Schneier on Security
A blog covering security and security technology.
« Radio Interview with Me |
| Friday Squid Blogging: Squid Cake »
February 6, 2009
xkcd on Cryptanalysis
Good xkcd comic on the difference between theoretical and practical cryptanalysis.
Posted on February 6, 2009 at 1:48 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This is what I love about analyzing security systems--finding the cheap yet highly effective ways to break or circumvent them.
Rubber hose cryptography FTW!
Don't forget to mouse-over to see the actual actual reality.
> "I'm gunna kick some ass with with my own pipe wrench."
Long-ish video, funny.
Methinks Bruce would find the pipe wrench too clumsy and random, uncivilized.
Bruce would have stretched his brane and un-warped the fabric of the universe.
That recalls a comment from a game: "Your objective's on the other side of an impenetrable door, locked by an unpickable lock. Do you a) curse your misfortune, b) try and find better tools, or c) track down the watchman with the keys, slug him, take his keys and continue about your business?"
Gee, who knew the weakest link in the chain was made of meat?
Why such an expensive wrench?
@ Davi Ottenheimer,
"Why such an expensive wrench?"
If you are going to do something, do it with style.
And as we all know these days style costs...
"Good xkcd comic"
Say no more, say no more! :)
"Good xkcd comic"
As opposed to ..?
I am disappointed that xkcd did not use a rubber-hose for beating.
>As opposed to ..?
The "romantic" ones.
Todd Knarr, what about "(d) dig through the wall"?
Or "(e) poke around in the game's unencrypted memory space until you figure out how to turn the impenetrable door into a pony, then wait for it to wander off looking for a nice Douglas Adams adventure".
Personally, I favor the 3 ft. length of 2x4, or just a handy brick. They're cheap and effective. Plus it's harder to get finger prints off them, unless you have really greasy fingers...
Yea, but because of the roughness and/or splinters, you're more likely to leave DNA on the brick or the two by four.
When I saw that cartoon, my first thought was, "Hey my truecrypt volume got the countermeasure for exactly this type of attack!" It got plausible deniability on the hidden partition. But then again, actual actual reality is right: Who would want my data anyways. And I didn't even turn the hidden partition on. Or did I? ;)
Now that you've said that in a public forum, how plausible is your deniability now?
"Good evening, Otto. This is Agent Rogersz. I'm going to ask you a few questions. Since time is short and you may lie, I'm going to have to torture you. But I want you to know, it isn't personal. "
Plausible deniability, just gives the torturer an excuse to continue torture. If you give up the secret too fast, its likely you are lying.
I would give up all my passwords in 2 seconds if tortured... does this mean I am risking being tortured forever?
You said, "It got plausible deniability on the hidden partition."
So, the guy with the pipe is going to beat you until a) you reveal the secret to get at the hidden parition, or b) you are dead.
So, I know you have a hidden partition.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.