[ Discuss: what classes to take next semester. ]

Counting:
How many ways to...
- choose a letter-or-digit?
- choose a letter-and-digit (one of each)?
- choose 4 digits in a row?
  -- a bike/luggage lock.  How long to crack such a lock,
     by brute force?
- How many 8-letter passwords?
    (How long to crack, assuming the passwd program takes 10-7s to
    see if the password actually matches?  How to foil brute-force attacks?)
- How many 8-alphanumeric passwords, where there is at least one number?
  Have to be sneaky: total number, minus those with no numbers.
- How many english words?  25000 to 200000; AOL uses pairs of words.
- My magazine acct# has 30 digits.  How many accts might they have?
  Well, people can have multiple accounts; how many accts per person
  do they have?
  [Okay actually they are encoding information; it's not just a number.]




[Long optional digression/rumination on brute-force crypto-attacks.]

Note that this is a bit like the movies (matrix, Termnator, ...)
where you see the heroic hacker, with their display whirring through
all possible inputs keys, seeing if entering that key lets them into the
system.
 - Often, you see the length of the key being tried get shorter -- from
   20 letter/digits down to length 19, length 18, etc, finally honing in
   on the solution.
   This only works if you can somehow determine something like "aha, after
   trying some inputs, I know the first letter of the password must be 'K'".
   Compare with the purported bike-lock-attack algorithm in class, where 
   you can determine which dial is causing the problem, and then within 
   10 steps figure out which digit that particular dial needs.
   Not a very effective password system, if it can be broken like that!
 - The system might be able to detect repeated login failures:
   the code that does decrypting might be augmented to detect whether
   there are 100,000 false logins within one second, all from
   the same ATM/terminal/whatever.

   This doesn't work so well in a big centralized system that doesn't
   know where the attempt is coming from: E.g. a program trying to
   break into paypal.com, where it makes up a random user account
   and a random password and makes each attempt from a different IP address.
   It's hard to distinguish this attack from regular (valid) failed logins
   from across the country/web.

 - For this latter point, you might consider that if you get a failed
   attempt, the passwd-authentifier-program waits half a second
   before reporting "access denied".
   ...of course, a smart break-in program might realize "hey if an
   attempt takes more than 20ms for an answer, it probably means that
   i'm about to get an access-denied answer; i might as well proceed
   to the next input".

   Thus, password-authentifiers should consider designing a system where
   *either* response -- access permitted or access denied -- takes (say)
   a half-second or a tenth of a second.

   This still doesn't negate teh brute force attack where the attacker
   is setting up many different IP connections in parallel.
   Active research, is trying to distinguish such attacks from normal
   large-scale usage.  Even if you're not concerned with an attacker
   actually guessing a password, you might care about denial-of-service
   attacks (where the password verifier is busy processing requests, 
   and 99.99% of them are being generated by a bogus attacker,
   meaning that valid requests take forever to process.)

   [If interested, consider classes like Computer Security, 
    and/or Networking.]


[End digression]

















Pigeon-hole principle:
- With  600 freshmen, is there a shared birthday?
- With 2400 students total, multiple sharings?
- How many kids have the same initials *and* birthdays?
   [population of TX: 21million.]
- Houston population 4million; #hairs on head is bounded by 10^5,
   call it 10^6...


pigeon-hole principle: No matter how N pigeons are distributed among k
pigeon-holes, there must be at least ceiling(N/k) in some hole.
[proof by contradiction:  
  #items <= k*(ceiling(N/k)-1) < k*(N/k) = N   (since ceiling(N/k) < N/k +1.)]

- How many kids have the same initials *and* birthdays?
   [population of TX: 21million.]
- Houston population 4million; #hairs on head is bounded by 150,000
   (triple that if you include beards); to be safe call it 500,000.
     http://www.trichotillomaniahelp.com/1/info.html (60-150k; 450k >neck)
     http://www.sciencenet.org.uk/database/Biology/0212/b01055d.html  (100k)
     http://www.wcsscience.com/hair/page.html (100k-150k)








Choosing k elements out of n, where order matters:
"Perm(n,k)" = n!/(n-k)!.
We have n choices for the first, and then regardless of this
we have n-1 choices for the second item, ... through the kth item.
We say the choices are "independent".
  (We'll later *define* x,y independent as meaning the ways to choose
   x and ways to choose y can be multiplied together.)

Note that Perm(n,n)=n!,
and 0! = 1
(how many days for a class of 0 students to
arrange themselves, before a seating pattern is duplicated?)



In a LAN with n nodes, How many sender/receiver possibilities, 
(if you can't send to yourself?)   I.e. how many connections.
If each message is sent to one other member (to ensure no personal mail?),
how many sender/receiver/verifier arrangements?



Choosing k elements out of n, where order matters:
   A subset of size k (instead of a ordered sequence).
P(n,r) = C(n,r)*P(r,r)


C(n,k)= n!/k!(n-k)!
Th'm : C(n,k) = C(n,n-k).

Paths on grid from (0,0) to (m,n).
(Isomorphic: bit strings containing m 1's).




Binomail coeffs:
Consider (a+b)^3  = (a+b)(a+b)(a+b)
Consider (a+b)^18 = (a+b)(a+b)(a+b)...(a+b);
you take k a's and n-k b's.

Pascal's Identity:
C(n+1,k)=C(n,k)+C(n,k-1)

[See book for Pascal's triangle -- how to compute
 C(,) via addition only.]





Combinations with repetitions:
Malcolm decrees that each college will
have its own lab, containing exactly 5 computers.
Each computer can be {hp,ibm,apple}.
Of course, each college wants to be unique and to
have a different lab-setup than all other colleges.
How many colleges can all have a different setup?
(we don't care *where* in the lab they're placed)
[start to enumerate; it gets complicted soon,
 with no obvious ways to figure our over-counts.]

In general, the problem is "choose n items of r types"
  (where all items of the same type are indistinguishable --
   ie we only care about how many apples, and don't distinguish
   them further by where they're located in the room.)
C(n+r-1,n) ways:
n+r-1 slots, where each slot will be either an item or a divider.
[equivalently: choose n of them to be non-dividers.]
  C(n+r-1,r-1) = C(n+r-1,n) = ways to choose n items from r categories.

This isn't an obvious trick -- very sneaky!  
But happily, it's now in your bag of tools.


By the way --
What if we *do* care(count,distinguish) where in the lab they're placed,
how many possible labs are there?


   [Got to here 2004.apr.08]

quiz,
quiz,