0538: "Security"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

cyberblade
Posts: 73
Joined: Tue Jul 08, 2008 4:38 pm UTC

Re: "Security" discussion

Postby cyberblade » Tue Feb 03, 2009 4:06 pm UTC

jlamothe wrote:
benbald72 wrote:Also, is it possible to encrypt things in such a way that if one key is given the information gets decrypted, but if a different key is given the information gets erased?

No.

EDIT: Well, maybe. The ironkey is probably about as close as the average civilian is going to get.


Well, there are a few other options if you're handy with wiring... Solder the case shut and make it so that attempts to open the case ignite the thermite around the HDD, similarly have the thermite be able to be triggered by a certain boot password... I'm sure it could be done, and it's the only way I can think of to destroy the data on your hard disk quickly... Thermite is fairly easy to make, and the wiring seems to be pretty simple...

birkett
Posts: 4
Joined: Mon Feb 02, 2009 12:08 pm UTC

Re: "Security" discussion

Postby birkett » Tue Feb 03, 2009 5:05 pm UTC

cyberblade wrote:
jlamothe wrote:
benbald72 wrote:Also, is it possible to encrypt things in such a way that if one key is given the information gets decrypted, but if a different key is given the information gets erased?

No.

EDIT: Well, maybe. The ironkey is probably about as close as the average civilian is going to get.


Well, there are a few other options if you're handy with wiring... Solder the case shut and make it so that attempts to open the case ignite the thermite around the HDD, similarly have the thermite be able to be triggered by a certain boot password... I'm sure it could be done, and it's the only way I can think of to destroy the data on your hard disk quickly... Thermite is fairly easy to make, and the wiring seems to be pretty simple...


You are clearly a very brave man... I mean, malware can be pretty bad when all it can do is steal your dataz, but with that laptop you open the wrong email and you're wondering why your legs are evaporating...

RanCorp
Posts: 65
Joined: Thu Oct 16, 2008 1:49 pm UTC

Re: "Security" discussion

Postby RanCorp » Tue Feb 03, 2009 5:05 pm UTC

cyberblade wrote:Well, you're free to dislike or like whomever. ... Why don't you take issue with the quotes I posted if you think there's something wrong with them instead of just ranting about the author.

Logic is irrelevant to someone who thinks "A = A" is the basis for a philosophy. We call that a tautology. Do you argue with deranged people? I don't. I don't have time to try to convince amoralists and anarchists that they deserve no role in defining a society and its rules. I don't accept their arguments as ingenuous, for one thing. They don't seek a moral state, they seek unending advantage and acquisition. They are dishonorable and arguing with them only lends them status and helps them hone their disingenuous arguments.

Randianism and Libertarianism are beneath contempt to me.

RanCorp

mikeditka
Posts: 2
Joined: Tue Feb 03, 2009 8:04 am UTC

Re: "Security" discussion

Postby mikeditka » Tue Feb 03, 2009 5:27 pm UTC

Statist.

jareds
Posts: 436
Joined: Wed Jan 03, 2007 3:56 pm UTC

Re: "Security" discussion

Postby jareds » Tue Feb 03, 2009 5:32 pm UTC

mikeditka wrote:I consider myself somewhat tech savvy, and with a math major I at least have a ballpark notion of most mathematical concepts, yet something is still bugging me. What is the point of 256, 512, 1024, etc. encryption when the password used to unlock said encryption is only 20 (and likely fewer) characters in length? Isn't it irrelevant for the key size to be 1 x 10^77 digits in length if the actual password has far less entropy? What's the point of brute forcing something far larger than the number of protons in the Universe when you can just brute force the password? Am I completely missing some key insight? I suppose it would make sense if there was a lockout feature after 5 failed password attempts or something, but if not, why in the world would anyone try to attack the HUGE number versus the miniscule number?

Thanks.

