Page 2 of 2 First 12
  • Jump to page:
    #16
  1. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,638
    Rep Power
    4247
    Glad we got that cleared up. I thought it was Dr. S.K. because you mentioned that the guy was Head of Dept and Dr. S.K.'s description said that he was a Head of Dept. I figured he was calling himself Dr. now because he got his PhD done. So it was the other author, eh.

    BTW, I actually looked at the paper's contents and it is a miracle that it got published at all. It was pretty well loaded with a lot of buzzwords, but very little in terms of algorithm or technique AND some massive holes in logic that I could drive a truck through. It was the epitome of the saying, "if you can't blind them with brillance, baffle them with bullsh*t". Want me to critique it here?? (I won't link to the paper for privacy concerns, but may I discuss its contents here and the holes in it?)
    Last edited by Scorpions4ever; April 12th, 2013 at 02:55 AM.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  2. #17
  3. Hats off to Mr. Joseph donahue
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2009
    Posts
    752
    Rep Power
    1107
    Originally Posted by Scorpions4ever
    I won't link to the paper for privacy concerns, but may I discuss its contents here and the holes in it?
    I kind of wished that some one from here took a look into it. The only proper data that is there in the paper is in the form of that graph comparing the two algorithms (which btw is mine). Funny thing is it's very easy to prove that he had absolutely no idea of what he was doing. Allow me to explain.

    There are two implementations of MD5 algorithms under question:
    1. Conversion of RFC1321 from C to Java -> aka "Simple MD5 Implementation"
    2. A bareback no security implementation designed for speed -> aka "Revised MD5 Implementation" as I named them while coding.

    Take a look at the first screenshot of Command prompt which is captioned as "Sample Output By Implemented Version Of Md-5 Hash" and then Look at the third line from the top in the screenshot. The screenshot is clearly of the 1st implementation, while what he really wanted was the screenshot of the second implementation aka the "implemented version" inferring by the legends in the graph.

    In short he had the screenshots mixed up and published the test page from my project which only shows that the algorithm is indeed MD5 algorithm, the test cases being given in the RFC itself; thus no point in publishing it.
    The actual screenshot should have displayed how many milliseconds it took for completing 10000 cycles of each of the test cases, thus relating to the graph.

    Apart from that there are numerous points, which I conveyed to him in one of my emails:
    1. He claims to have added pre-image resistance and collision resistance to the algorithms. The funny thing is that MD5 algorithm in itself is pre-image resistant AFAIK. And he certainly didn't add anything to make it collision resistant.
    2. Here comes the funniest part: The five points below Figure 4 are actually nothing more than Comments in my code, which I never meant for anyone to read. The result? The fifth point about restructuring all the loops never really happened, as I removed all the loops later to increase performance and just wrote down the iterations manually.
    I must have forgot to remove that comment. Talk about having no clue!!
    3. He suggests that the algorithm be used by/between Governments to speed up application and maintain confidence. The very idea of using any MD5 implementation in such sensitive cases is nonsense (as I mentioned under "Limitations of the Project"); I can't imagine using this implementation; The code has more security holes than you can imagine, I really worked hard to ensure that.

    There are countless grammatical and technical mistakes in the paper, one of the reasons why I don't think it was worth the money I spent on it.
    The only thing that I learned from this experience was to stay away from lawyers .

    Now that my analysis is over, I would love to see your version of it. I am sure I will learn a lot.
    ___
    I remembered the day I was showing him my project in the college, I had a hard time explaining to him how to create a jar file in cmd and that manifest files are not just another help file.
    The funny thing is that after all this he had the nerve to suggest that I work for him on another research paper which can be published under our names. Obviously I asked him to get lost!
    Last edited by RAJ_55555; April 12th, 2013 at 11:07 AM.
  4. #18
  5. I <3 ASCII
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Aug 2003
    Posts
    2,400
    Rep Power
    1233
    Originally Posted by RAJ_55555
    From what I heard from my dad, he was later sued by another professor from our college for stealing his work and publishing without his consent. Not sure how that story will end.
    It seems as if no one ever gets caught their first time doing something. There's probably a lot more people out there than the two of you that have been ripped off.

