Hey everyone,

Exam MLC actually stands for “Actuarial Models: Life Contingencies,” but more on that later. Despite having an increasing workload for the third quarter, I’ve still managed to maintain my study schedule and have even had free time for books. Each night before I go to sleep I usually spend 30 minutes or so reading for fun, and I’ve recently finished Stephen Levy’s Hackers: Heroes of the Computer Revolution, which depicts the history of computing from the early days of MIT’s AI Lab and SAIL at Stanford (if you want to go back further to say, Babbage’s Analytical Engine or Ada Lovelace’s programs – you’ll have to look elsewhere) to Wozniak’s Apple II and the formation of Silicon Valley and its mega-corporations up to 1982. The book begins with an introduction to the origins of the term “hacker”, which originated back to the hacks, or pranks that clever students would perform at MIT (well-known hacks include stealing Caltech’s canon, putting firetrucks and police cars on top of the Great Dome, etc.). The term also refers to how early computer enthusiasts would hack together their personal computers from pieces of scrap at the junkyard and throwaway components from large corporations since they didn’t have the luxury to go buy parts from the computer store in the way we can today. I found the book enjoyable and entertaining, but a little lacking because it didn’t present any information past the mid 1980’s before Microsoft’s dominance, since computers have changed dramatically since then.

After reading Hackers, I picked up a copy of Heath’s 1908 translation of Euclid’s Elements – an ancient book on pure Geometry, which I heard about while studying Math in high school but never got around to reading until well after college. The book doesn’t seem difficult – I’d say that the language feels similar to something in between Kafka and Hemingway or that of any typical writer of the early 20th century – without all the messy political allegories or symbolism, though the book is certainly full of symbols! The work itself consists of propositions or theorems  derived from fundamental postulates and definitions, and demonstrates methods for drawing geometric configurations using only a compass and straightedge. The logic flows easily, and right now the most difficult thing for me involves suppressing what I already know – because you have to learn how to not take things for granted when proving things from first principals.

Anyway, my main focus for the next three months involves studying for MLC, and one of the challenges you have to face while studying requires memorizing vast amounts of information since even the most obscure topics can serve as legitimate exam material. One of the techniques I’ve seen my actuarial professor, Jim Daniel use involves associating a cryptic formula with a meaningful phrase, for instance if you want to recall the quadratic formula you say, “x equals the opposite of b, plus or minus the square root of b squared minus four a c, all over two a,” while singing the tune to “Pop Goes the Weasel” in your head. I’ve seen my medical school friends use this method to great success when memorizing chemical compounds. For some strange reason, people have a much easier time memorizing phrases that carry meaning than memorizing seemingly random strings of numbers and letters. I have no idea how that works but until our nation’s best and brightest minds figure out a way for us to download large books into our minds in a quick and efficient way, I’ll have to stick with these strange, and at times, baffling methods. Anyway, when it came to studying for exams, Dr. Daniel liked to use the phrase “old guys go first” to easily recall formulas for benefit reserves. Today I studied formulas for fractional ages while sitting on a plane en route to Houston from Oakland. These formulas interpolate the distribution of deaths between integer years since the tables themselves only have integral data. For instance, the linear interpolation has the form of (1-t)*s(x)+t*s(x+1), exponential interpolation has the form (1-t)*Log(s(x))+t*Log(s(x+1)), and hyperbolic/Balducci interpolation has the form (1-t)/s(x)+t/s(x+t). Memorizing the shape of each interpolation should not present a problem because the terms linear, exponential, and hyperbolic already give the student hints as to what the symbolic expressions should look like. However, memorizing the exact placement and order of the letters x,t and and symbols +/- will give the student headaches. Thus, I came up with the saying “take from the past and give to the future,” which tells the student to use the multiplicative factor (1-t), with the survival function at time x and use the multiplicative factor t for the survival function at time x+t, a time in the future.

In the midst of studying for exams, I managed to fly over to Oakland this weekend to see one of my friends get married. I’ve known her since I was six as my sister’s godparents’ daughter and both our families would visit each other during vacations and I would play Legos and video games with their son when we weren’t trying to beat each other up. I got to see a lot of people that I haven’t seen in ages and I had a really good time. However, I never thought of marriage as something worth the risk with the 40% divorce rate and all, but once I remember asking my college roommate why he decided to play the lottery and he gave me some ridiculous reason along the lines of “if you don’t play, your odds of winning are zero” despite the fact that he studied math in college (sorry man, just picking on you for a second, you’re a cool guy and all). That did get me thinking though (not enough to start playing the lottery), that you can never reach your goals without taking on risk, and that you have to work hard to achieve anything worthwhile in life. For instance, I study hard despite the 50%-75% failure rate on each exam because I want to succeed as an actuary. Likewise, the newlyweds have decided to take the next step despite knowing that they’ll surely face difficult challenges over the next several decades because they know they’ll be happy if they succeed. For that, I admire their leap of faith and wish them the best.

The pictures of the wedding haven’t arrived yet, so here’s a Double-Double from In-n-Out Burger that I had on the way to the wedding:

Hi everyone!

It’s been a very long time since I last updated and I have so much to write about – race reports, employment, learning math and computers, and so on and so forth, but I need to keep it short since I have to wake up early tomorrow morning. So, today I’ll be writing about a project that I’ve been working on – brute-force password cracking to help me learn more about permutations and combinations, recursion, efficiency, and possibly multithreading later on. Of course, the most important issue here is cybersecurity and how to prevent attacks.

Let me stress that cybersecurity awareness is an extremely important issue in our day and age and when you have your money, identity, and livelihood entrusted to computers, you need to know how people can access your information and how to reduce the likelihood of attacks or prevent them all together. So, I’m going to give a basic demonstration on one of the most basic methods of password cracking – brute force calculation.

Brute-force cracking is a method by which the computer attempts to crack a password by using every possible combination of passwords until it finds a match. The time it takes to crack a password depends on the length of the password and the speed of the computer. The longer the password, the longer it takes to crack a password, and the more powerful the computer, the faster it can crack the password. The following picture shows how quickly a slow program that I wrote (in the computing world) – in Microsoft Excel – can crack a 4-digit password with a set of 94 printable ASCII characters (click to enlarge):

For 10 trials, it took Excel an average of 14 seconds to break each password.

As you can see, it took an average of 14 seconds for Excel to crack each password – and these aren’t your typical “dumb” passwords either. Combinations like “$HSp,” “DXxg,” and “<9N” extended out to 8 or more characters would be impossible for a human to guess and would be considered “good” by today’s standards. With brute-force calculation human creativity with respect to password creation doesn’t matter – since the computer checks all the combinations, theoretically, given enough time it will surely find with 100% probability, the password.

Luckily, the most powerful tool we humans have against this sort of attack is password length. From a library of 94 printable ASCII characters, each additional character in a password will make the computer work 94 times longer. For instance, it took about 0.005 seconds to crack a password of length 1, 0.07 seconds to crack a password of length 2, 1 second to crack a password of length 3, 14 seconds for 4, 196 seconds for 5, and so on:

The time it takes for Excel to find a match exhibits exponential growth.

As you can see, a password of length 12 will take about 700 years for my computer to solve, not including the time it takes to simulate keystrokes and button clicks, navigate dialog boxes, and so on. The simple solution? Make your password long! A long password means most people will not bother to use this method given current technological constraints. Of course, this presents a much bigger problem when we’re talking about governments, who control supercomputers that are much, much faster than what we can buy in the store. In this case, simple passwords won’t cut it.

Now the exciting part! I know you are all dying to see the code, so here it is in all its glory. It’s remarkably simple, and only takes up about 65 lines of code in three modules. Here’s the first one:

[sourcecode]
Option Explicit

Sub test(compstring As String, pstring As String, places As Long, attempts As Double, matchfound As Range)

If matchfound = True Then Exit Sub

Dim x As Integer, breaker As String

For x = 33 To 126 ‘ASCII character codes 33 to 126
breaker = pstring & Chr(x)
If places > 1 Then Call test(compstring, breaker, places – 1, attempts, matchfound)
attempts = attempts + 1
If compstring = breaker Then
matchfound.Offset(0, -1).Value = attempts
matchfound.Value = "True"
Exit Sub
End If
Next x

End Sub
[/sourcecode]

This module is the heart of the program. What it does is it takes five arguments, the first of which is the original, randomly generated password. Of course in the real world we wouldn’t actually know the password, so this, and the code taking action upon the values passed by this variable, will probably deal with pressing the enter button and seeing if we gain access. Anyway, the second argument is the comparison string used to break the password. The third argument specifies the length of the comparison string, the fourth argument keeps track of the number of attempts, and the fifth argument is a range that refers to a boolean telling us if we’ve successfully reached our goal.

