the screen and the colors supported by it; +* the timezone; +* canvas and images that the server asks your computer to generate; +* information about your OS that are sent through packets; +* the fonts available on your system; +* touch support; +* cookies; +* ads and cross site requests; + +In particular, most of these are exploitable using a web programming language, javascript, that lots of web pages uses to render content. TOR users should avoid the use of javascript. + +### Public Private Key Encryption + +While TOR is recent technology, public key encryption is a concept way older. + +What happens when we use public / private key encryption tools is conceptually similar to what happens with our physical correspondence. + +A public key is similar to our mailbox. + +Everyone that knows the location of a person's mailbox can write a message and put it inside but only the owner of that mailbox, using is own key can open the mailbox and read the various messages. + +When we use PGP or GPG (an implementation of the public key encription concept) we generate a pair of key. + +A public one that we should broadcast or at least share with our social circle, and a private key that must remain secret at any cost. + +Everyone can encrypt every kind of digital content using our public key (that is just a really long string) and only the owner of the private key can proceed to decryption of the content. + +This also means that we know who is gonna read the message if encrypted using this kind of technologies. + +One easy tool for GPG encryption is [GPA](https://www.gnupg.org/%28en%29/related_software/gpa/index.html) + +### Metadata + +What would you do if you were asked to put under surveillance one person? + +For sure placing a bug with microphone and recording capabilities would be the best option. + +But what if, instead of recording every thing the subject does, we just take a note of all his actions, without taking care of the content. For example, if the subject speaks to someone, we record the time, the place, the duration of the conversation and all the info of the person he is talking with. +What if, when the person walks into a mall, we record the time, the location, the shops he entered, the money he spent, the number of things bought, but not the things he bought, in detail. + +You can see that you can have a fairly precise idea of the habits of the person under your surveillance. + +Actually from metadata is easy to grab all kinds of personal information. Also, if a tiny portions of the information we have on the subject are more detailed (for example social network photos) we have a picture as clear as never. + +This is not just one of the biggest concern that should pop into your mind when you are talking about nation wide mass surveillance, it is also the core of the business of corporations like Facebook and Google. + +Whatsapp does not read the content of your messages but it stores every single bit of metadata that comes with it. + +Metadatas are enought to build a complete profile of the users and they are even more dangerous in the hands of an evil state agency. + + +### Nothing to hide + +Even if we have nothing to hide, we have much to fear. + +The "nothing to hide" argument is something that everyone of us in this room has heard, at least one time. + +We should fear this sentence because it is the ultimate ammision of a big misunderstanding on the whole debate. + +Privacy, first of all, is __control__ over our data, not only the right to secrecy. + +###### Transparency should be for everyone + +There is a big incoherence when asking to your citizens to handle over their data. + +Transparency should be a two way thing, while at the current state big three letter agencies, but high level people as well, cover their tracks and are not transparent on their reports. + +This enhance a situation of big inequality between the people and the State. + +Even worse, it is not the citizen by himself that can choose if he has something to hide, but the autority. + +This may seem a little naive to say, but with Bruce words: + +> If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him. + +This is true even without considering social discrimination and mass media manipolation. + +###### The fundamental of society + +Every action can be seen as either legal or illegal. When we take a decision this is one of the first, implicit concern. + +This is not true in a surveillance system: when you are doing something your concern is all about the possibility of raising suspicion. + +An idea not action is what is needed in such a dystopic condition to prove a citizen guilty. + +###### Two wrong make a right + +In America we are now discussing about weed legalization. + +Do you think that such debate would have been possible if no one could had the possibility, even if against the law, to try that substance? + +The same goes for gay marriages. + +Inside the panopticon every __potential__ criminal would be persecuted. + +### To hide is to care + +A simple truth is that we don't close the windows to cover up our crimes. + +Our innermost experiences become in our intimacy, which is the most secred place. diff --git a/_site/404.html b/_site/404.html index 9d19cea..45cd64d 100644 --- a/_site/404.html +++ b/_site/404.html @@ -104,6 +104,10 @@ + + + + diff --git a/_site/PreqinVentureDeals_1_2_20160707163607.xlsx b/_site/PreqinVentureDeals_1_2_20160707163607.xlsx new file mode 100644 index 0000000..7ffb718 Binary files /dev/null and b/_site/PreqinVentureDeals_1_2_20160707163607.xlsx differ diff --git a/_site/about/index.html b/_site/about/index.html index 3d599e4..aa1d640 100644 --- a/_site/about/index.html +++ b/_site/about/index.html @@ -104,6 +104,10 @@ + + + + diff --git a/_site/archive/index.html b/_site/archive/index.html index 70a56c9..894de90 100644 --- a/_site/archive/index.html +++ b/_site/archive/index.html @@ -104,6 +104,10 @@ + + + + @@ -132,6 +136,7 @@