  1. The most common use of encryption is not disk or file encryption, where the key is likely to be derived from a password or passphrase, but network encryption, where the key is almost never derived from a passphrase. People aren't going to use crappy encryption for the latter just because passwords are used for the former.
  2. Symmetric key sizes correspond roughly to bits of entropy in the password, in that the best attack on both is generally brute force. Usually a key derivation function is used on a password so you can add maybe 10 bits to the password entropy for rough correspondence.
  3. The largest symmetric key size anyone really uses is 256 bits. The larger sizes you're talking about for for asymmetric keys (that is, public key (RSA, etc.)). As someone else pointed out, a 1024-bit RSA key corresponds maybe to an 80-bit symmetric key. This is because better than brute force attacks are possible.
  4. You want to offer key sizes that are appropriate for use with good passwords, not crappy passwords.
  5. One reason for use of 256-bit symmetric keys is that if attacks are found on the algorithm, there is a margin of security.
  6. Generally file/disk encryption software that gives you an option of ciphers lets you pick a 128-bit or 256-bit key size, and 128 isn't that high. When you take into account the use of a key derivation function and a margin of safety, and the convenience of powers of 2, 128 is not a bad lower bound to offer.
It is of course correct that at least 99.9% of users of disk encryption will be fine with any of the ciphers offered by any reputable program, and probably the best choice is thus whichever is fastest.

User avatar
Kadzar
Posts: 110
Joined: Wed Nov 05, 2008 2:40 am UTC

Re: "Security" discussion

Postby Kadzar » Tue Feb 03, 2009 5:44 pm UTC

RanCorp wrote:
cyberblade wrote:Well, you're free to dislike or like whomever. ... Why don't you take issue with the quotes I posted if you think there's something wrong with them instead of just ranting about the author.

Logic is irrelevant to someone who thinks "A = A" is the basis for a philosophy. We call that a tautology. Do you argue with deranged people? I don't. I don't have time to try to convince amoralists and anarchists that they deserve no role in defining a society and its rules. I don't accept their arguments as ingenuous, for one thing. They don't seek a moral state, they seek unending advantage and acquisition. They are dishonorable and arguing with them only lends them status and helps them hone their disingenuous arguments.
Maybe, instead of trying to convince people you disagree with into sharing your views, you should try actually listening to (or reading) what they have to say. I don't agree with anything Rand has said, but a little criticism can show the flaws in your ideas.
Geogriffith wrote:
Dad, where is Grandpa right now?

"His source code was forked, backups moved off-site, and merged with a compatible project with similar goals. As was mine, as will yours be, someday."
Some Sort of Shuriken-Based Propulsion

cyberblade
Posts: 73
Joined: Tue Jul 08, 2008 4:38 pm UTC

Re: "Security" discussion

Postby cyberblade » Tue Feb 03, 2009 5:52 pm UTC

birkett wrote:
cyberblade wrote:
jlamothe wrote:
benbald72 wrote:Also, is it possible to encrypt things in such a way that if one key is given the information gets decrypted, but if a different key is given the information gets erased?

No.

EDIT: Well, maybe. The ironkey is probably about as close as the average civilian is going to get.


Well, there are a few other options if you're handy with wiring... Solder the case shut and make it so that attempts to open the case ignite the thermite around the HDD, similarly have the thermite be able to be triggered by a certain boot password... I'm sure it could be done, and it's the only way I can think of to destroy the data on your hard disk quickly... Thermite is fairly easy to make, and the wiring seems to be pretty simple...


You are clearly a very brave man... I mean, malware can be pretty bad when all it can do is steal your dataz, but with that laptop you open the wrong email and you're wondering why your legs are evaporating...


Well, to be honest, I have never thought of how that could work with a laptop... I'm guessing you'd need to take one of those old big laptops (from the early 90's) then fill the case with new, small parts to leave space for the thermite... (This is also how I've imagined an easy way to get illegal materials through airport security-as you have a functioning laptop, and no TSA agent I know will disassemble a laptop case if it powers on.)

RanCorp wrote:
cyberblade wrote:Well, you're free to dislike or like whomever. ... Why don't you take issue with the quotes I posted if you think there's something wrong with them instead of just ranting about the author.