Now, in the real world we wouldn’t know the length of the password, so I had to create a procedure that would automatically increase the length of the comparison string if a match wasn’t found by the end of all the iterations for the current length. At first I tried using loops, but I found that it was much easier to conceptualize a recursive procedure than a looping procedure. I think loops tend to be more efficient, but recursive functions may be a lot easier to read and I think in this case it gives the reader a better understanding of what is going on. When the procedure runs out of combinations of a given length, it calls itself, incrementing the places argument by one to increment the length of the comparison string.

The other modules are higher level modules that control this procedure. They aren’t as exciting, but here’s the second one:

[sourcecode]

Sub main(anchor As Range, digits As Long)

Dim password As String, truthrange As Range
Dim m As Long, bdigits As Long
Dim exectime As Single
Dim exectime2 As Date

exectime = Timer
exectime2 = Now()
bdigits = 1
password = ""

For m = 1 To digits
password = password & Chr(WorksheetFunction.RandBetween(33, 126))
Next m

anchor.Value = "’" & password
Set truthrange = anchor.Offset(0, 2)
truthrange.Value = "False"

Do Until truthrange.Value = True
Call test(password, "", bdigits, 0, truthrange)
bdigits = bdigits + 1
Loop

anchor.Offset(0, 3).Value = Format(Now() – exectime2, "hh:mm:ss")
anchor.Offset(0, 4).Value = Format(Timer – exectime, "00.00000")

End Sub

[/sourcecode]

This module generates a random string which we designate as our password, feeds it into the first module and keeps track of the execution time. It also contains methods for printing the results on the screen. Here’s the third module:

[sourcecode]

Sub macromain()

Dim i As Integer, trials As Integer, digits As Long

Application.ScreenUpdating = False
Application.Calculation = xlCalculationManual

Intersect(Sheets("sheet1").UsedRange, Range("A2:E1048576")).ClearContents

trials = Range("TRIALS")
digits = Range("Digits")

For i = 2 To trials + 1
Call main(Range("A" & i), digits)
Next i

Application.ScreenUpdating = True
Application.Calculation = xlCalculationAutomatic

End Sub

[/sourcecode]

This third module takes user input found on the spreadsheet page indicating the desired number of trials and password length, and feeds this information into the second module. Right now it runs pretty slow and is only programmed to run on one core. My computer at home has three cores and if I can get them to calculate combinations starting from different places in the ranges of ASCII character codes (different places in the range 33 to 126), I can get it to run three times as fast, in my opinion. But that will be for the distant future. One of the more immediate goals I can achieve is GUI programming with keyboard stroke and button clicking simulation to emulate how a human navigates password dialog and text boxes.

And that’s it! What lesson did we learn here?

1) Make your passwords long!
2) For administrators, lock users out if they cannot correctly type in the password after 3-5 attempts. This will prevent the computer from trying the millions of combinations necessary.
3) Check your login data to see if anything looks unusual! If you see a login at a time you did not log in, someone may have taken your data.
4) Always, always use different passwords for different accounts, and don’t reuse your passwords. This will require the thugs to run a new brute force for every account, or find another solution elsewhere.
5) If you have time, spend it on learning how to secure your information. You won’t regret it!

Thanks for reading!

Hey everyone,

Today I thought of a small coding exercise for me to do to work on algorithm building – I decided to write a program that converts positive decimal numbers to binary numbers. I knew that I could probably find plenty of examples on the web of this algorithm, but I decided to find out for myself how the conversion worked before looking for any help. Anyhow, one method of algorithm discovery involves the application of that algorithm to a specific example known to be true, and then using that example to pick apart the steps. What I mean is that many of us use algorithms every day in order to solve problems without realizing it or understanding it. For instance, most of you have probably used the division algorithm daily ever since you learned it in kindergarten – for instance, to divide 7 by 2 we subtract the product of 3 and 2 from 7 to obtain the remainder 1. Thus, 7 divided by 2 equals 3 remainder 1. However, how do we know that this algorithm works every single time for every pair of integers? Fortunately prior math enthusiasts have given us a logically rigorous explanation. Looks more complicated when printed, right?