Blog Posts

diff --git a/_site/index.php/archives/23.html b/_site/index.php/archives/23.html index f90a521..89a1b95 100644 --- a/_site/index.php/archives/23.html +++ b/_site/index.php/archives/23.html @@ -104,6 +104,10 @@ + + + + @@ -182,6 +186,15 @@

Related Posts

diff --git a/_site/index.php/archives/27.html b/_site/index.php/archives/27.html index 9d8c0b3..f4d2284 100644 --- a/_site/index.php/archives/27.html +++ b/_site/index.php/archives/27.html @@ -104,6 +104,10 @@ + + + + @@ -205,6 +209,15 @@ Truecrypt permette di creare un volume crittografico che si presenta come un fil

Related Posts

diff --git a/_site/index.php/archives/32.html b/_site/index.php/archives/32.html index e32cf8e..1a414bc 100644 --- a/_site/index.php/archives/32.html +++ b/_site/index.php/archives/32.html @@ -104,6 +104,10 @@ + + + + @@ -764,6 +768,15 @@

Related Posts

diff --git a/_site/index.php/archives/36.html b/_site/index.php/archives/36.html index 981611c..8552813 100644 --- a/_site/index.php/archives/36.html +++ b/_site/index.php/archives/36.html @@ -104,6 +104,10 @@ + + + + @@ -189,6 +193,15 @@

Related Posts

diff --git a/_site/index.php/archives/37.html b/_site/index.php/archives/37.html index b67f565..0bb8dfe 100644 --- a/_site/index.php/archives/37.html +++ b/_site/index.php/archives/37.html @@ -104,6 +104,10 @@ + + + + @@ -165,6 +169,15 @@

Related Posts

diff --git a/_site/index.php/archives/44.html b/_site/index.php/archives/44.html index 93cb012..69f7296 100644 --- a/_site/index.php/archives/44.html +++ b/_site/index.php/archives/44.html @@ -104,6 +104,10 @@ + + + + @@ -281,6 +285,15 @@

Related Posts

diff --git a/_site/index.php/archives/46.html b/_site/index.php/archives/46.html index 0b5fb74..9f40022 100644 --- a/_site/index.php/archives/46.html +++ b/_site/index.php/archives/46.html @@ -104,6 +104,10 @@ + + + + @@ -202,6 +206,15 @@ Alcuni Related Posts diff --git a/_site/index.php/archives/47.html b/_site/index.php/archives/47.html index 2e84d76..1f52d3b 100644 --- a/_site/index.php/archives/47.html +++ b/_site/index.php/archives/47.html @@ -104,6 +104,10 @@ + + + + @@ -156,6 +160,15 @@ L’opera si trova a Berlino.

