Thinkinginbytes.com is generated using Hugo and hosted by Netlify. Netlify watches the site’s repo on Github and commits trigger a site build process. I’ll post more details about hosting a Hugo site with Netlify later. Site development is local. To view the site on a local machine, Hugo must be installed. It is likely that your local version of Hugo is versions ahead of the default Netlify Hugo version. This version mismatch may cause Netlify builds to fail. You may need to specify which version of Hugo you want Netlify to use.

• The Good
• The Bad
• The Balance
• Footnotes

Occasionally, I see a social media post¹²³ re-quoting:

Hard Choices, Easy Life
Easy Choices, Hard Life

NOTE: This phrase is also a common headline for LinkedIn profiles. Try searching LinkedIn for “Hard Choices, Easy Life”.

This popular quote is attributed to Jerzy Gregorek ⁴. The post’s comments are filled with messages of agreement and confirmation. At first, this quote rings true. It sounds like a different form of advice I’ve been given many times.

Background

I want to understand the math behind asymmetric cryptography.¹ This field relies heavily on Modular Arithmetic.² I bought an undergraduate math textbook for self-study. This article is a record of a proof exercise in the book. It is also a good exercise in writing math equations using LaTeX.

NOTE: I asked ChatGPT to confirm the proof. No grades are being assigned here, the point is to learn.

Problem

Let \(m\geq1\) be an integer.

• The Problem
• Cryptographic Hashing
• What Is Piecewise Hashing
• The Obvious Weakness
• Final Thoughts
• References

NOTE: ChatGPT was used to create some portions of the code in this article. The words are mine.

The Problem

When cybersecurity analysts find malicious files, they share their finding with the greater security community. They run the file through a cryptographic hashing function and share the results of this function, called a hash. The hash is a kind of fingerprint that identifies the file based on the information contained in the file. Others can look through their environments, hash their files, and compare the results to hunt for the malicious file.

• Misunderstanding Continuous Improvement
• Operating
• Innovating
• Don’t Do Both At The Same Time
• Continuous Improvement Redefined

Misunderstanding Continuous Improvement

Early in my career, “Continuous Improvement” was a popular buzzword. Every company claimed to have some type of program that constantly looked to improve its processes. I misunderstood the concept of “Continuous Improvement”. In my mind, commitment to continuous improvement meant that, at any point during the completion of a task, if a potential improvement could be made then everything must stop while the process is updated. I wanted to change or improve a process while I was executing it. Every time I found an opportunity for improvement, the real work stopped and the work around how to improve it starts. Disrupting the work and creating inefficiencies instead of fixing them.

In this article:

• What is PowerShell?
• Finding And Opening The PowerShell Application
• Creating A Date
• Creating A Specific Date
• Something Useful: Finding Completion Dates
• What About Weeks?
• Find The Time Between Dates
• Conclusion
• References

PowerShell provides immediate value for non-technical users.This article introduces new users to one useful feature of PowerShell without explaining the background of PowerShell and all the details behind cmdlets, objects, properties, variables, operators, members, help, execution policy, etc. This is a different way of introducing PowerShell. Many introductions to PowerShell tackle the implementation details that, in my opinion, can be hidden from some users who just need a tool.

Google has decided to discontinue its domain registration service. As of August 2023, the Google Domains site displays this message:

Google recently entered into an agreement for Squarespace, Inc. to acquire all domain name registrations from Google Domains, with the purchase subject to regulatory approval and customary closing conditions. If the transaction closes, you will become a Squarespace customer and, following a transition period, your customer and billing information, if applicable, will be transferred to Squarespace, at which point Squarespace’s Privacy Policy and Terms of Service will apply.

Encrypting plaintext using Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode requires the plaintext to be a multiple of 16 bytes long. All plaintext is padded before encryption. The padding method is described in Section 6.3 of PKCS #7.

The Padding Technique

If the last block of the plaintext message has 1 byte (e.g., if the plaintext is 17, 33, or 49 bytes), then 15 bytes of the value 0x0f (15) are added to the end of the plaintext. Finding the number of bytes in the last block is trivial using modulo math in python.

In Part 3, I ask Google’s Bard why it would limit password length to 15 characters in a web application. See Part 1 for the response from Anthropic’s Claude and Part 2 for ChatGPT’s thoughts on the subject. I start with the same question.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.

In Part 1, I asked Anthropic’s Claude AI Assistant to play Web Application Developer and explain why it would choose to limit its application’s password length to no more than 15 characters.

In this post, I used the same starting prompt and asked ChatGPT.

Starting Prompt

Me:

You are a web application developer. I am an information security professional reviewing your work. Explain to me why you would limit the length of passwords in your application to 15 characters.