Been a while…

Been pretty busy, but since this COVID19 mess began, I’ve been working from home.  Spent the first two week dealing with oncall issue, then then lots of deployment issues.  Work kept me pretty busy. 

But, I finially got time to work on some of my sewing (New messanger bag in the works for me…).  BUT, Charrie started a new job at a nusting home, and they are required to wear masks when dealing with patients.  Since all her patients are potentially vulnerable individuals AND all in the same place, the nursing home takes this very seriously!   Unfortunately, they only had one mask for her.  It’s reusable, but needs to be washed every day.  This gets to be a drag very quickly!

So, my messanger bag got pushed to the side, and I started looking at masks.  She does not like the standard surgical style mask, especially with ties.  And the ties on her’s are a fairly wide, smooth ribbon.  When tied, either a pain to untie, or won’t stay tied.  So…  After much research, I made an Olsen style mask from UnityPoint Health’s YouTube channel: https://www.youtube.com/watch?v=ZnVk12sFRkY&t=59s  Little bit of a challange, but the biggest problem was getting it to fit Charrie properly.  And the pattern, for her, looked a bit big.  Works good for me though!

Not too bad for me, but not very satisfactory for Charrie.   Decided to do a bit more research before I started messing with how to scale the patter to fit her, not to mention how to get the ear loops to fit right, I found another one on YouTube that seemed to fiit the bill.  It was called the “Best Fit Face Mask” (https://www.youtube.com/watch?v=-t_Gz3lGwF8), and had some nice options for handling that pesky ear loop fit/adjustment.  Especially since finding elastic right now is nearly impossible!  So I made one up (medium) from the author’s pattern, and had Charrie test fit it. 

Front:

 

Back:

Fit beautifully!  So I make up two more:

Fronts:

Backs:

  

All have the filter pocket added.  Even if no filter is added, there is one more layer of tigher weave cotton to help keep her bad stuff to herself, and the patient’s bad stuff, to themselves!

Not N95, but it does not need to be in this case.

Now to work on my messanger bag.  Nice tapistry looking fabric…

Humans are lousy random number generators

After reading Bruce Culp’s December 2014 newsletter, I found it interesting that I was writing on a similar topic, but from a different direction. In Bruce’s newsletter, he mentions a Reg Parker who thought through the human process and the weaknesses in humans. I would consider this one of the first steps in social engineering, a problem we still face today. In his case, he did not use social interactions to obtain information, but clever observation of human behavior and how to leverage that knowledge. What is the problem we are looking at?
Humans are lousy random number generators!

I may not be the best Enigma historian, but my training in Mathematics and Statistics has shown me that humans are lousy at choosing random numbers or letters. Part of the security of Enigma, or any cryptology system, is that randomness. The rotor starting point and the key used, needs to be random. In addition, any short-term repetition or pattern endangers the entire system.

To test this theory on myself, I recorded my passwords over an extended period. By studying that list, I noticed I have certain patterns in the self-generated passwords. I do better by looking around at choosing objects at “random,” taking three or 4 characters from the name or category and add numbers and special characters by bouncing my hands on the keyboard without looking. Not perfect, but better than the ones I thought up as “random.” Because we have a tendency to fall into patterns, I was careful not to choose the same object that was chosen in the prior 4-5 passwords. While true random passwords or choices can repeat, a repeated three letter pattern would assist the cryptologist/bad guy in cracking my password.

Many people have studied humans’ lack of ability to be random (see below). So how can we overcome this problem as we try to emulate proper procedures to create secure keys? Alternatively, to use this to create better passwords for yourself? True random passwords are difficult to remember, but there are strategies to help. Semi-random pronounceable passwords are better for humans, but are a weaker then true random ones. A bit weaker, but one you can remember is far better then one that is secure, but you have to write it down! As a systems administrator, I have to generate initial passwords for my users. I use the Password Generator listed in Sources of Random, below. You will notice, the pronounceable passwords have many 3-letter groups that we can take advantage of for Enigma settings.

If you look under “Sources of Random,” I also have a couple of different Apps and a web page to help. Are these truly random? Nope! However, the pseudorandom algorithms are sufficiently complex, that for the number of messages we are likely to send, we should be OK.

Don’t like these? Got one or two dice? Couple of coins? I have created a couple of charts to let you use “old tech” to generate some random values. The coins are a bit more work, since it takes five coin tosses to get one letter, but if you are not in a rush, it works. The dice charts were designed to spread the numbers out so the chance of any dice roll will give you the best chance of getting a number, but even with that, 10 throws out of 36 (27.7%) are a reroll. Without getting in to fancy dice and complex charts, it is the best I can do. If you want to spend a few bucks, you can get a 26-sided die.

Do you need to change anything for something we do for fun? No, but hopefully this will give you some thoughts on the problems of creating secure keys and passwords

Sources of Random:

  • Web based Random Letter Sequence Generator: You can generate several three/four letter sequences to use as starting points and keys for Enigma enciphering. Generate several sequences to keep handy, and scratch them off as you use them. (http://www.dave-reed.com/Nifty/randSeq.html)
  • Android App: “Letters & Numbers Generator”: My favorite Android app to generate random letters. (https://play.google.com/store/apps/details?id=andr.app.random&hl=en)
  • IOS: “Letters – Random Character and Words” by Georg Dresler
  • Dice:
    • 26 letters: http://tinyurl.com/oou7fjf
    • 26 numbers: http://tinyurl.com/nezk67e
  • Password Generator: http://www.us-webmasters.com/Random-Password-Generator/

References:

  • Human Password Selection and Randomness: http://www.cs.cmu.edu/~jblocki/HumanRandomness.htm
  • Are people capable of generating a random number? http://philosophy.stackexchange.com/questions/1961/are-people-capable-of-generating-a-random-number
  • Humans cannot consciously generate random numbers sequences: Polemic study. http://www.researchgate.net/publication/5954804_Humans_cannot_consciously_generate_random_numbers_sequences_Polemic_study
  • Kerchkhoff’s principle: http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

IT problems at home

I was untangling a cable, and decided to use the drop off the cat walk to assist in untangling the cable.

I started to wind the 100′ cable on a cable reel, and it would not come back up.  I looked over the rail, and no cable!  So I go downstairs and find:

I follow it down the hall:

And around the corner in to the master bedroom:

Around the dresser:

And in to the master bath!

Right at the loop is where the culprit in the above picture was caught with the loop in the his mouth.  I think he found the Mother of All Strings!  I figured I had to document his IT transgressions.  No matter how hard I try, the end users still stick things in their mouths or do other silly things. (sigh)