Nice Security Mindset Example
A real-world one-way function:
Alice and Bob procure the same edition of the white pages book for a particular town, say Cambridge. For each letter Alice wants to encrypt, she finds a person in the book whose last name starts with this letter and uses his/her phone number as the encryption of that letter.
To decrypt the message Bob has to read through the whole book to find all the numbers.
And a way to break it:
I still use this example, with an assumption that there is no reverse look-up. I recently taught it to my AMSA students. And one of my 8th graders said, “If I were Bob, I would just call all the phone numbers and ask their last names.”
In the fifteen years since I’ve been using this example, this idea never occurred to me. I am very shy so it would never enter my mind to call a stranger and ask for their last name. My student made me realize that my own personality affected my mathematical inventiveness.
I’ve written about the security mindset in the past, and this is a great example of it.
Brandioch Conner • April 9, 2013 2:22 PM
I think that your “attack trees” model would be a good way to visually demonstrate some of the gaps in examples such as this.
Or, to quote from the evil overlord manual: