Archive for the 'Protocols' Category

Me v Wordle: Redux

Wednesday 10th March 2010

After all those hours of effort trying to control Wordle’s opinion of me in the end the Dev8D organisers didn’t use the single-post URL I’d provided to create my Wordle badge – they used the whole blog feed. I didn’t mind though. The badges, which I’d expected to be of the lapel variety and therefore easily readable, were actually in a kind of laminate pass holder which hung from our necks almost down to waist level, rather too low to read comfortably. The colour scheme was very muted too – someone would really have peer at it quite close to in order to make out most of the words. And, had anyone done so, I wouldn’t have been unhappy with the words there anyway.

While this exercise was ultimately futile for its original purpose, I still found it interesting (otherwise I wouldn’t have spent so long on it!) to consider how I might represent myself in a few words, and then sculpting an article specifically to get that result out of Wordle, but making the article a real piece of prose about the very process of its own construction. As I said, I’m a fan of self-reference. But I wonder if this can also be considered, perhaps loosely, a kind of steganography. While it contains no encryption, the article has a deeper purpose which — had I not explicitly made it the subject of the article, but instead concealed it — could be entirely hidden from view. I suppose it’s a fairly basic cipher to encode hidden messages inside a larger article according to the word frequency… but Wordle does a bit more than that. I think that, in controlled circumstances, Wordle’s output can be made reproducible for a given input and set of parameters. In which case, it would be feasible to conceal messages in a way that could not be calculated from the text alone, that could not be reliably decoded without the additional knowledge of which website it needs to be pumped through, the precise configuration parameters to use, and what further processing is required on the result — say, the message could be in just the words that Wordle makes a particular colour in one of its fixed palettes, or that are given a certain orientation.

Indeed, as Wordle’s precise algorithm is secret due to patent issues, the precise layout for a given set of parameters might be rather unpredictable without actually trying it. That makes Wordle a kind of public-private key pair, the public key being the set of parameters fed into the engine, and the private key being the secret method by which Wordle transforms those parameters into a layout. This transformation is probably relatively feasible to work out by trial-and-error, and in any case the number of configuration permutations is sufficiently low that if necessary the results of all of them could be tested and mapped fairly easily, so it only offers a fairly low security cipher. But you gain added security from the fact that very existence of a hidden message is steganographically concealed within the larger article, and, perhaps even more so, from the surprising and obscure means chosen to conceal it!

Ok, so I’ve given the game away now. If you’ve been quietly hiding secret messages in Wordle tag clouds for ages… sorry. If not, don’t start now, they’ll be onto you. But, more generally, using innocent third-party web applications as a kind of cipher function might have potential. You’d have to ensure that the output from the website isn’t just the pure decoded message, otherwise the third party has it as well. Some sort of post-processing which requires pre-shared secret knowledge is key. This could include things like piping your message through multiple web applications, either serially or in parallel, with each contributing some small part of the overall message, which can only be merged into the whole by someone with an additional piece of knowledge of how that needs to be done.

These are just idle thought experiments… I don’t advise anyone to actually use this technique for anything really secret! There are several obvious weaknesses, although they can probably be ameliorated. However, I believe it’s worth considering novel means of passing around secrets. If quantum computers actually happen as the physicists predict, all current encryption technology may be rendered useless at a stroke, as it all relies on a computationally-unfeasible mathematical problem that, theoretically, quantum computers could make feasible to solve quickly. Quantum computers also themselves have the potential to offer novel encryption techniques, but at the moment, no-one really knows how these things are going to behave… and, for a while anyway, quantum computers will be the preserve of rich governments, corporations, and other organised well-funded criminal gangs… so us ordinary folk will be at a disadvantage. The survival of our networks might depend on us being a little bit cunning…

Using mutt on Linux to transfer your old mbox mail folders onto GMail

Saturday 4th July 2009

Unlike many webmail providers, Google don’t allow you to upload your folders from your old mail system in mbox format and import them. This is a pretty basic feature if you ask me, they really should.

There are a number of alternative ways. GMail does support fetching from other mail servers via POP3 (but not IMAP, another strange omission), so if your mail is all in your inbox at the old place that might work, but mine is organised into several folders, and I want to keep that organisation damnit!

Needless to say, someone has written a nice piece of software to do the job; in this case Mark Lyon’s GML. I was about to give this a whirl, but while I was waiting for the requisite Python lib to install, I found a much simpler way… click to read on…

(more…)