Logic is irrelevant to someone who thinks "A = A" is the basis for a philosophy. We call that a tautology. Do you argue with deranged people? I don't. I don't have time to try to convince amoralists and anarchists that they deserve no role in defining a society and its rules. I don't accept their arguments as ingenuous, for one thing. They don't seek a moral state, they seek unending advantage and acquisition. They are dishonorable and arguing with them only lends them status and helps them hone their disingenuous arguments.

Randianism and Libertarianism are beneath contempt to me.

RanCorp


So disagreeing with the philosophy of an author means that everything they said was wrong?

I didn't agree with Plato, or Marx, or Mao or even Rand (as I noted with my quote)-but they still all make some interesting points, if only for discussion. All you do is rant about the author, without even talking about what I actually quoted. You're starting to fall under the same umbrella you claim the author of those quotes is in-someone to whom logic is irrelevant (in certain cases that is, as I would hope that you are a more logical type than these rants of yours would otherwise indicate).

I have no interest in what you think about the author, or those philosophies you feel are "beneath contempt". (As a side note, if they were actually "beneath contempt" to you, you shouldn't have gotten so worked up nor expressed yourself so strongly. It is quite clear that you actually find them contemptible.) But please, do feel free to discuss the actual quotes I used-whether you disagree or agree, or whatever your sentiments about the ideas in those quotes.

sakeniwefu
Posts: 170
Joined: Sun May 11, 2008 8:36 pm UTC

Re: "Security" discussion

Postby sakeniwefu » Tue Feb 03, 2009 6:49 pm UTC

How wrong this comic was!
:wink:

cyberblade
Posts: 73
Joined: Tue Jul 08, 2008 4:38 pm UTC

Re: "Security" discussion

Postby cyberblade » Tue Feb 03, 2009 6:56 pm UTC

sakeniwefu wrote:How wrong this comic was!
:wink:


I would have thought you would be going for this comic.... Your link was interesting though.

User avatar
unpure.intervention
Posts: 13
Joined: Fri Oct 31, 2008 1:52 pm UTC
Location: the internets, apparently.
Contact:

Re: "Security" discussion

Postby unpure.intervention » Tue Feb 03, 2009 8:23 pm UTC

HaHa!
That's a spanner not a wrench!
I win, Mr. Munroe!
We are Androgynous. We are legume. We do not fork IV. We do not "4 get!". Axe pecked TOS.

User avatar
Kartoffelkopf
Posts: 134
Joined: Sat Jan 26, 2008 9:44 am UTC

Re: "Security" discussion

Postby Kartoffelkopf » Tue Feb 03, 2009 9:38 pm UTC

sje46 wrote:Randall, not funny.

My father was once beaten with a wrench.

Not cool, not funny, not a good comic.

Is this a joke along the lines of 'not funny, my brother died that way' or are you just being an attention whore?

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: "Security" discussion

Postby sje46 » Tue Feb 03, 2009 9:40 pm UTC

Kartoffelkopf wrote:
sje46 wrote:Randall, not funny.

My father was once beaten with a wrench.

Not cool, not funny, not a good comic.

Is this a joke along the lines of 'not funny, my brother died that way' or are you just being an attention whore?

My post count is too high to be a troll, silly :)
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

User avatar
Kartoffelkopf
Posts: 134
Joined: Sat Jan 26, 2008 9:44 am UTC

Re: "Security" discussion

Postby Kartoffelkopf » Tue Feb 03, 2009 9:47 pm UTC

So...which is it? ;)

Adventurer wrote:
Nathanb wrote:Now retna scanners are a little more difficult to fool.

Depends how ruthless you're willing to get. Ever seen Minority Report? :twisted:

Actually I have no idea whether an eyeball that has been physically removed from the socket would pass a retinal scan. Given that the retinal signature is based on the unique pattern of capilliaries on the retina, wouldn't the absence of blood-flow alter the signature?