Related Posts

diff --git a/_site/index.php/archives/51.html b/_site/index.php/archives/51.html index 4dc6404..246ca54 100644 --- a/_site/index.php/archives/51.html +++ b/_site/index.php/archives/51.html @@ -104,6 +104,10 @@ + + + + @@ -210,6 +214,15 @@

Related Posts

diff --git a/_site/index.php/archives/55.html b/_site/index.php/archives/55.html index 93620d8..fc54075 100644 --- a/_site/index.php/archives/55.html +++ b/_site/index.php/archives/55.html @@ -104,6 +104,10 @@ + + + + @@ -158,6 +162,15 @@ L’attacco avviene attraverso l’uso di codice Javascript e analizza l

Related Posts

diff --git a/_site/index.php/archives/57.html b/_site/index.php/archives/57.html index 767916e..661cf73 100644 --- a/_site/index.php/archives/57.html +++ b/_site/index.php/archives/57.html @@ -104,6 +104,10 @@ + + + + @@ -246,6 +250,15 @@

Related Posts

diff --git a/_site/index.php/archives/60.html b/_site/index.php/archives/60.html index db0d89b..9292b6b 100644 --- a/_site/index.php/archives/60.html +++ b/_site/index.php/archives/60.html @@ -104,6 +104,10 @@ + + + + @@ -168,6 +172,15 @@ Secondo alcuni amministartori del sito, tra cui OptimusCrime, Boneless vendette

Related Posts

diff --git a/_site/index.php/archives/66.html b/_site/index.php/archives/66.html index c0b9154..17b1a3e 100644 --- a/_site/index.php/archives/66.html +++ b/_site/index.php/archives/66.html @@ -104,6 +104,10 @@ + + + + @@ -168,13 +172,16 @@

- p { margin-bottom: 0.1in; line-height: 120%; }a:link { }“Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA thinks there are nearly 10,000” +Estimates of the current size of the body of federal criminal law vary. It has been reported that the Congressional Research Service cannot even count the current number of federal crimes. These laws are scattered in over 50 titles of the United States Code, encompassing roughly 27,000 pages. Worse yet, the statutory code sections often incorporate, by reference, the provisions and sanctions of administrative regulations promulgated by various regulatory agencies under congressional authorization. Estimates of how many such regulations exist are even less well settled, but the ABA thinks there are nearly 10,000”

- p { margin-bottom: 0.1in; line-height: 120%; }a:link { }Con le parole di Bruce Schneier: “se mi dai sei linee scritte di pugno dall’uomo piu` onesto, potrei trovare qualche motivo per farlo impiccare!”.

+ Con le parole di Bruce Schneier:

+ “se mi dai sei linee scritte di pugno dall’uomo piu` onesto, potrei trovare qualche motivo per farlo impiccare!”. +

+

A questo si aggiunge che non e` sempre la verita` la paladina dei nostri diritti: spesso i pregiudizi sociali a cui si aggiunge la manipolazione dei mass media porta un innocente ad essere dichiarato colpevole falsamente ed innanzitempo. 

@@ -217,6 +224,15 @@

Related Posts

diff --git a/_site/index.php/archives/67.html b/_site/index.php/archives/67.html index 1f674af..33864a2 100644 --- a/_site/index.php/archives/67.html +++ b/_site/index.php/archives/67.html @@ -104,6 +104,10 @@ + + + + @@ -186,6 +190,15 @@ In questo modo ed attraverso i cookie Facebook riesce a riunire la maggior parte

Related Posts

diff --git a/_site/index.php/archives/70.html b/_site/index.php/archives/70.html index 1a9a12b..723996a 100644 --- a/_site/index.php/archives/70.html +++ b/_site/index.php/archives/70.html @@ -104,6 +104,10 @@ + + + + @@ -235,6 +239,15 @@

Related Posts

diff --git a/_site/index.php/archives/73.html b/_site/index.php/archives/73.html index 346dd13..f3b07b0 100644 --- a/_site/index.php/archives/73.html +++ b/_site/index.php/archives/73.html @@ -104,6 +104,10 @@ + + + + @@ -158,6 +162,15 @@ Il payload è un tipo di shellcode, ovvero un piccolo pezzo di codice, che sfrut

Related Posts

diff --git a/_site/index.php/archives/78.html b/_site/index.php/archives/78.html index d96f87e..2dc87ed 100644 --- a/_site/index.php/archives/78.html +++ b/_site/index.php/archives/78.html @@ -104,6 +104,10 @@ + + + + @@ -160,6 +164,15 @@

Related Posts

diff --git a/_site/index.php/archives/82.html b/_site/index.php/archives/82.html index babaab1..71c3f0f 100644 --- a/_site/index.php/archives/82.html +++ b/_site/index.php/archives/82.html @@ -104,6 +104,10 @@ + + + + @@ -210,6 +214,15 @@

Related Posts

diff --git a/_site/index.php/archives/85.html b/_site/index.php/archives/85.html index d293634..72ce251 100644 --- a/_site/index.php/archives/85.html +++ b/_site/index.php/archives/85.html @@ -104,6 +104,10 @@ + + + + @@ -197,6 +201,15 @@ I dati sono la risposta economica a: “Iscriviti, e’ gratis e lo sarà se

Related Posts

diff --git a/_site/index.php/archives/87.html b/_site/index.php/archives/87.html index 686f673..ce4e622 100644 --- a/_site/index.php/archives/87.html +++ b/_site/index.php/archives/87.html @@ -104,6 +104,10 @@ + + + + @@ -187,6 +191,15 @@

Related Posts

diff --git a/_site/index.php/archives/9.html b/_site/index.php/archives/9.html index f7604e9..193dc90 100644 --- a/_site/index.php/archives/9.html +++ b/_site/index.php/archives/9.html @@ -104,6 +104,10 @@ + + + + @@ -176,6 +180,15 @@ echo Complete.

Related Posts

diff --git a/_site/index.php/archives/90.html b/_site/index.php/archives/90.html index 6edd504..8ea9407 100644 --- a/_site/index.php/archives/90.html +++ b/_site/index.php/archives/90.html @@ -104,6 +104,10 @@ + + + + @@ -147,6 +151,15 @@

Related Posts

diff --git a/_site/index.php/archives/99.html b/_site/index.php/archives/99.html index 731d544..199b174 100644 --- a/_site/index.php/archives/99.html +++ b/_site/index.php/archives/99.html @@ -104,6 +104,10 @@ + + + + @@ -189,6 +193,15 @@

Related Posts

diff --git a/_site/page10/index.html b/_site/page10/index.html new file mode 100644 index 0000000..7f85471 --- /dev/null +++ b/_site/page10/index.html @@ -0,0 +1,173 @@ + + + + + + + + + + + + + + Caught in the Net · La rete ti cattura ma libera il pensiero + + + + + + + + + + + + + + + + + + + + + +

+Caught in the Net + + +

+ +
+
+ +
+

+ + Chiave PGP + +

+ + + +

Questa e` la nostra chiave PGP con la quale possiamo essere contattati all’indirizzo
+pescewanda3 [at] gmail.com

