Entries Tagged "comics"
Page 1 of 10
Friday Squid Blogging: Squid Comic
A squid comic about the importance of precise language in security warnings.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Skein Collision Competition
Xkcd had a Skein collision competition. The contest is over—Carnegie Mellon University won, with 384 (out of 1024) mismatched bits—but it’s explained here.
Friday Squid Blogging: Another Squid Cartoon
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Friday Squid Blogging: Another Squid Comic
Another squid comic.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Recent Developments in Password Cracking
A recent Ars Technica article made the point that password crackers are getting better, and therefore passwords are getting weaker. It’s not just computing speed; we now have many databases of actual passwords we can use to create dictionaries of common passwords, or common password-generation techniques. (Example: dictionary word plus a single digit.)
This really isn’t anything new. I wrote about it in 2007. Even so, the article has caused a bit of a stir since it was published. I didn’t blog about it then, because I was waiting for Joe Bonneau to comment. He has, in a two–part blog post that’s well worth reading.
Password cracking can be evaluated on two nearly independent axes: power (the ability to check a large number of guesses quickly and cheaply using optimized software, GPUs, FPGAs, and so on) and efficiency (the ability to generate large lists of candidate passwords accurately ranked by real-world likelihood using sophisticated models). It’s relatively simple to measure cracking power in units of hashes evaluated per second or hashes per second per unit cost. There are details to account for, like the complexity of the hash being evaluated, but this problem is generally similar to cryptographic brute force against unknown (random) keys and power is generally increasing exponentially in tune with Moore’s law. The move to hardware-based cracking has enabled well-documented orders-of-magnitude speedups.
Cracking efficiency, by contrast, is rarely measured well.
Finally, there are two basic schemes for choosing secure passwords: the Schneier scheme and the XKCD scheme.
Liars and Outliers Summed Up in Two Comic Strips
I don’t know the context, but these strips sum up my latest book nicely.
Sidebar photo of Bruce Schneier by Joe MacInnis.