    The funny thing is that after all this he had the nerve to suggest that I work for him on another research paper which can be published under our names. Obviously I asked him to get lost!
    I'm guessing it's cya. If you published something together moving forward he can chalk off your 'lawsuit' as a misunderstanding rather than outright theft.

    Glad to hear it got sorted out to your liking in the end.

    -MBirchmeier

    Comments on this post

    • RAJ_55555 agrees : Thanks, your suggestion to keep quiet served me well :)
  6. #19
  7. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    I agree, go to the dean.

    Unfortunately, this sort of crap is pretty common in Indian schools
    This is pretty common on earth. Remember all the hubbub about the european world leaders who falsified a lot of their PhD credentials and research? American doctors and professors do it too.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  8. #20
  9. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,638
    Rep Power
    4247
    Originally Posted by RAJ_55555
    Now that my analysis is over, I would love to see your version of it. I am sure I will learn a lot.
    I'm ignoring all the spelling mistakes and grammatical errors in the paper, as English is probably not the authors' first language (hell, it isn't my first language either, but I digress.) Here's what I got from reading the paper:

    Briefly, the paper starts by describing a term called "G2G" (Government to Government) where the authors note that there is a need for secure data exchange between two government agencies or two countries. The paper then mentions briefly about hashing and public key cryptography and says that public key cryptography is key to digital signatures. The intro also claims that large amounts of data are exchanged by government agencies, which are done over the internet, which is "unsecure and timeconsuming" and it is required to meet "data integrity, Privacy and Authenticity with less communication costs using available bandwidth."

    Now on to the proposed scheme:
    1. Sender takes a plaintext message M and computes the hash of it using a hashing algorithm like MD5 (call this H1).
    2. The sender encrypts H1 using the private key and produces E.
    3. The sender sends M and E to the receiver over the interwebz.
    4. The receiver computes the MD5 hash of M (call this H2).
    5. The receiver then decrypts E using the sender's public key and gets H1.
    6. The receiver compares H1 and H2 and thereby verifies that the message is unaltered.

    The authors claim that this is more advantageous since RSA is a slow encryption algorithm, therefore it is faster to only encrypt the MD5 hash of the message and not the entire message. Somehow, the fact that the message M might contain confidential data and is transmitted in plain text escapes the authors . Also, the resulting message will be larger because they are sending M + Encrypted(H1) instead of just encrypting M and sending that. So much for their claim of maintaining "Privacy with less communication costs using available bandwidth".

    They also claim that since the encrypted version of the hash H1 (i.e. E) can only be generated by the sender, who is the only one who knows the private key, this authenticates that the message from the sender. First, this assumes that no one but the receiver can decrypt the encrypted MD5 hash using the sender's public key (remember, the public key is publicly available, so anyone can decrypt). They also assume that no one can substitute the message with another one that hashes to the same MD5 hash (more on this below).

    The authors claim that "No two messages produce the same message digest, otherwise message integrity violates. We are using Implemented Version of MD5 which performs better with respect to the standard MD-5 algorithm". Here the authors use Raj's implementation of MD5 (called the "Implemented version of MD5", with no credit to the actual implementor, Raj) and claim that it is faster than the "standard MD-5 algorithm" (which I presume is from Java's java.security.MessageDigest class). Personally, I like Apache's version (org.apache.commons.codec.digest.DigestUtils) myself. Of course, no code is presented in the paper and there is merely a screenshot of a DOS window running some MD5 calculations and another one with some barcharts showing that the "Implemented MD5" is about 40% faster than the "Standard MD5" (Incidentally, the bar graph image calls the "Implemented MD5" as the "Revised MD5 (RMD5)", which I presume is what Raj called his version). Of course, this version is listed as faster because:
    Code:
    i. All methods and classes are made final .
    ii. Used System arraycopy for copying data into array.
    iii. Pre-computed the String lengths and stored.
    iv. Manually Implemented of the getHexString() Method.
    v. Restructuring all the loops.
    Guess it would have been even faster if it was implemented in C or assembler . Since there is no code presented, there is actually no way for anyone else to verify their claims that the "Implemented version" is faster.