Now, let’s examine how to find the binary value of the integer 27. First, let me give a brief description on how binary values work. In the binary system, every digit of a number is represented by either 1 or 0, in contrast to our common base-10 system, or decimal system, in which each digit may be represented by 0,1,2,3,4,5,6,7,8, or 9. For instance 1 in base-10 is 1 in base-2, 2 in base-10 is 2 in base-2, 3 in base-10 is 11 in base-2, 4 in base-10 is 100 in base-2, and so on, and so forth. In base-2, 10 is twice as much as 1, 100 is twice as much as 10, 1000 is twice as much as 100, and in this manner each digit represents a unit that is twice as large as the digit to the right of it. Check out the link on the binary system to learn more.

Let’s go back to 27. You could try counting in binary (1, 10, 11, 100, 101, …) but that would take too long and would be cumbersome to program. An alternative method we could try is to break up the number 27 into different binary unit values (1000’s, 100’s, 10’s, 1’s), add them up and obtain the final binary representation. However, how many digits would the resulting binary number be? We can’t deduce the answer simply by staring at 27, so let’s try to divide by 2 and see what happens. After dividing 27 by 2, we get 13 remainder 1. What happens if we divide 13 by 2? We get 6 remainder 1. Dividing 6 by 2 gives us 3, and dividing 3 by 2 gives us 1 remainder 1. Note that we applied the division algorithm 4 times. It just so happens that 2^4 = 16, and that 10^4 = 10000. We know that 10000 in binary is equal to 16 in decimal because 10 in binary is equal to 2 in decimal and 10x10x10x10 in binary is equal to 2x2x2x2 in decimal. Thus, we know that 16 out of our original 27 consists of 10000 in binary. What about the other 27 – 16 = 11? We then take 11 and divide that by 2 to obtain 5 remainder 1, divide 5 by 2 to obtain 2 remainder 1, and divide by 2 to obtain 1. In this next round of divisions we have applied division by 2, 3 times. Thus 10x10x10 = 1000 in binary, which is equal to 8 in decimal. Now we have 11-8 = 3 remaining to consider. We divide 3 by 2 to obtain 1 remainder 1. We have applied division by 2 once, so 10 in binary is equal to 2 in decimal. Now we only have 3-2 = 1 remaining and 1 in decimal is equal to 1 in binary. So, we know that 16 + 8 + 2 + 1 in decimal is equal to 10000 + 1000 + 10 + 1 = 11011 in binary…success!

I must stress that this does not prove that the algorithm works – it has only worked in this one particular instance. However, this instance has shed some light, at least for now until I actually gain the knowledge to do a mathematically rigorous proof – which won’t be coming in a long time!

Using this example as a guide I wrote down some code:

[sourcecode language=”css”]
//Decimal to Binary Conversion

#include <iostream>
#include <cmath>
using namespace std;

const int base = 2;
long long baseconv(long);

int main()
{
long long inputval;

cout << "Enter an integer: _b";
cin >> inputval;
cout << inputval << " is " << baseconv(inputval) << " in binary!" << endl;
return 0;
}

long long baseconv(long input)
{
long long baseconv;
long long updater;
long long dival;
long digitcount;
baseconv = 0;

while (input > base – 1)
{
digitcount = 0;
dival = input;
while (dival > base – 1)
{
dival = dival / 2;
digitcount = digitcount + 1;
}
updater = pow(base, digitcount);
baseconv = baseconv + (pow(10,digitcount));
input = input – updater;
}
baseconv = baseconv + input;
return baseconv;
}

[/sourcecode]

Here’s an example of the output:

I’m running out of time so I don’t want to go into every single detail over this program, but in a nutshell, the program splits the input integer into separate binary parts, then adds the binary parts together in order to obtain the result. Unfortunately, the memory limitations of c++ do not allow me to convert very large integers, such as 1234123412341234. See what happens when I try to convert this value:

Also, the program does not work with negative values, so those will be two things that I will work on in the near future. I also spent the time to port the program into VBA, and I changed it to do conversions from base-10 to any base the user chooses:

[sourcecode language=”css”]
Function BASECONV(inputval As Long, base As Integer) As Variant

Dim dival As Long
Dim digitcount As Integer
Dim updater As Long

BASECONV = 0

Do While (inputval > base – 1)
digitcount = 0
dival = inputval
Do While (dival > base – 1)
dival = dival base
digitcount = digitcount + 1
Loop
updater = base ^ digitcount
BASECONV = BASECONV + (10 ^ digitcount)
inputval = inputval – updater
Loop

BASECONV = BASECONV + inputval

End Function
[/sourcecode]

Notice how much more efficient the code is! That’s because VBA is at a much higher level than C++, so there are a lot more built-in functions that do the work for you. Here’s an example of the output: