另一種不用加密也可保護你密碼的方法

之前有人提出了一個令黑客就算完全知道你密碼也無法進入你戶口/帳戶的方法,就算黑客用暴力破解法,因為每次系統要求的資料不同,所以此破解法也會失效。其實,發明者忽略了保護密碼在之前還有一個步驟,就是輸入密碼,只要黑客不是親身在場去抄低你的密碼,我就有辦令這些專記錄使用者所有鍵入的資料的木馬程式失效。
我的思路是針對此類記錄程式最大的弱點,它把所有鍵入的資料以順序來儲存, 好像是假設使用者只會同時使用一個程序,然後依順序先輸入戶口名稱及密碼,用者只要打破這個最方便使用者的腦神經運作的輸入名稱及密碼順序,由於此類記錄程式不能知道使用者是在什麼樣的情況下輸入它所記錄的資料,只能假設使用者的使用模式再從資料中反推出名稱和密碼,例如從name[enter]password[enter]中的name得知它為戶口的登入名稱,之後輸入的就一定是它的密碼。假如使用者不依此規則來輸入戶口名稱和密碼,如n[Tab]pa[mouse click]a[Tab]ss[mouse click]m[Tab]wo[mouse click]e[Tab]rd[return],由於黑客無法事先知道使用者是以悔花間竹式輸入戶口名稱及密碼,所以得到了鍵入的資料也無法重新組合出戶口名稱及密碼,甚至不能得知使用者輸入資料用來做什麼,破解戶口名稱及密碼無從談起(除非使用者長期都是用同一組模式來輸入戶口名稱及密碼,這時黑客會留意到有一些不斷重複出現的資料模式)。
我現在只是用了最簡單的方式去實現我此一針對記錄程式的弱點,實際上可以用不只用此一方法,例如不一定要依上列順序先戶口名稱再密碼不斷重複,使用者大可以隨自己喜歡的順序來把戶口名稱及密碼拆來輸入,同時亦沒有規定每次輸入戶口名稱一定要每次1字,然後夾2字密碼,因此,使用者大可以用n[Tab]p[mouse click]a[Tab]as[mouse click]m[Tab]swo[mouse click]e[Tab]rd[return],一共有38種組合(假設一定是把戶口名稱及密碼各拆成4組),而此類軟件不能讀使用者的心,所以變成有資料也無法破解戶口名稱及密碼。聰明的讀者還可以想到因為有[Backspace]一鍵,使用者甚至可以故意加入戶口名稱及密碼中不存在的字元來混淆黑客,只要此類記錄程式無法得知使用者用[Backspace]一鍵消去了什麼多餘的字元時,黑客同樣是得物無所用;我還沒有提及當使用者在同時登入數個戶口時,故意把各戶口名稱搭上不是該戶口的密碼的組合呢!

如何去解n次方的可分解不等式

我記得在中二時,數學老師叫我們依書本提供的方法去解2/3次方的不等式絕對是一件苦差,先嘗試把2/3次方的不等式因式分解成2/3個不等式的因子,然後再逐個個去試去解,一條數最快也要10分鐘才解完,做完數學功課,電視的兒童節目也做完了。於是我當時就想出了一個可大量節省時間的方法,看箸別人埋頭苦幹時自己可自由發夢,別有快感,不知現在愈來愈貴的教科書有沒有比以前進步,編者想到我想到的方法?(鄭重聲明,未經我同意教科書不可以拿來作謀利用途!)

這個方法其實用了邏緝作輔助,所以提高了效率。流程是這樣的,首先自然是把n次方的不等式化成n個因子,然後把所有不等式除以x的乘積,如三條不等式分別是:(2x-3)(3x-5)(4x-8)>0,則我們可分別列出(x-3/2)(x-5/3)(x-2)>0,再把所有因子用x的0次方的項數由小至大加以排列,即(x-3/2)(x-5/3)(x-2)>0,考慮到在任何自然數集下此關係一定為真(x-3/2)>(x-5 /3)>(x-2),現在再去思考一下,如果要三個因式的乘積為正,因為3是單數,所以一是3者同為正值,另外唯一可能性是首項為正,後兩項為負。在前一種情況,只要數值永遠為最少的一項即第三項為正值,其餘不可能變成負值,所以只要(x-2)>0或x>2則為此不等式的其中一解;在後一種情況,即首項為正值,後兩項為負值,首項為正即(x-3/2)>0或x>3/2及x-5/3<0或x<5/3(第三項可以不理),所以第二解為3/2換句話說,答案為3/22。