    Also the authors claim that "no two messages produce the same message digest, otherwise message integrity violates." This claim is patently incorrect. MD5 has been broken for quite a few years and is not collision resistant. In 2005, one researcher presented some code to construct messages that would hash to any MD5 hash value using a single laptop in under a few hours. He later improved it to make a hash collision in under 30 seconds (and average of 17 seconds on a Pentium-4 desktop!). Since the authors scheme for authentication involves encrypting the MD5 hash with a private key, anyone can decrypt it using the sender's public key, generate another message that hashes to the same MD5 and send that and the encrypted MD5 and this defeats the authors claims of "Authenticity" entirely.

    Then the authors claim that this scheme is useful in a variety of E-XXXX such as "E-District", "E-Tourism Card", "E-Pay", "E-Coordination", "E-Suggestion" and other such "E-Buzzword" terms. It's a good thing they didn't suggest it to be useful for "E-macs" as well .

    Comments on this post

    • RAJ_55555 agrees : I lold so hard at the last line..
    Last edited by Scorpions4ever; April 12th, 2013 at 11:29 PM.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  10. #21
  11. Hats off to Mr. Joseph donahue
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2009
    Posts
    752
    Rep Power
    1107
    I just remembered why I removed the
    "Restructuring all the loops"
    part; i.e. nothing more than restructuring the loops from for(i=0;i<variable;i++) to for(i=variable;--i>=0; ) in my code. I read somewhere that the later was faster.
    However I got rid off all the loops as it removed 16 of the left shift operations in one of the functions thus saving calculation time.

    I also remembered he asked me to write down the exact syntax for executing the jar files. And later asked me to change the program into a menu driven one, as he was having difficulty navigating.. Now there's a researcher for you!

    Anyways this was a fun experience. Just for the fun of it, here's the unmodified jar file that's under question.

    Use the -x option to test the sample test cases in RFC1321. Use it without any options for a menu driven implementation.

    ____EDIT_____
    I just read your previous post on crediting your friends dogs for your project. I wish I had done something similar, too damn funny.
    Attached Files
    Last edited by RAJ_55555; April 13th, 2013 at 01:41 AM.
  12. #22
  13. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,638
    Rep Power
    4247
    What you need to do is tell Mr. N.B. that you're already writing a paper with two other famous people. Tell him that you are giving him a sneak preview, since he was your lecturer once. Then send him to this link:
    http://apps.pdos.lcs.mit.edu/scicach...s+Forever.html

    Note: Click on the "Generate another one" link at the top of the page to present another paper by the same three infamous authors .

    Comments on this post

    • RAJ_55555 agrees
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  14. #23
  15. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    May 2004
    Posts
    3,417
    Rep Power
    887
    So if we're lucky, certain "rogue states" will adopt this new fangled scheme for all of their communications! Hmm... maybe we should have it translated for them?
    I no longer wish to be associated with this site.
  16. #24
  17. Hats off to Mr. Joseph donahue
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2009
    Posts
    752
    Rep Power
    1107
    Where do you find these things.. .. Although the link is no longer working, I am pretty sure we will see a couple of hundred new research papers written by Mr. N.B.; i.e. if he figures it out
    @jwd May be the governments can actually adopt this as a diversion
    Last edited by RAJ_55555; April 14th, 2013 at 02:59 AM.
  18. #25
  19. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,638
    Rep Power
    4247
    Whoops, I should really fix the link. Here's the starting page where you can generate your own CS papers.
    http://pdos.csail.mit.edu/scigen/
    Enter a couple of author names, hit Generate, then click on the PDF link to generate a PDF version and send it to N.B. .

    Comments on this post

    • RAJ_55555 agrees : lol
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  20. #26
  21. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    May 2004
    Posts
    3,417
    Rep Power
    887
    ... Indeed, Internet QoS and vacuum tubeshave a long history of cooperating in this man-
    ner [27]....
    LOL. I can't take anymore of it...
    I no longer wish to be associated with this site.
  22. #27
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    4
    Rep Power
    0
    Well I would rather suggest you to be calm. If you come up with these ideas then that means you can think more innovative then that. So let it go. You have the example of Samsung and apple in front of you and we all know that Samsung is still coming with new and innovative technology then apple. So let it go and do your work with affection.
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo