A good first step in cyber self defense

The recent data breach at Equifax makes it clear that it is critical to use strong passwords for all online accounts. According to Equifax, the data breach happened between mid-May and July. The hack was discovered on July 29, but Equifax did not inform the public until September 7. Sensitive personal information such as Social Security numbers, date of birth, addresses was stolen from Equifax, affecting one in two adults in the United States (see here).

How to create strong passwords? Obviously the longer a password, the stronger it is. The issue is that of laziness. There may be a long list of accounts, e.g. financial accounts (banks and credit cards), social media accounts and other accounts. There may be ten or more such accounts to manage. Some people get lazy and use the same password. Using different passwords that are long enough and random enough across many accounts would indeed pose a huge management challenge – how to remember, store and update the passwords.

It turns out that it is not difficult to create strong passwords that are easy to remember. The idea is to come up with a phrase that is memorable only to you. For example, a college student may come up with the following phrase.

    My weakest subject is Chemistry. I will go to Tutoring Center 5 days a week this semester to get Help!

The resulting password would be “MwsiC.IwgtTC5dawtstgH!“. This is a 22-character password that includes upper case letters, lower case letters, numeric characters and special characters. Another plus is that it contains no dictionary words. If the information about chemistry subject is important and meaningful to the creator of the password, then it is easy to remember.

The string MwsiC.IwgtTC5dawtstgH! appears random. Yet there is a high level piece of information behind it that is known to no one except the creator of the passwords.

The college student in question can change the password by using another memorable phrase after the semester is over. So this idea is flexible and the possible pool of passwords is limitless.

For each account, create a memorable phrase associated with that account. Managing these passwords still requires effort. However the information to remember is at a high level (and memorable and personally meaningful). It is not about memorizing a random string of characters. In light of the Equifax data breach, the effort is the least we can do to help defend ourselves.

Any discussion of safe and strong passwords is a good pivot to talking about large numbers. Having an appreciation of large numbers help us appreciate the passwords such as MwsiC.IwgtTC5dawtstgH!.

For example, how many possible 22-character strings are there? To get a sense of how big this number is, let’s assume that the 22-character string consists of only lower case English letters. Then there would be 26^{22} possible strings. How big is this number? It is 1.3474 \times 10^{31}. To simplify, let’s say it is 1 \times 10^{31}, the number 1 followed by 31 zeros. Note that a billion is one followed by 9 zeros. A trillion is one followed by 12 zeros.

The number 1 \times 10^{24} only includes lower case letters. If we include upper case letters as well as numeric characters and special characters ($, ?, ! etc), then the universe of potential passwords is greatly expanded.

To appreciate how big 1 \times 10^{24} is, let’s compare it with the age of the universe, which is about 13.8 \times 10^{9} years (13.8 billion years). Converted to seconds, the age of the universe is approximately 4.35 \times 10^{17} seconds, which is less than 1 \times 10^{24}. Guessing at the password at the rate of one per second, the entire age of the universe is not enough time to cover the possible choices within the number 1 \times 10^{24}. This is assuming upper case letters and numeric and special characters are not in the mix!

It is believed that the sun can burn for another 5 billion years. So guessing at the password at a fast rate would mean that there is not enough time to cover all the possible choices.

Using the “memorable phrase” approach for password management is a good first step in cyber self defense. This approach can help keep your bank accounts safe. So it is a good first step in financial self defense as well.

Here’s a peculiar way to find strong passwords. This scheme is to produce 26-letter passwords such that every letter is known and is fixed! In fact, the first letter of the password is the first letter in the English alphabets, the second letter of the password is the second letter of the English alphabets and so on. The length of the password is long but every letter is fixed. This scheme is discussed in this blog post. This universe of passwords is not as big as the one for the 22-character passwords discussed above. But it is a big enough collection of possibilities that it is all but impossible to hack without computer help. There are 67,108,864 many different possibilities (over 67 million). How does this scheme work? Why is it that every letter is known but the passwords can be strong?

Curious? Think about it or go to this blog post. This particular scheme is a way to learn the concept of binomial distribution. Any one who understands this scheme understands binomial distribution.