同理,要是我們要解(2x-3)(3x-5)(4x-8)<0,即(x-3/2)(x-5/3)(x-2)<0,我們已知在任何自然數集下此關係一定為真(x-3/2)>(x-5/3)>(x-2),再因為3是單數,要3個數的乘積為負數,只有兩個可能,一是三項因式同為負值,二是因式數值最細者為負,其餘因式為正。所以,要三項因式同為負值,只要首項為負值即可,所以即(x-3/2)<0或x<3/2;另外,要第三項為負及第二項為正,即(x-2)<0或x<2及(x-5/3)>0或x>5/3,所以解為2>x>5/3。
換句話說,答案為x<3/2及2>x>5/3。

用了此一方法去幫助,一條n次方的不等式,最多是考慮n+1次而不像傳統教科書要考慮2^n次,然後再用負數的單次次方一定為負數,負數的雙次次方一定為正數,正數的單雙數次次方一定為正數,尚可再減低要考慮的次數,例如要解一條7次方大於零的不等式,我們只要考慮分別是尾兩項、四項及六項為負的情況即可以。如此才算是教科書的增值,不是會叫會唱的容祖兒頭像在唱1+1=2!

One World, One Dream: Take down the Great Firewall!

Hello brothers and sisters in hacking,

Since advent of computer, hacker has been playing a critical role in the advancement of humanity from Linux to Internet. However, the most repressive regime of People’s Republic of China has transform China into biggest prison of all time. People has no right of movement, no speech freedom and no freedom of thought. How does it enforce all this: The Great Firewall with corroboration of evil corporation like Microsoft and Google. It do much more than a mere censorship tool, it a powerful tool to manipulate the public opinion, it create a false impression that people of China would approve the act of government. It turn civilian into mob ready to attack anything China government doesn’t like at its order. What good does Internet brought to China when Great Firewall is there?

So, my wish is you wish is very simple: Let’s take down the last wall separating the most populous country from the rest of world. Return the Right of Information to the Chinese, and let Chinese join the rest of the world. Take down the wall of Babel!

One world, One dream: Break the electronic Great wall

To win a lottery using Mathematics(2)

It would be difficult to illustrate without giving an concrete example, suppose you define the higher the sum of score of three dice as an indication of luckiness. At one day, you are not feeling lucky, and you draw the lowest sum of all: one, one, one, that has 1 out of 216 chance to happen. i.e. If we can rank what is most lucky and what is most unlucky, you are in the 216th of 216 ranks. Then you brought a quick pick of 6 numbers: 1,2,3,4,5,6; since you know that is not your lucky day, the chance of this number to appear in the lottery is 1/216. You can thus advise your friend not to pick any number from 1 to 6, which increase their chance of winning slightly. You can repeat the process to eliminate other numbers like 7,8,9,10,11,12; 13,14,15,16,17,18; 19,20,21,22,23,24; 25,26,27,28,29,30… until all but 6 number remained. That is something unusual given the computer picked number are most likely to repeated in each ticket. To fit the definition of being unlucky, it should reduce your chance of winning the lottery regardless of which strategy you devised to defeat it. So you should be expected to see a lot of overlapping numbers from each of the ticket your brought, because that would realistically defeat the scheme I devise here, otherwise the idea of a luckiness index is invalid. Say you have the worst luck of all, you have a repeat rate of five out of six(i.e., Given the first quick pick is 1,2,3,4,5,6; next quick pick is 2,3,4,5,6,7; and the 3th quick pick is 3,4,5,6,7,8), and it take you 37 more picks to eliminate all but 6 number out of 49. Nevertheless, you can pretty assured that the remaining number has a much higher chance (215/216) of appearing in the lottery.
On the other end, if you have the best of luck but not enough to win a lottery, this method could increase your chance of winning the lottery. How? Because which number doesn't appear in the quick pick must have a much lower chance to appear in lottery. You can apply this method in opposition direction. Since you are luck, it follows that the number of repeated number should be less for you to eliminate the one which has lower chance of winning the lotter.
Suppose we now have 216 people has luck ranked from 1 to 216th. If each of them buy a quick pick lottery ticket, since there is only one combination 6 out of 49 number that can win a lottery regardless of the luck of each buyer. We could easily use a computer program to guess which six number better fitted with 216 hypothesis that the chance of winning the lottery is reflected in luckiness index by throwing the dice three times. Of course, to further increase the number of quick pick that each person brought. For instance, each of them can get 6 quick pick, what the computer software has to do now is first evaluate 1296 hypothesis of different level of luckiness to get a coherent picture of the chance of each number appears in the lottery number; then evaluate the 36 hypothesis for fixed level of luckiness. So the computer can arrive at a coherent picture of the probability distribution of each number, and advise the best number to pick from.

Who would like to write such a computer software? It is just a lot of Mathematics. It can even apply this method in opposite, advising the buyer how many more quick picks to buy to maximize his/her chance of winning the lottery.

