Wednesday, October 25, 2006

Practice what you preach...

Today morning I received a mail (via listserv) from Dr Du. He wanted to fix the time slot for a make up class as he was going to attend a conference during the regular class hours. Here is the mail he sent us:
I have proposed the following 3 time slots. Unfortunately, so far, there
is an exactly one conflict for each of them. Since there is a 3-way tie, I
need to pick one randomly.

(1) 11:00 - 12:20
(2) 13:00 - 14:20
(3) 14:00 - 15:20

What makes this thing interesting is that I also have my own preference.
How can I pick one while convincing you that this is picked randomly, not
based on my preference?

To demonstrate an important application of one-way hash function, I would
like to propose a protocol to generate a number S (S will be 1, 2, or 3).
The S-th time slot described above will be picked. There is an important
requirement: S must be random; neither I nor you can control the value of
S. Let's conduct this protocol through emails.

(1) You pick a string M: Whoever reads this email first, please send me
any string you like (please send to this mailing list, so we all know the
string). Let's call this string M.

(2) I also pick a string K: I cannot tell you my string at this moment
(think about why). However, I need to tell you something, so I cannot
change my string after seeing your string M (think about why I want to
change my string). Therefore, I am sending you the md5 hash value of my
string. Here it is: 1c4bfe13bf159f26ddd23926b7376b14

(3) After receiving your string M, I will generate an HMAC_MD5 value on M,
using my K as the key. We will get a 16-byte number.

(4) Let D represent the last byte (the least significant byte) of the
HMAC_MD5 value. I will compute S = (D % 3) + 1. This result S will be our
final decision.

Question: is this protocol fair? Can anybody (you or me) control the
outcome? Please think about this, and we will talk about it in our class.

Now, I am waiting for your string. If you are the first one to read this
email, please send us a string of any length. I assume there is at least
one hard-working student in this class. If nobody sends a string by 8:00am
tomorrow. I will use M = "AAABBBCCCDDD", and generate a decision.

- Kevin
(published with permission)

Is there a better was to teach Internet security?? ... practice what you preach


  1. ohh dat tells me dat m definitely taking isec next fall...

  2. hmmm... dont miss out on computer sec next sem though..

  3. nice. what happens with an empty string?

  4. In this case he would have used "AAABBBCCCDDD" as a string if we did not supply him a string.

    In real world I think its implementation dependent. The algo could as well pad the null string with zeros and generate a hash or not generate anything at all...