\text{ }

\text{ }

\text{ }

\copyright 2017 – Dan Ma


A Periodic Look at the California Lottery

What are the odds of winning the California Lottery? I am talking about the winning of $1 million or more (the kind of winning that is a game changer in one’s personal life). How often are these million-dollar tickets won? Ten months ago I estimated that the odds of winning $1 million or more in the California Lottery were one in 36 million (see Taking another look at the California Lottery). The data were based on data from California Lottery that I obtained in November 2010 (see Shining a light on the California Lottery). Nothing happened in the last ten months indicates that the odds of winning has fundamentally changed.

Just to confirm, I count the number of winning million-dollar winning tickets as of today (August 30, 2011). This is done at the website of the California Lottery. The data are not readily available. I have to search at this site. I count the tickets by searching one county at a time (there are 58 counties in the state). The result: since the inception of the California Lottery in 1985, there are only 257 tickets that paid out $1 million or more (an increase of 10 winning tickets over 10 months ago). So in its 26-year history, there are only about 260 winning tickets, about 10 per year. The increase of 10 tickets in the last 10 months also confirms the average of 10 winning tickets per year.

With the increase of 10 more winning tickets, the odds are actually a little higher, about one in 36.7 million, but still not fundamentally different from 1 in 36 million.

The mantra of many lotto players is that you have to buy a ticket in order to win. That is so true. You have to get in the game to have a chance to win, even though the chance of winning is infinitesimally small. On average it takes the purchase of about 36 million tickets to support one winning ticket. Still dreaming of winning big?

Wrong Side of the Road, Wrong Side of the Law

Jessica Lynn Shekell was a 21-year old and a sociology major at California State University at Fullerton in 2009. In the wee hours of October 26th of that year, she was driving in the wrong direction on a stretch of the 91 freeway in Anaheim. Shekell’s Toyota pick-up truck crashed head-on into a Chevy’s pick-up truck. The results: Sally Miguel and Patricia Miguel (two sisters in the front of the Chevy’s pickup truck) were dead and their two young nieces (Mary Miguel and Sara Miguel) suffered permanent internal injuries. The lessons? Avoid being on the wrong side of the road and being on the wrong side of the law. With drinking and driving, only do one of them. Some actions in life have grave consequences. Alcohol imparied driving is one of them.

Approximately 45 minutes after the crash, Shekell’s blood alcohol content (BAC) was 0.26 percent, three times over the legal limit (0.08 percent in all 50 states). This meant that the BAC at the time of crash would be higher. According to the BAC calculator of the Police Department of the University of Oklahoma, for someone weighing 120 pounds, two hours after drinking eight 8-oz beers, the estimated BAC is only 0.21 percent (Shekell’s weight was 115 pounds at the time of the crash). The same calculator estimates that drinking eight margarita will result in a BAC of 0.24 percent. Shekell likely had many more drinks than eight. On the night of the DUI crash, Shekell and her friends were drinking at two bars in Placentia, California for several hours.

Shekell was sentenced on Wednesday March 9 to six years for the DUI crash. The prosection asked for 13 years. The defense asked for probation (nice try). Orange County Superior Court Judge Robert Fitzgerald picked the middle point. Is the justice served? In my view, a stiffer sentence is called for.

Interestingly, on the night of the crash, Shekell was not yet 21 years of age (less than two months away from her 21st birthday on December 12). So she was not of legal drinking. According to the prosecutor Susan Price, Shekell was also cited for underage drinking in 2009.

Prior to sentencing, Judge Robert Fitzgerald sent Shekell to a 90-day diagnostic program operated by the state Department of Corrections and Rehabilitation, during which she denied being an alcoholic. When the program was over, officials recommended she be sent to prison. Was it that Shekell was not showing remorse to the the satisfaction of the officials in the diagnostic program? It seems clear that she denied she had an alcohol problem.

Two lives were snuffed out by someone who denied having an alcohol problem. Six years do not seem fair to the victims’ family. Both nieces of the victims suffered permanent injuries in their bodies, having to deal with gaping physical and emotional wounds for the rest of their lives.

Another lesson from this crash is that wearing seatbelt can save lives. The victims in this crash did not wear seatbelts. In my view, this does not lessen the gravity of the crime committed by Shekell. On the other hand, even with wearing seatbelts, the victims would still sustain serious and likely debilitating injuries. With or without seatbelts, it is a no win situation for the victims.