The opposite of unlucky is lucky. Shouldn't that lucky is the opposite of opposite of lucky?

An alternative method to solve inequalities of Nth degree

I remember when I was in Middle School, it was a pain for other student to solve the quadratic and cubic inequalities. What the textbook taught is what I seen as a stupid and time-wasting method: Just like solving the quadratic and cubic inequalities, we first need to need all the terms in one side so we factorize it into their factors; then they list the factor and individually determine the signs of each factor. The stupidity lays in the need to determine the sign of each factor individually, I devise a faster method at that time.

I was thinking at that time, since all these factors are related, why must be they be deal with individually? Obviously, since all of them are referring to a single variable x, i.e. the signs of each factor are not independent, why we can’t take advantage of their inter-relationships? What is the implicit inter-relationship between the factors? If we transform all of the factor into comparable form, then we can list them in ascending or descending sequences like this: x+1>x-3>x-3/4… etc. Now, clever reader may already see the trick I play here: The central idea is we can save ourselves a few steps because we can’t have the case which a Greater factor being negative while a Smaller factor being positive. Thus we can list all feasible (and logical) case for the signs of the factors to be determined instead of blindly list ALL THE POSSIBLE case.

To save us more step, we know that we require an odd number of negative factor to resulted into negative, and we require an even number of negative factor to resulted into positive. And the result of multiplication of all positive factor must resulted into positive number.

Thus, we can draw the boundary somewhere in the factors. Assume one factor is being positive, then any factor which is greater than that factor would always be positive; and any factor smaller than that factor would always be negative. Thus, in the case of x+1>x-3>x-3/4, if we assume X+1>0, then we must have x-3<(x-3/4)<0,>-1 is the solution for (x+1)(x-3)(x-3/4)>0; now if we assume x-3>0, then we must have x+1>0 and x-3/4<0,>3 as the solution for (x+1)(x-3)(x-3/4)<0.>0, since then we must have x+1>x-3>x-3/4>0, therefore x>3/4 is the solution for (x+1)(x-3)(x-3/4)>0. Similarly, if we assume x+1<0,>(x-3)>(x-3/4), therefore x<-1 is the solution for (x+1)(x-3)(x-3/4)<0.

Using this methodology, an inequality of n-th degree only need to be evaluate n+1 times at maximum instead of evaluating 2^n times. Plus, using logical deduction with the axioms which only odd number of negative factor will result in negative number; and only even number of negative factor would guarantee a positive number, we can further reduce the cases which we need to evaluate. For instance, if we want to solve a seven factors inequality which is greater than zero, we can only cases of 2 negative, 4 negative, 6 negative factors and no negative factors.

To win a lottery through Mathematics?

There are various approaches to increase the chance of winning in a lottery, in a sense, they attempt to encircle the winning lottery numbers. However, we all know that it is mathematically impossible to accurately predict the winning number by sheer calculation. That is because of Gauss’s theorem which require minimum n different equations to solve for n unknown, but any approaches would give less equation than what is needed for solving the unknown.

My solution is to add one more variable into the equations: Luck. That is assume the luck factor is uniformly distributed across day, and that is knowable using methods of testing. (For instance, if u desire large number then throw dice for three consecutive times and get three six. So you are lucky because it has a chance of 1/216, which translated into you have the luck of 1-1/216=215/216 chance of winning.) Theoretically, since we now know the chance of winning and the number you pick then we can reverse-engineer the lottery numbers (use the number auto-selection lottery tickets since it is neutral in a sense). To increase the certainty of the winning numbers, a more sophisticated method is to ask several of your friends to get their luck factor, and ask them to pick the numbers. Since it is known that the chance of you and your friend for winning the lottery, we could thus estimate the number that has the highest chance of winning the lottery by correlate the numbers they pick and the chance of winning.

Actually, I do have an easier method for practice, but that require a sensitivity of your own luck. My method is to choose a day which you had absolutely worst luck. Do not choose the numbers yourself but use auto-selection from the computer(or in any sense that is selected for you by other.) Get as many of those lottery tickets as possible, then eliminate the repeated numbers. Then you have a set of numbers that you know which is extremely unlikely to win(otherwise you would win just by buying these auto-selected number). So what is left is what has a much higher probability to win. Suppose it require you to pick 9 out of 64, what you need is just to find a way to eliminate 55 numbers. If you buy a number of auto-selection lottery tickets, which you just happen to have 55 non-repeating numbers, then you just need to ask a friend to buy the remaining 9 numbers. Make sure s/he will pay you, and make sure you granted me one wish, it is your obligation to fulfill that wish regardless of its nature in case you win the lottery using this method.

Tao and Democracy

I admit my understanding and interpretation of Taoist may not be standard, that is the best I could get. I try to be as faithful to the original meaning of the text in this blog as possible.

One of the Taoist classic has the name ‘The name of Change’, so Tao is about change occur in nature. Tao is about how change take place and how to adapt to the change and how to led the change. Therefore I concluded that Chinese Communist Party is acting against Tao when it is turning Republican system into dictatorship which is not structurally different than other Chinese dynasties. Thus it is destinate to have result as other dynasties as dictated by its internal logic.

The reason that I consider Chinese Communist Party is against Tao is due to its general altitude toward Democracy in China and in Hong Kong. As every Hong Kong citizen understand, it is not that we are not ready to have universal suffrage, since similar proposal was already in place as early as 1985; it is that Beijing is not ready to see fully democracy happened in its country. While it can’t turn the clock back, it is doing its best to slow down the process as much as possible.

Why Democracy is more compatible with Tao than Dictatorship? Because Democracy is an unchangeable system that allow change to happen in an orderly and efficient manner which minimize the social cost associated with it. The purpose of Democracy is keep the governorship updated according to the will of people and the current situation, thus ensure that the country as a whole could adapt to the change take place internally and externally. Democracy is a way to give change an unchangeable structure. Thus change and unchanged in harmony, the change(of government) is possible due to the unchanged(political system/culture/spirit/economic), and unchanged is maintained by the change. Instead of fighting the change in names of harmony and stability like Chinese Communist Party, Democracy absorb the change to better itself. It is unchangeable in the sense that it promote change, it live with change; it is anything other than fighting against change.

However, Chinese Communist Party can’t tolerate any change that outside its scope of its control. The idea that it can control everything, and everything must be under its control for the best of itself (forcible intentionality) is the exact opposite of the naturalism spirit contained in Taoism. As Democracy allow change, permit change or promote change; it understand change in the sense that it tolerate a sense of uncertainty (in which law is being adopted, the result of each election, demonstration/social movement, decision of court on interpretation of law). That scope of uncertainty is how the society as a whole could grow and develop. As Taoism asserts, Plants and animals are best developed without unnecessary hindrance from human being imposing their intention on them. Thus country as a whole is best developed when nobody/group on the top imposing his/her idea on the people, guiding every aspect of their lives; that corresponding to the idea of freedom. Thus Taoist text implicate the importance of Freedom and Democracy over five thousand years.

Yet Another Method to secure your password without encrpytion

Some has devised a pretty sophisticated method to defeat the Brute Force method in breaking in computer accounts, that method could also defeat the infamous key-logging method. Because both methods relies on systematic nature of the password-entering process, if it is not systematic and well-organized, that certainly increase the computational cost of accessing the account without knowing the password. What then we see is to how that method is implemented, and what computational constraint we have in that method.

My method here is never intended as a competition because is too simple and straight-forward. To break the security risk associated with key-logging program and brute force method, we only need to increase the level of ‘disorder’ of the information collected by them. That method is taking advantage of the cracker that has no idea of what consist of the targeted password. Now the method I provide here also use that idea but in a slightly different way.

My ideas are:
A. Instead of asking for the password in its original sequence, the program would ask for the password in an arbitrary order formed at the moment (which is displayed as a picture). Now if the password contain 5 digits, there are altogether 120 combinations even if the crack know all the digits; and if the password has 10 digits, there are altogether 10! of combination to guess. If we program the machine so that any three invalid guess require a break of 15 minutes between next input. Former cases require 10 hours to crack, and the later case require 30 years to crack.

B. To further increase the difficult of the cases, the program would add random character to the password for entrance. The user is required to enter also the generated-on-site character, that is to confuse the key-logging program. Moreover, that added into the time required for brute-force method to work, excluding symbols, adding one digit would increase their average succeed time by about 40 times. Bear in mind that both key-logging software and brute-force program is unable to know those generated-on-site characters.

C. In the same vein of B and A, sometimes the program would NOT ask for the whole password. Instead it may just ask for the digits in the random sequence it just created, for instance, in the order of 3456, 253, 421. As a whole, every digits of the password is asked. However, that added to the confusion of brute-force and key-logging software since they don’t have any information of the order of the sequence (Nobody including the programmer of the program would know). They have information but it is not very useful to them.

*D. Now to make this method unbreakable, the password would be updated according to a formula that is either given before the operation or a formula that is generated on-site in random interval. It maybe that in next time, the fifth digit is increased by 1, or the fourth character is ‘decreased’ by 3… etc. The information is again useless to the cracker since s/he doesn’t know the original password.

Presumably, cracker could break this method by taking snapshot of the screen which the password is entered. However, in some case it is impossible to do so; and in other cases it would require Artificial Intelligence program to identify the digits in the picture, then analysis the data inputed. That would increase the difficulties of cracker by at least thousand-fold compare to existing method.

Who would like to write such a program?