Always make sure to salt your hash

You may be wondering what the connection between the words hash, salt, rainbow tables, and dictionary is.  The answer? Cybersecurity.  Each of these terms plays a crucial role in the complex game of keeping user passwords safe.  Every database that stores passwords is liable to be compromised by malicious crackers, so computer scientists have needed to devise different ways to make sure our passwords and usernames remain safe.

Simply put, our passwords are not stored as our passwords.  To use a common password as an example, ‘letmein’ would not be stored in the database exactly as the string ‘letmein’.  Instead, encrypting algorithms change your password into an unintelligible combination of characters.  However, there are two forms of encryption. 

The first method is a two-way encryption using a key.  The password is changed into an unintelligible representation using a defined key.  However, if someone can get their hands on the key, they can easily crack all of the encrypted passwords.  As a result, encrypting passwords leaves them completely vulnerable to being compromised by someone with the key.  Yet, two-way encryption has a valid use in message transmission.  You provide the recipient with the key and the encrypted message, and they can subsequently decode it.

The second method is called hashing.  Hashing does not require a key, and is thus referred to as one-way. Instead of using a key, hashing converts a string of arbitrary length into a string of a fixed size.  It is infeasible to invert the hashed code back into a readable message.  As a result, it is used to store passwords in databases, since even if a cracker had access to hashed passwords, they would not be able to convert it back to readable passwords.  In addition random input, or ‘salt’, is also concatenated onto the password then hashed for extra security.

Hashing maps arbitrary length strings onto a fixed length string. 

A rainbow table is one mode of attack on hashed encryptions.  Rainbow tables use a pre-computed table of values to try to reverse a hash, as opposed to dictionary attacks that will go sequentially through a dictionary of characters to solve the problem in brute-force fashion.  Since the input is more limited, not as much of a burden is put on the computer’s storage.  Luckily, salting the hash renders even rainbow tables infeasible.

In the technical world of today, both corporate and personal data need to be kept safe for the sake of societal stability— cryptography is the key.

References & Pictures:

https://en.wikipedia.org/wiki/Salt_(cryptography)

 https://en.wikipedia.org/wiki/Cryptographic_hash_function

http://www.kedeleducation.co.uk/picnic-tables.html

http://weknowyourdreams.com/salt.html

Hospital Has Hankering for Handling Hardy Hearts

3D models of one person's heart.

If you’ve ever wanted to show the special someone in your life just how much you love them, it’s time to ditch the chocolate and flowers.  A new system developed by researchers at MIT and Boston Children’s Hospital converts an MRI scan of a patient’s heart and into a physical 3-D printed model in a matter of hours.  While you may not be able to actually take advantage of this technology as a consumer to print models of your heart, it is set to make a splash in the medical community.

Before this technology, surgeons had to rely on two-dimensional imaging to evaluate the heart of a patient.  Crucial decisions hinge on their ability to properly size up the condition of a patient’s heart, which is hard to do when you have only flat images to represent one of the most vital organs of your body.  “Our collaborators are convinced that this will make a difference,” says Polina Golland, a professor of electrical engineering and computer science at MIT. 

 

I can heartly believe it!

MRIs produce many flat cross section images of your body and use the contrast between light and dark to depict where there might be abnormalities in the organ.  However, current algorithms used to help structure the images and spot abnormalities are often insufficient and lack the precision desired by surgeons when considering surgery.  In the past, attempts at 3-D modeling heart used algorithms that based the model largely on generalized models of normal hearts; however, most patients requiring surgery have anything but normal hearts.  The patients’ irregularities are not depicted by these algorithms, thus rendering them largely useless.  Other models required doctors to manually indicate boundaries on MRI scans.  This laborious and tedious process led to many errors and wasted resources.  The new algorithm developed by researchers automatizes the process, cuts time required dramatically, and achieves 90% agreement with expert manual renditions of the heart.

A clinical study will be conducted in the fall with 10 participating doctors at Boston Children’s Hospital. “Absolutely, a 3-D model would indeed help,” says Sitaram Emani, a cardiac surgeon at Boston Children’s Hospital. “We have used this type of model in a few patients, and in fact performed ‘virtual surgery’ on the heart to simulate real conditions. Doing this really helped with the real surgery in terms of reducing the amount of time spent examining the heart and performing the repair.”