If Shekell has any shred of decency in her bones, she will have to deal with the weight of this tragedy for the rest of her life. At least she will be out of prison before her 30th birthday. Sally and Patricia Miguel are gone forever. In comparison, Shekell’s prospect seems quite good.

Justice aside, it is also not a good situation for Shekell. She was hospitalized for facial trauma and fractures to both arms. Any normal person will have to grapple with the enormous guilt from murdering two people. Though she got a light sentence, she still have to spend six years in a state prison, which could be put to other productive uses. She could finish school and start a career. Any plans she had before the crash will have to wait until she turns 30. Shekell surely had put her family through much anguish. Think of the legal costs her family had to shell out.

For all those who drink and drive, think about this. If you do not care about the victims, you ought to at least care about your future and your family. I sure do hope that the drinking buddies of Shekell on the night of October 26, 2009 had learned this lesson too.

It is really simple. If you get plastered, do not get behind the wheel.

How many lottery winners are there in a year?

I have been wanting to answer the questions in the title. I found that statistics on lottery winning is hard to come by. Even when the state lottery commissions are required by law to made the information public, they tend to bury the information and you have to do work to dig it up. I have strong indication that on an annual basis, winning tickets that pay out one million dollars or more only number in the hundreds. In contrast, there were 37,261 people killed in motor vehicle crashes in 2008 in the United States (see the report from the National Highway Traffic Satety Administration). So if you are passionate about winning various state lotteries, it makes sense to be passionate about not winning the negative lottery of fatality in a motor vehicle crash too.

As of November 2010, there were only 247 winning tickets paying one million dollars or more (see the previous post with this discussion). To get this information, I had to look up the winning tickets in each of the 58 California counties in the official site of CalLottery. So about 10 people are made millionaires by CalLottery each year (since its inception 25 years ago).

The state of Iowa is more forthcoming. The official site of the Iowa Lottery actually had a press release listing out the stats. The number of Iowa Lottery tickets that have won prizes of $1 million or more (through August 2010) is 110. Once again in the 25 years history of the Iowa Lottery, only 110 people were made millionaires, on average 4.4 per year. For the Iowa Lottery, the odds for winning $100,000 or more are better for sure (1089 winnings so far in 25 years) but the odds are still small.

The state lotteries are in the business of selling dreams. I suspect that they do not want to provide a picture reflecting the true odds of winning big. With all the state lottery commisions across the United States combined, I cannot see how the number of winning tickets ($1 million or more in each one) in one year can be in the thousands. If someone is forking over hard earned cash each week to play the lottery in the hope of winning big, it also makes sense to pay attention to traffic safety in the hope of not winning the negative lottery of death in a car crash.

Hope there will be no lottery winners this New Year’s Eve

According to a report in npr.org called Road Fatalities Dip Thanks To Safer Cars, Economy, an array of factors are making the road safer. According to a study by the Department of Transportation, the overall number of fatality on American roads has dropped dramatically, fallen by over 20% in the last few years. Two likely reasons for this dramatic drop are safer cars and a slower economy. However, even with the over 20% drop in fatality on the road, there is still one death every 15 minutes on the road.

I always think of dying from a crash involving a drunk driver is a lottery. It is a negative lottery for sure since no one would want to win it. In a previous post (The lottery of drunk driving fatality), I discussed the statistic of one drunk driving fatality every 45 minutes. By comparison, the number of deaths on the roads due to all causes is three times higher than just deaths from drunk driving (in the lottery analogy it is three times more likely to win)! I hope in this holiday season, no one will win this negative lottery.

Be safe on the road. Between drinking and driving, only do one of them!

Now the quantitative stuff. As reported in Road Fatalities Dip Thanks To Safer Cars, Economy, there were almost 44,000 road-related deaths in 2005. In 2009, there were about 34,000 deaths. This is a 22% decrease. There are two ways to see this.

One is to calculate the number of reduction in deaths, which is 44000-34000=10000. Then divide 10000 by 44000. We have:

\displaystyle \frac{10000}{44000}=0.2273, which is 22.73%.

Another way to derive the 22.73% is to calculate the following ratio:

\displaystyle \frac{34000}{44000}=0.7727

Then subtract one from this ratio and obtain 0.7727-1=-0.2273, which indicates a 22.73% decrease in road-related deaths.

The 2009 figure for the number of road-related deaths is 34,000. This comes out to be one death every 15 minutes. To derive this rate, we need to calculate the total number of minutes in a year. There are 365 x 24 x 60 = 525,600 minutes in a year. Then divide 525,600 by 44,000 to obtain 15.46 minutes. Then round the answer to 15 minutes.

We can get a perspective of this calculation by looking at an example of taking an exam. For example, if you have two hours (120 minutes) to take an exam and the exam has 10 problems, then on average you have 12 minutes to work one problem. Thus if you can work one problem per 12 minutes, you can expect to finish the exam in the allotted time.

Back to the calculation at hand, there are 525,600 minutes in a year and there are 34,000 events. Thus on average there are 15 minutes allotted for each event.

\displaystyle \frac{365 \times 24 \times 60}{34000}=15.46=15

The hope is that the denominator in the above ratio will keep getting smaller in the years to come. From 2005 to 2009, the denominator shrank from 44,000 to 34,000. I have a thought. Supose that in the next 5 years (2009 to 2013), there will be the same percent decrease in the road-related deaths as in the 5-year period from 2005 to 2009. What will be the value of the denominator? In other words, according to the same trend line, what will be the number of road-related deaths in 2013?

The answer to the above question is obtained by reducing the 34,000 deaths in 2009 by 22.73%. Try the following:

\displaystyle 34000 \times (1-0.2273) = 34000 \times 0.7727=26271.8

If the same trend that played out between 2005 and 2009 holds, the projection for 2013 would be about 26,000. Whether this is a realistic projection or not, I do not know. I will leave this to the experts who study traffic fatality. Let’s hope that the improvement will be as least no worse than this projection.

Taking another look at the California Lottery

What are the odds of winning the lottery? If the lottery is a 49/6 game (i.e. choosing 6 numbers out of 49 numbers), the odds are 1 in 14 million (one in 13,983,816 to be precise). I would like to show you that for the California Lottery, the odds of winning a jackpot of $1 million or more are 1 in 36 million. Let me show you how I arrive at this estimate.

Statistics about winning tickets are available from the official website of the California Lottery. But one has to do some digging to get the data (I searched at the Lucky Retailer Search). There are 58 counties in California. I simply searched for the 58 counties one by one. Only 28 of the counties had winning tickets. Since the inception of the California Lottery 25 years ago, there were 247 winning tickets as of November 1, 2010.

Here’s the summary information. All of these 247 tickets paid out $1 million or more. The largest jackpot was $110 million. The earliest winning ticket was on 3/21/1987, bought from a retailer in Imperial County. The most recent one was on 10/9/2010, bought from a retailer in Ventura County. The sum of all the winning amounts for these 247 tickets was $4,535,519,264 (about $4.5 billion). Thus each winning ticket prize was, on average, $18,362,426 (about $18 million).

So there are about 250 winning tickets that paid $1 million or more in the 25 years of history of the California Lottery. On average, there were about 10 winners a year. If you do not think that the odds are infinitesimally small, read on.

By law, the California Lottery has to pay out at least 50% of the revenue as winning. The total winning amount for these 247 tickets was $4.5 billion. This implies that the $4.5 billion in winnings was paid out from the sales of $9 billion worth of tickets (equivalently 9 billion tickets since the ticket price was $1).

So out of 9 billion tickets bought, there were about 250 winners. Thus the odds of winning are 250 in 9 billion or 1 in 0.036 billion (9/250=0.036). The odds of 1 in 36 million followed from the following translation.

\text{1 billion = 1,000,000,000 (1 followed by 9 zeros)}
\text{0.036 billion} = 0.036 \times 1,000,000,000=36,000,000 \text{ (36 million)}

Of course, the California Lottery will never tell you that the odds of winning the big prizes are 1 in 36 million. One has to dig to find the information like I did. In fact, in the same page where I did the digging, they claim that “Since 1985, the California Lottery has distributed more than $27 Billion in winnings (including annuitized) with more than 2,842,467,062 winning tickets sold!

They claim that there were 2,842,467,062 (2.8 billion) winning tickets since 1985. How does this number squared with the 247 tickets that I found? I wrote about this point in a previous post called Shining a light on the California Lottery. Except for 247 tickets, these tickets paid out small prizes (on average just under $10). Their information is correct but can give the impression that there are many millionaires running around (could be as many as half the world’s population)!

