I am the kind of guy who has a musical interest but not a whole lot of musical talent, or at least not a whole lot of musical training. I have begun to learn guitar many times, always to give up with some frustration or another. Sometimes it was the pain in my fingers, other times the inability to make any chords that sounded half decent, still other times said fingers getting tied up in knots as I attempted to move from one chord to another. But I think I’ve found a way to end this. If you have a similar history, you may want to read on. Read More
Perhaps your story is similar to mine. Having missed that crucial period in my teens when all my friends were learning to play guitar (because I was studying, or so I tell myself), I’ve tried many times to catch up and accompany my (arguably) good voice with a stringed instrument, and always failed, for different reasons. In this article I try to explain why, and how I got some traction eventually so that I finally (almost) succeeded. Read More
Lately I’ve been quite taken by string instruments, and collected four ukuleles, of different kinds, in a very short time (they’re so inexpensive!). I was going to acquire a fifth one, a banjo ukulele or banjolele, when I realized that I would save a lot of money if I made it myself from Chinese parts ordered over the Internet. A lot of waiting for parts, but about two months later the instrument is ready and it sounds awesome. This article will tell you how I made it while hardly possessing any luthier skill, in case you want to do the same. Read More
Sorry about the title. This post is motivated by Steven’s comments to the “What is Randomness?” post, where he describes a way that the current paper-and-pencil cipher champion, FibonaRNG, could be broken. Rather than responding with more comments, I thought a whole new post on the issue would make more sense, since it’s going to be rather long. For those who prefer the short version: yes, what Steven says would work, but not very well, although it looks like it should. Read on if you prefer the long version.
Current version of URSA is: 4.2.1
Made on 9/6/17
Main source: https://passlok.com/ursa
SHA256 string for web source (single html file):
See the author reading this:
What started as a small improvement on image steganography has grown into a major update of all my published apps, encompassing PassLok Privacy, PassLok for Email, SeeOnce, URSA, plus two new apps: PassLok Image Encryption, and PassLok Human Encryption. This articles summarizes the changes for those who might be curious. Read More
You’ve seen this advice many times: use a different password for each website you log into, including lowercase, capitals, numbers, and special symbols. Change it often. If you don’t, a hacker that breaks into one of those websites might be able to get into your bank account and your Facebook page, emptying the first of money and filling the second with child porn. But I’d bet you don’t do it because it’s just too hard to come up with a good password for each website, and then remember it. In this post, I’ll be telling you a paper-and-pencil trick derived from one whose author is none other than Turing award winner Manuel Blum, but far less taxing on your brain. Read More
PassLok is once again getting some attention in the news, so I thought it would be a good idea to collect some of the things that have been said in a post. Some of the titles from major tech outlets: “PassLok Simplifies Email Encryption so Anyone Can Use It” (lifehacker.com), “PassLock (sic): Easy Email Encryption for Everyone” (makeuseof.com). Read More
In Latin, “Tabula Prava” means “crooked table.” This is a play on “Tabula Recta” (straight table), which is a grid full of letters used in a number of classic ciphers, including the Vigenère cipher. Tabula Prava is the straightforward combination of a high-entropy key derivation algorithm, which I published earlier on this blog, and the FibonaRNG cipher, also published here. The result is a very secure cipher that is still quite fast and easy to use with pencil and paper. Read More
The “unthinkable” has happened: it is alleged that WhatsApp has a backdoor in its end-to-end encryption, and nobody has actually been getting any security all along. All of this while using the acclaimed “open source” Signal protocol. This article will not break any news, but hopefully will make you think and be safer as a result.
Hint: it has all to do with the quotes in the first two sentences. Read More