Application Form
Name: Oliver Hamm.
Contact/Email: Oliver.C.Hamm@gmail.com
Background: I'm a 24 year old, 3rd year student (last year of bachelor's degree here) at Paris-Diderot University in Paris/France. I've studied and coded ( among other languages ) in C, Java, PHP, and I can learn the basics of C++ in no time since ( please don't ban me for this ) it looks like the offspring of Java and C to me, and I can already code in both. As for cryptography I've followed the Coursera courses (https://www.coursera.org/course/crypto) a couple of months ago and read a couple of books on the subject. I intend on working in computer security later on, and this is a good opportunity for me to acquire experience in that domain.
Project title: One-time-password (token) based authentication and transactions
Project details: Debian now has various packages such as wheezy/oathtool and wheezy/dynalogin-server to support token authentication for various use cases. The basic use cases are UNIX logins (using wheezy/libpam-oath or experimental/libpam-dynalogin and OpenID (web based) login using wheezy/simpleid-store-dynalogin. The student will look at adding more depth in this area, here are some possible examples: developing support for Challenge-Response authentication ( CROTP ) in oath-toolkit developing an asynchronous AMQP-based interface for wheezy/dynalogin-server enhancing wheezy/simpleid to create user profiles on the fly using some combination of these technologies to enable a more secure experience with digital currency transactions (e.g. for Bitcoin)
Synopsis: Enhancing/creating some authentication and transactions protocols based on the one-time pass.
Benefits to Debian: Simply put: you can have walls as thick and high as you want, but if anyone can have the key to the door, your castle will fall.
Deliverables: To be identified in consultation with the mentor(s).
Project schedule: Brush up on my cryptography/learn some C++ if required, getting familiar with the different authentication protocols and figure out how they can be added to the already existing ones. Code and test.
Exams and other commitments: I do have some exams until the end of May and maybe in June if I fail the first session of exams.
Other summer plans: Apart from turning my keyboard into a steaming pile of burnt plastic and my brain to mush? No.
Why Debian?: Well, "Kali", which is the codename for a linux distro that is built around computer security testing and is the evolution of the "Backtrack" series, is mostly based on Debian, and since I'll be using it for work soon enough, knowing how it really works could help me.
Are you applying for other projects in SoC?: I will apply to a couple of Wireshark and Crypto Stick projects.