RAIDEN. THE RETINAL SCANNER ONLY WORKS ON LIVING TISSUE. A DRUGGED OR DEAD GUARD WILL NOT WORK





:/

benbald72
Posts: 7
Joined: Tue Feb 03, 2009 4:37 am UTC

Re: "Security" discussion

Postby benbald72 » Wed Feb 04, 2009 12:15 am UTC

birkett wrote:
cyberblade wrote:
jlamothe wrote:
benbald72 wrote:Also, is it possible to encrypt things in such a way that if one key is given the information gets decrypted, but if a different key is given the information gets erased?

No.

EDIT: Well, maybe. The ironkey is probably about as close as the average civilian is going to get.


Well, there are a few other options if you're handy with wiring... Solder the case shut and make it so that attempts to open the case ignite the thermite around the HDD, similarly have the thermite be able to be triggered by a certain boot password... I'm sure it could be done, and it's the only way I can think of to destroy the data on your hard disk quickly... Thermite is fairly easy to make, and the wiring seems to be pretty simple...


You are clearly a very brave man... I mean, malware can be pretty bad when all it can do is steal your dataz, but with that laptop you open the wrong email and you're wondering why your legs are evaporating...


Thermite, eh? That gives me another idea. You could have the keyfile stored on a flash drive among many other files, and set it up so that if the wrong keyfile is used the flash drive gets destroyed. Also, with the flash drive, the person in the comic could just mail it to someone else, and then the terrorists or whatever they are would maybe be able to get a location out of him, but would have to pay for airfare to fly to wherever that is, thus raising the cost to above $5.

User avatar
TheManInTheHat
Posts: 49
Joined: Sun Feb 01, 2009 9:32 pm UTC
Location: The Inter-Blag

Re: "Security" discussion

Postby TheManInTheHat » Wed Feb 04, 2009 12:42 am UTC

sje46 wrote:
Kartoffelkopf wrote:
sje46 wrote:Randall, not funny.

My father was once beaten with a wrench.

Not cool, not funny, not a good comic.

Is this a joke along the lines of 'not funny, my brother died that way' or are you just being an attention whore?

My post count is too high to be a troll, silly :)

I think you are an "attention whore" I mean my friend Olivia doesn't even seem to be bothered by "your mama" jokes and her mom died 2 years ago.
enigmad555 wrote:10/9 the man in hat is amazingly epic

boobafett
Posts: 1
Joined: Wed Feb 04, 2009 2:15 am UTC

Re: "Security" discussion

Postby boobafett » Wed Feb 04, 2009 2:18 am UTC

further proof xkcd is going downhill...

kenethare
Posts: 1
Joined: Wed Feb 04, 2009 3:32 am UTC

$5 wrenches

Postby kenethare » Wed Feb 04, 2009 3:39 am UTC


User avatar
demadaha
Posts: 39
Joined: Wed Nov 05, 2008 12:29 am UTC

Re: "Security" discussion

Postby demadaha » Wed Feb 04, 2009 3:48 am UTC

Kartoffelkopf wrote:RAIDEN. THE RETINAL SCANNER ONLY WORKS ON LIVING TISSUE. A DRUGGED OR DEAD GUARD WILL NOT WORK



A metal gear reference? You win in my book. I'm not sure what you win, but you win.
Warning: Post may contain lame, overused reference.
That's no reference! It's a space station!

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: "Security" discussion

Postby sje46 » Wed Feb 04, 2009 4:53 am UTC

TheManInTheHat wrote:
sje46 wrote:
Kartoffelkopf wrote:
sje46 wrote:Randall, not funny.

My father was once beaten with a wrench.

Not cool, not funny, not a good comic.

Is this a joke along the lines of 'not funny, my brother died that way' or are you just being an attention whore?

My post count is too high to be a troll, silly :)

I think you are an "attention whore" I mean my friend Olivia doesn't even seem to be bothered by "your mama" jokes and her mom died 2 years ago.

Tis also quite possible that my father was never beaten by a wrench, and I am using a meme developed on the comment threads for another popular webcomic?
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

User avatar
waltwhitmanheadedbat
Posts: 98
Joined: Thu Oct 18, 2007 10:45 am UTC
Location: Yes.

Re: "Security" discussion

Postby waltwhitmanheadedbat » Wed Feb 04, 2009 5:08 am UTC

The_Dean_Man wrote:
Phaden wrote:I know what I would do with a $5 wrench

*mumble, mumble senator paylen, stupid, mumble, russia, mumble*

Sorry i havnt read the whole thread but just wanted 2 say its governor palin and no u cannot c russia from her house. (Am i the only republican that reads XKCD?)


This is about two tangents offtopic, but I'm a registered libertarian if that counts for anything. I'm guessing...not very much.

There are a few registered republicans on the IRC though, so no, you're not.

User avatar
dennisw
Posts: 441
Joined: Wed Nov 05, 2008 9:09 am UTC
Location: Appearing pro se AND pro bono!
Contact:

Re: "Security" discussion

Postby dennisw » Wed Feb 04, 2009 6:25 am UTC

unpure.intervention wrote:HaHa!
That's a spanner not a wrench!
I win, Mr. Munroe!

#ifdef en-US
#undef spanner
#endif
Try the Printifier for xkcd. You can now scale the comic between 50 and 150%.

I find these very useful: Common Errors in English Usage (web site) and Eats, Shoots & Leaves (book). You may, too.

e pluribus unum
Unleash unlicensed ungulates!

User avatar
dcxk
Posts: 31
Joined: Tue Jul 22, 2008 5:16 am UTC

Re: "Security" discussion

Postby dcxk » Fri Feb 06, 2009 1:37 am UTC

To pretty much everyone who's posted; ¡This cheese is soldering my rectum!

To anyone hiding data in images; don't use jpeg because it's lossy. And don't leave the data plain after the image, hide it in the less significant bits of each pixel or, better yet, convert to another color space, hide it there and revert. Best yet, hide it in the dct as per watermarks.

Personally, I hide all my sensitive information in...nice try.
Last edited by dcxk on Tue Apr 07, 2009 2:06 am UTC, edited 1 time in total.
She shatters the chains.~ Peter Kropotkin

RanCorp
Posts: 65
Joined: Thu Oct 16, 2008 1:49 pm UTC

Life v. Art

Postby RanCorp » Mon Feb 16, 2009 2:14 pm UTC

Hi,

ZDNet blogger Oliver Marks is apparently an xkcd afficionado: http://blogs.zdnet.com/collaboration/?p=334


RanCorp

I-O
Posts: 6
Joined: Wed Feb 11, 2009 5:37 pm UTC

Re: "Security" discussion

Postby I-O » Mon Feb 16, 2009 7:51 pm UTC

Additives wrote:How to get a wrentch for less than $5:

Buy a cheep screwdriver. you gan get them for about a dollar. Intimidate the storeclerk into handing over a wrench, and then tip him $4 to forget your face.


you can find wenches for under $5 on ebay tho, i still would go though this method.

i know random acts of violence are fun and all, however can you just boot his computer with something like puppy Linux then just copy all the data you want? that would be the ninja (MY) way of doing it!

cyberblade
Posts: 73
Joined: Tue Jul 08, 2008 4:38 pm UTC

Re: "Security" discussion

Postby cyberblade » Mon Feb 16, 2009 8:11 pm UTC

I-O wrote:you can find wenches for under $5 on ebay tho


Wenches for under 5 dollars??

I guess the economy has hit all professions hard...

scarletmanuka
Posts: 533
Joined: Wed Oct 17, 2007 4:29 am UTC
Location: Perth, Western Australia

Re: "Security" discussion

Postby scarletmanuka » Thu Feb 19, 2009 2:30 am UTC

pyroman wrote:Any security system is only as strong as its weakest link. Which is why i laugh anytime someone uses a combo lock on something as i can get those open faster than they can enter in the combo with just a soda can.

Well, of course you can. But is that really a fair test? You could at least let them use their fingers like they normally would - it's really hard to turn those dials accurately using just a soda can... :D


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Google Feedfetcher and 42 guests