The usual refrain of many lotto players is that you have to buy a ticket in order to win. Winning is desirable for sure. In the case of mega lotto jackpot such as the games of Mega Million and SuperLottoPlus in the California Lottery, you have to buy millions of tickets before you have a realistic chance of winning (could very well be 36 million tickets). If you treat the game of lottery as a money making opportunity or a way to become an instant millionaire, you better count the cost. Some play the lottery for its entertainment value and the excitement. If you spend a small sum every week buying tickets for the huge jackpots, the entertainment value is about the only benefit you will receive from playing.

Shining a light on the California Lottery

In the back of my mind, winning the lottery means becoming a millionaire (or better). Thus I find the following statements found in the website of the California Lottery very interesting.

Since 1985, the California Lottery has distributed more than $27 Billion in winnings (including annuitized) with more than 2,842,467,062 winning tickets sold!

The amount of $27 billion is a lot of money. This amount ought to be reassuring to anyone dreaming of winning big (think sitting in a beach chair holding a martini in a posh beach resort in the Caribbean). The number of winning tickets 2,842,467,062 is a huge number too. If I keep playing, could I be joining this huge legion of winners?

I noticed something else. Why is the total amount of winnings stated in a nice round number while the total number of winning tickets is not? Note that both figures are not meant to be exact amounts (more than $27 billion and more than 2,842,467,062 winning tickets).

Why not express the number of winning tickets in a nice round number too? Could it be that this is intentional? Could it be that the display of the number 2,842,467,062 is designed to be fantasy inducing? I do not know for sure. But I have my suspicion. Understanding how to read large numbers will clear things up.

One million is 1,000,000 (one followed by 6 zeros). Note that one million is 1000 times of 1000. Putting it another way, if you receive $1000 from each of 1000 people, you become a millionaire.

One billion is 1000 times of one million (1,000,000,000 or one followed by 9 zeros). If you have $1 billion in wealth and you only spend $1 million a year, it will take you 1000 years to deplete your wealth! Of course, in this scenario, we are not taking the time value of money into account (but that is another story).

So the number of winning tickets for the California Lottery since 1985 is 2,842,467,062 (about 2.8 billion tickets). Interestingly, this means that the average winning amount per ticket is slightly under $10! This implies that most of the 2.8 billion tickets are for small prizes (way smaller than $1 million).

So how many lottery prizes of $1 million or more were won by players in the California Lottery in its 25-year existence? Fortunately, the data are available in the official website of the California Lottery, just that they are not conveniently summarized. I had to search for them county by county (there are 58 counties in California).

I searched the winning tickets by county and I found a total of 247 winning tickets, all in the amount of $1 million or more. These 247 tickets amount to $4,535,519,264 (or $4.5 billion). So more than $22.5 billion (=27-4.5) in winnings are for smaller prizes (e.g. a few hundreds to tens of thousands in dollars).

Out of 25 years of history in the California Lottery, there are only about 250 winning tickets with $1 million or more in winning. On average, there are about 10 such winning tickets a year. So winning a small prize may have good odds (about 2.8 billion instances of small winning so far). But winning a huge jackpot in the California Lottery, one that you normally think of as setting you up for life, had only happened 250 times so far.

The California Lottery is in the business of selling dreams. It seems that fuzzy numbers help keep dreams alive. Interestingly, a large number such as 2,842,467,062 was transformed into a fuzzy number by not rounding it.

Even if I did not dig up numbers from the official website, I can still get a sense that there is only a small number of winning tickets worth $1 million (or more). We can compare 2,842,467,062 with the sizes of the population in California, the United States and China.

The number 2,842,467,062 is almost 77 times the population of California (36.9 million in 2009), and is over 9 times the population of the United States (307 million in 2009). The population of China is 1.3 billion (in mid 2008). The number 2,842,467,062 is over twice the population of China.

Imagine that the number of millionaires created as a result of playing the California Lottery is twice the China population! If true, California would truly be a “Golden State”!

What can one get from buying a $1 lottery ticket? Not sure what one can get other than a chance to fantasize (a form of cheap entertainment I suppose). The fact speaks for itself. Of the tens of billions of tickets bought in the 25-year history of the California Lottery, there were only 247 winning tickets that paid out $1 million or more.