+ +
+ —–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2

+ +

+ mQENBFUa5j4BCAC8clTqI75PkKJ+YewmyXqjBtlsqXCWlunS4CkQTaaI3I5c13yz
+Nc+gibHrxhQZcOULYhjlhe9PNv/8Bnj4i2qBMjJNORAlJycjgyzCTy3OY+Hkt6Q
c/6uXp5ObnLblKwnPSgaij9GuH4PD1fe+fN0LORMqNJ8PNdk1a5qNJ7fuH8/nIus
F2+Rv6qej0OcLIUUebeiMLu+Nc52tDX76kjdvq9cG7AyAXpo478Xr4EnhPDB0sXc
TAGJ3I93caVXa9lqP+njI9mPDTyrl+lobLgQhdIOsW50JZmbG/EHMHFKahcaEssM
50lz+PtqZ0VblIDTe9xjukdcPaKhPaGuW2OxABEBAAG0KWNhdWdodF9pbl90aGVf
bmV0IDxwZXNjZXdhbmRhM0BnbWFpbC5jb20+iQE5BBMBCAAjBQJVGuY+AhsDBwsJ
CAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ12NuZ5rBCRLsOgf9EhR2I0M30jzP
rDYU5jFwyaFzWheiKO9yAiHHj2+iJXYsPcyNEIa0E+IqqMWu9e7AksscRe/rkq7U
wOANtiYMVTfdqnPE13c4KqKTXjikua/j4lE3fDU4IF5+sRgK62H+Ee64flP1ReO8
Zo4z2mwcYxqag+uSNBE0pnuICSd9NCCOiKjS0HRaG0CbpyDQ+fuqjulfn9zpU1a2
6y/Lg1uixIDZZICmVKfZkl5ZqkS/1Sdx4AK6rnnFH0gZ1k2J6LsE4cqvazIroRgr
opnuSQsfwMNiu6oaBe/+kzlhSZy/vb/vw0HT5oZHtY2so/dZe42v40weyxroZgaY
SR2wE5wsM7kBDQRVGuY+AQgArq1F9dl61MOSQi/SYTgmPYjptcgm0L5QBmsOeN1v
9YWPFn/AR8GOiGRF1//TI+ECjfL8uAdzbK1xJURXcBTrO0BdgRBlaZgSRiq+KFGT
pmyjj+q1toVLPwIZmsxHL6j7doSnt9Z4oesKIJ2hrdEGZ3hpFBekxMR2lmHk3zQB
e/qsSUwS/rIk/BBWtdifdEzcK7AJb0nRAJzQu6kyEdOGOuEprtSkG8789SkKGFxz
HuEIyRxoLz/KQJ7FGINQwNYXM6+5pjNt7vu5knFGF71TjVN0UjFck/mxWObxwxO3
EoZtW6tNgkxdOoFBIo8hhSxsVqIHoyztf58Ppo/IOgSCyQARAQABiQEfBBgBCAAJ
BQJVGuY+AhsMAAoJENdjbmeawQkSx/EIAK26MGlFMzviE9mWRF09vljESVbfRcnE
ybMZNlq/w6AdU1R6g2nbooKX1KuB8uBTZYegLJByj+ssiZagrW7rASLLVADzfP3D
m2TFCqE/LeOJzgMtaUfEAgvee4jNVHFvAJ2k5fejk9aQ+r3EskqACqfnY4y5SE30
tFsS+Wwz1C+NHFv0EnVyJaDUGKq7ZX7BQHGlxW0AFz17l4hMQztgx6Il36yC5EQr
BQULGVPCHpadUGpzPWIqKhIg33P3FlCqzSVBGB9aXqfBQYAUjP2MrieWcaLdJbRM
MBR29ROibDEd8qOPvcHrRg3cb2OPw9/Ia19VqEE9/tjn094CCuVkDPU=
=/XCq
—–END PGP PUBLIC KEY BLOCK—– +

+
+ +
+ +
+ + +
+ + + diff --git a/_site/page2/index.html b/_site/page2/index.html index 9837878..11b33a8 100644 --- a/_site/page2/index.html +++ b/_site/page2/index.html @@ -104,6 +104,10 @@ + + + + @@ -129,6 +133,93 @@
+
+

+ + Why Wright's proof is a fake + +

+ + + +

I explained in my previous post (in italian) that the signature that Wright provided as a public proof is in fact invalid. +I want to explain briefly how you could check this claim. +The key in Wright's post is this:

+
------------------------- Signature File -------------------------
+MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl1
+3VTC3ihl6XUlhcU+fM4=
+------------------------- End Signature --------------------------
+
+

Now we can use some bash utilities:

+ +
    +
  • base64, that translates encoded ASCII text;
  • +
  • hexdump, that displays hexadecimal contents from the input;
  • +
  • cut, used to remove the binary part of the input;
  • +
  • tr, used to delete spaces and carriage return from the input;
  • +
+
base64 -d <<<'MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4=' | hexdump -C| cut -b 11-60| tr -d ' \n'
+
+3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce
+
+

Let's analyze the command one by one:

+ +
    +
  • base64 -d decodes the redirected string, the output is some gibberish characters so I won't display them here;
  • +
  • hexdump -C is used with a pipe to convert to hexadecimal:
  • +
+
00000000  30 45 02 21 00 c1 2a 7d  54 97 2f 26 d1 4c b3 11  |0E.!..*}T./&.L..|
+00000010  33 9b 51 22 f8 c1 87 41  7d de 1e 8e fb 68 41 f5  |3.Q"...A}....hA.|
+00000020  5c 34 22 0a e0 02 20 66  63 2c 5c d4 16 1e fa 3a  |\4"... fc,\....:|
+00000030  28 37 76 4e ee 9e b8 49  75 dd 54 c2 de 28 65 e9  |(7vN...Iu.T..(e.|
+00000040  75 25 85 c5 3e 7c ce                              |u%..>|.|
+
+
    +
  • cut -b 11-60 displays only the characters from column 11 to 60:
  • +
+
30 45 02 21 00 c1 2a 7d  54 97 2f 26 d1 4c b3 11  
+33 9b 51 22 f8 c1 87 41  7d de 1e 8e fb 68 41 f5  
+5c 34 22 0a e0 02 20 66  63 2c 5c d4 16 1e fa 3a  
+28 37 76 4e ee 9e b8 49  75 dd 54 c2 de 28 65 e9  
+75 25 85 c5 3e 7c ce                            
+
+
    +
  • tr -d ' \n' is used to delete spaces and carriage returns from the output so that is shown in one line and it gives us the final result:
  • +
+
3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce
+
+

If you noticed, there is also another cleartext string at the beginning of Wright's post:

+
$ base64 -d <<<'IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNhdG9zaGkuCgo='
+Wright, it is not the same as if I sign Craig Wright, Satoshi.
+
+

Now let's head to blockchain.info. +Blockchain.info has a little utility to get hexadecimal informations out of a transaction on the blockchain, so let's use it to get the related info about this transaction:

+ +

tx/828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe +tx/828ef3b079f9... in hexadecimal

+ +

As you can see the entire output of the first bash command, that is + +3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce + +is contained in: + +"script":"483045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce01" + +except for the 48 at the beginning and the 01 at the end.

+ +

That is a signature hash: +this page explains that the 48 is just a decimal prefix given to uncompressed transactions, and the 01 at the end is just a SIGHASH_ALL code that flags the end of the signature.

+ +

So, is it a fake?

+ +

Yes, indeed. +At the end, I ask, why would you choose anything else than the easiest and most conclusive way to prove something?

+ +

Wright "signs" the blockchain

+ +
+

@@ -335,45 +426,6 @@ instantaneously.

-
-

- - The Buridan's donkey in python - -

- - - -

During the final weeks of my exam session I started reading a bit about python 3 using an excellent book: Dive into Python. -When I noted that python uses the Mersenne Twister PRNG as well I decided to write another version of my Buridan's donkey program.

- -
    import random, sys
-
-    if __name__ == '__main__':
-        args = list()
-        if not sys.stdin.isatty():
-            for line in sys.stdin:
-                if line[-1] is '\n':
-                    line = line[:-1]
-                args.append(line)
-        else:
-            args = sys.argv[1:]
-        argRange = len(args)
-        for i in range(argRange):
-            print(str(i+1) + '.', args.pop(random.randrange(0, len(args))))
- -

This script works in a different way than the one in c++. -Rather than shuffling a list made by the entries in the arguments, it pops randomly one entry from the list till the list is empty.

- -

Not satisfied enough, I wrote also a telegram bot using the telebot library that works as the script above but inside the telegram app. -The bot can be added to your contact list by simply searching for @duridan_donkey_bot (yes, a typo!)

- -

All the code is opensource and can be found on my github page.

- -

Francesco Mecca

- -
-