The medical field as a whole is already taking full advantage of 3-D printing.  From artificial blood vessels, cheap prosthetic limbs, bones, and heart valves, to even drugs, 3-D printing technology is driving the medical field into the future thanks to its precision, convenience, and low cost.

References and Pictures: http://news.mit.edu/2015/3-d-printed-heart-models-surgery-0917

I 🙋 love ❤️ EMOJIS!! 😩🙌😍

They say that a picture is worth a thousand words.  These days, many of the text messages sent between friends and family utilize tiny pictures, emojis, to communicate ideas and emotions rather than type them out.  In fact, Oxford Dictionaries named (Face With Tears of Joy) its 2015 Word of the year.  Everyone is guilty of indulging in the pleasures of a good emoji at one time or another.  But have you ever stepped back to consider the way emojis are actually successfully sent over sms text?

The first emoji was designed in 1998 in Japan by a man named Shigetaka Kurita, who was working at a Japanese mobile operator company on a team developing their mobile internet platform.  Kurita then developed a full set of 172 12x12 emojis as a part of his company’s mobile messaging service in the hopes of it being a distinguishing feature for his company among the crowded mobile market.  He modeled the facial expressions on real expressions he observed during his daily life in urban Japan. 

 

Shigetaka Kurita, the father of a new generation of communication.

Another motivation to develop these small emojis was that the people of Japan were beginning to send many large pictures to communicate rather than text messages, overwhelming the capability of the telecom companies.  Out of this squeeze, the modern system of emoji sending was born.  Under the hood, something called UNICODE is responsible for our beloved emojis.  UNICODE is an encoding standard that assigns letters, digits, symbols, and, most importantly, emojis, unique numeric values that can be interpreted universally by different machines.  This is why I can successfully send my dad, a Windows phone user, a fire emoji from my iPhone.  It is also why there is no need for the message to be converted to an MMS message containing a picture, because what is actually being sent is the code for the receiving phone to then represent as the emoji picture.

 

Small excerpt from the chart of emoji UNICODE .

UNICODE dates back to 1987 when employees of Apple collaborated with a worker at Xerox with the aim to develop a universal, unified, and unique character encoding system.  According to Wikipedia, UNICODE now contains a repertoire of more than 128,000 characters, covering 135 modern and historic scripts.  For this reason, the world is able to not only view each others’ unique language characters, but also communicate with simple, effective, and fun emojis.

Good Vibrations

Cybersecurity continues to be a major area of discussion, research, and development in our ever-technologizing world. Given the multitude of data breaches of corporations, governments, and personal citizens, it is no secret that hackers can get their hands on much of the data that gets transmitted and stored throughout the world. However, computer scientists and electrical engineers at the University of Washington have developed a system that utilizes your body to physically transmit sensitive data from one device to another, circumventing the need to expose that data to penetrable air waves.

When you send passwords or other information over airbone radio waves such as Wifi or Bluetooth, that data can be eavesdropped on by hackers who are able to crack the encryption.  As a result, the researchers at University of Washington have developed a way to securely send passwords through the human body utilizing harmless, low-frequency transmissions generated by fingerprint scanners available on a number of consumer devices, like the iPhone.

The system takes advantage of the already fine-tuned capabilities of these on-board scanners, but instead of having them just read input, the system uses the sound waves generated by the scanner to create corresponding output. "Fingerprint sensors have so far been used as an input device. What is cool is that we've shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body," said senior author Shyam Gollakota.  The tests used 10 differently sized people and numerous devices including an iPhone and a Lenovo laptop to successfully transmit the data through the human body and unlock a smartlock on a door.

The process requires a sequence of finger scans to encode and transmit data.  Performing a finger scan represents a 1-bit of data and not performing the scan correlates to a 0-bit.  After the data is entered on a smartphone and ready to be transmitted, it can securely travel through your body through the fingerprint scanner to a receiver embedded in another device that will then confirm your identity.  This method can be useful for securely confirming your identity to medical devices such as glucose monitors or insulin pumps, where confirming the patients identity before functioning is crucial.

References & Pictures:

https://www.sciencedaily.com/releases/2016/09/160927134838.html

http://null-byte.wonderhowto.com/how-to/advice-from-a-hacker/