Application Form
Name: Oliver Hamm.
Contact/Email: Oliver.C.Hamm@gmail.com
Background: I'm a 24 year old, third year student at Paris-Diderot University in Paris, France. I've studied and coded, among other languages, in C, Java, Ocaml, Python, the whole "internet package" (PHP, HTML, CSS, ?JavaScript, SQL) and I have just started to learn C++ but I shouldn't have any problems with it since it looks like the offspring of Java and C to me, and I can already code in both. As for cryptography I've followed the Coursera courses (Here) a couple of months ago and I have the "Handbook of Applied Cryptography" from Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone on my nightstand so I can read about the magical universe of encryption and decryption every night. I have also been a member of Hack This Site and Enigma Group for over a year now, to get to know more about how penetration testing works ( they also have some cryptography exercises ). Why you say? Because I intend on working in computer security later on, and this is a good opportunity for me to acquire experience in that domain.
Project title: One-time-password (token) based authentication and transactions
Project details: After checking out Dynalogin to get information about it, and after getting a pointer from a mentor, I noticed that there was absolutely no GUI to it, as in, you have to basically go and change PHP lines of code to set some values. For people used to coding and looking around in files, that shouldn't be a problem, but for "normal" people that is quite a turn off. It's like telling you: See this incredibly complex thing?? it's really powerful, but you have to tweak it a little and if you don't get it right, it won't work... There also is a database transfer program opportunity which I can't pass on. That and making a manual in French/English (I'm fluent in both) that explains a little bit about how Dynalogin works and what you can do with it.
Synopsis: Enhancing/creating some authentication and transaction protocols based on the one-time pass protocol.
Benefits to Debian: Simply put: you can have walls as thick and high as you want, but if anyone can get the key that opens the door, your castle will fall. But jokes apart, adding more manpower to a project that allows more secure data transfer is always a good idea and Debian would benefit of it by having an easy access to a fun and useful toy like the Yubikey
Deliverables: A GUI for Dynalogin with a manual in French/English, A database importer tool to transfer user information from other database into Dynalogin's database.
Project schedule:
- Step0:
- (1 week) Looking around for what has already been done or thought of on the different mailing lists.
- Step1:
- (1-2 weeks) Making sketches of different types of possible GUIs and send them to the mentors to have a feedback and pick one that fits.
- Step2:
- (3-5 weeks) Coding a GUI making sure it works and does what it's supposed to.
- Step3:
- (1 week) Making a manual in French and in English.
- Step4:
- (1 week) Getting close and personal with Dynalogin's database structure and figuring out how to import data from other databases, like, as mentioned by mentors, the Debian or alioth LDAP database and maybe others if I'm quick enough.
- Step5:
- (4-6 weeks) Coding a database importer (and possibly exporter), testing it and debugging it.
- Step6:
- (1-2 weeks) Making a manual page and guides for that program.
- Step0:
Exams and other commitments: I have exams until the end of May, and possibly in June depending on the circumstances.
Other summer plans: Apart from turning my keyboard into a steaming pile of burnt plastic and my brain to mush? No.
Why Debian?: "Kali", which is the codename for a Linux distro that evolved from the "Backtrack" series built around computer security testing, is mostly based on Debian, and since I'll be using it for work soon enough I want to know how it really works.
Are you applying for other projects in GSoC?: I will be applying to a couple of Wireshark and Crypto Stick projects.