0364: "Responsible Behavior"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
pinkgothic
Posts: 140
Joined: Sat Dec 29, 2007 5:47 pm UTC
Location: Germany
Contact:

Re: "Responsible Behavior" Discussion

Postby pinkgothic » Mon Dec 31, 2007 6:18 pm UTC

Damn... what a comic to read after I got drunk for the first time in my life, yesterday, (if only lightly so - no hangover), with the fellow who hosts some of my websites (he lives in the US and is just visiting Berlin for a few days). Hilarity - in a creepy way.
Stuff: own scribblings; favourite mewsic: luxuria & @440; underrated game

iabervon
Posts: 59
Joined: Fri Nov 03, 2006 5:25 am UTC

Re: "Responsible Behavior" Discussion

Postby iabervon » Mon Dec 31, 2007 7:12 pm UTC

If only he'd picked a sufficiently good passphrase to protect his secret key. In this case, "sufficiently good" means "something you can't type while drunk". Although it's embarrassing at the time to find yourself physically incapable of signing somebody's key, you'll thank yourself later.

Wade M
Posts: 12
Joined: Sat Sep 01, 2007 7:27 am UTC
Contact:

Re: "Responsible Behavior" Discussion

Postby Wade M » Mon Dec 31, 2007 7:21 pm UTC

This one hit me _real_ good, got the good old, lol in real life (http://lolirl.com). I'm one of the few folks on here coming from a Info Sec background I guess.

Happy New Year to all!

--Wade
Looking for balance? Try http://themiddleway.net

The_Barbarian
Posts: 20
Joined: Sat Dec 08, 2007 3:03 am UTC
Location: Seattle, WA, US
Contact:

Re: "Responsible Behavior" Discussion

Postby The_Barbarian » Mon Dec 31, 2007 7:38 pm UTC

ScottTFrazer wrote:I personally like the juxtaposition of key _signing_ parties vs. the the old fashioned key parties.

There's usually alcohol involved in those as well.


I know what a key signing party is, and got the comic immediately, but what is a "key party"?

User avatar
bcdm
Posts: 23
Joined: Sun Sep 23, 2007 7:05 pm UTC
Location: Vancouver, BC, Canada

Re: "Responsible Behavior" Discussion

Postby bcdm » Mon Dec 31, 2007 7:59 pm UTC

The_Barbarian wrote:
ScottTFrazer wrote:I personally like the juxtaposition of key _signing_ parties vs. the the old fashioned key parties.

There's usually alcohol involved in those as well.


I know what a key signing party is, and got the comic immediately, but what is a "key party"?


Oh, son, you just haven't lived yet, have you?

http://en.wikipedia.org/wiki/Lock_and_key_party

Ain't no thang like a swingin' thang...

(um...not that I'd know...*cough mutter mutter hides*)

MissingDividends
Posts: 161
Joined: Fri May 25, 2007 8:59 pm UTC
Location: Cambridge, MA
Contact:

Re: "Responsible Behavior" Discussion

Postby MissingDividends » Mon Dec 31, 2007 11:09 pm UTC

The_Barbarian wrote:
ScottTFrazer wrote:I personally like the juxtaposition of key _signing_ parties vs. the the old fashioned key parties.

There's usually alcohol involved in those as well.


I know what a key signing party is, and got the comic immediately, but what is a "key party"?

You. Intro Thread. It's there for a reason.

bcdm wrote:Oh, son, you just haven't lived yet, have you?

http://en.wikipedia.org/wiki/Lock_and_key_party

Ain't no thang like a swingin' thang...

(um...not that I'd know...*cough mutter mutter hides*)

Wow. I was ready to reply with "there's no such thing as a key party" and then link to http://en.wikipedia.org/wiki/Typo, but you learn something new every day.

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: "Responsible Behavior" Discussion

Postby Workaphobia » Mon Dec 31, 2007 11:48 pm UTC

Technically, you're not supposed to bring computers to key signing parties, so you'd think that if he was really that drunk he would've gone home and collapsed rather than boot up his machine, interact with a graphical or command line interface, read the public key fingerprint, obtain the proper key matching said fingerprint, and perform the signature operation. Still damn funny though.

Does PGP have a concept of signature revocation like it does for key revocation, or is the character in this comic pretty much a pariah now?
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

photosinensis
Posts: 163
Joined: Wed Aug 22, 2007 6:17 am UTC

Re: "Responsible Behavior" Discussion

Postby photosinensis » Tue Jan 01, 2008 1:30 am UTC

You know, we should have one massive XKCD key-signing party. I'll bring the tequila.
While I clicked my fav'rite bookmark, suddenly there came a warning,
And my heart was filled with mournng, mourning for my dear amour.
"'Tis not possible!" I uttered, "Give me back my free hardcore!"
Quoth the server: 404.

The_Barbarian
Posts: 20
Joined: Sat Dec 08, 2007 3:03 am UTC
Location: Seattle, WA, US
Contact:

Re: "Responsible Behavior" Discussion

Postby The_Barbarian » Tue Jan 01, 2008 3:05 am UTC

MissingDividends wrote:You. Intro Thread. It's there for a reason.


Err, sorry, I have never seen a forum that required an intro post. :oops:
My intro has now been posted.

DavidF
Posts: 12
Joined: Sat Dec 29, 2007 4:53 am UTC

Re: "Responsible Behavior" Discussion

Postby DavidF » Tue Jan 01, 2008 4:01 am UTC

Workaphobia wrote:Technically, you're not supposed to bring computers to key signing parties


Oh? What's the theory behind that?

Does PGP have a concept of signature revocation like it does for key revocation, or is the character in this comic pretty much a pariah now?


I don't think so, but I could be wrong. It would be a good thing.

David

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: "Responsible Behavior" Discussion

Postby Workaphobia » Tue Jan 01, 2008 4:09 am UTC

DavidF wrote:
Workaphobia wrote:Technically, you're not supposed to bring computers to key signing parties


Oh? What's the theory behind that?

According to Wikipedia,
Although PGP keys are generally used with personal computers for Internet-related applications, key signing parties themselves generally don't involve computers, since that would give adversaries increased opportunities for subterfuge.

If you bring a laptop to a key signing party, you have to worry about the physical security of your laptop and private key for the entire duration of the the party. Moreover, because every individual needs to be careful, the security and trusthworthyness of the entire system decreases. There's no need to sign at the party; simply confirm the person's identity, binding it to a fingerprint that you write down next to their contact information. When you go back home, obtain from them the public key that produces that fingerprint and sign it in the safety of your house.
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

User avatar
Coldcell
Posts: 14
Joined: Tue Jul 03, 2007 6:50 am UTC
Location: Mostly on IRC, mostly...
Contact:

Re: "Responsible Behavior" Discussion

Postby Coldcell » Tue Jan 01, 2008 5:06 am UTC

Workaphobia wrote:if he was really that drunk he would've gone home and collapsed rather than boot up his machine, interact with a graphical or command line interface, read the public key fingerprint, obtain the proper key matching said fingerprint, and perform the signature operation.


You do know you're talking about Randall Munroe here?
Yeah...

User avatar
Rhombix
Posts: 45
Joined: Wed Nov 21, 2007 9:38 pm UTC

Re: "Responsible Behavior" Discussion

Postby Rhombix » Tue Jan 01, 2008 5:53 am UTC

I've been awake for about 12 hours, and I live in GMT 0.

God I'm glad I've never been addicted to alcohol :idea:

User avatar
Zaraden
Posts: 30
Joined: Thu Nov 01, 2007 6:27 pm UTC
Location: Canada

Re: "Responsible Behavior" Discussion

Postby Zaraden » Tue Jan 01, 2008 7:52 am UTC

I don't know anything about EXIF data, but when I downloaded and opened the original comic #50 (http://www.xkcd.com/50/) with an online EXIF viewer here, I got this other picture, which I think is the original one that Randall took with his Canon PowerShot A520, maybe? Maybe not, I don't know but check it out.

Here's what I got, but I don't know how long these guys keep images on their servers, so if it doesn't show up, just open the comic at that website and it will give it to you.

Image

EDIT:
ReiVaX18 wrote:So anyone noticed that strip #50 has EXIF data?
Let epsilon be less than zero...

User avatar
Bingo Little
Posts: 80
Joined: Sat Dec 29, 2007 8:37 am UTC

Re: "Responsible Behavior" Discussion

Postby Bingo Little » Tue Jan 01, 2008 11:00 am UTC

I didn't originally get it, and of course misreading Public as Pubic didn't really help.

User avatar
fnsnet
Posts: 9
Joined: Wed Dec 26, 2007 4:39 am UTC
Location: Franklin, VA / Mosul, Iraq
Contact:

Re: "Responsible Behavior" Discussion

Postby fnsnet » Tue Jan 01, 2008 11:29 am UTC

Wade M wrote:I'm one of the few folks on here coming from a Info Sec background I guess.


/me raises his hand

I'm Info Sec too. Information Management Officer / Information Assurance in the Army :)
- Matt

"If you have an apple, and I have an apple, and we exchange apples, you and I will still only have one apple.
But if you have an idea and I have an idea, and we exchange ideas, then each of us will have two ideas"

- George Bernard Shaw

User avatar
Cynical Jawa
Posts: 63
Joined: Mon Aug 20, 2007 6:05 pm UTC
Location: Aberdeen, UK

Re: "Responsible Behavior" Discussion

Postby Cynical Jawa » Tue Jan 01, 2008 12:14 pm UTC

Zaraden wrote:Image


I got that when I downloaded the original "It works, bitches!" comic to put on my physics folder this year (I decided that my teacher wouldn't appreciate the word "bitches", so it's an Aperture Science logo instead).

Out of curiosity, how many of you folks actually use PGP/similar on regular basis?

User avatar
tradiuz
Posts: 298
Joined: Fri Oct 05, 2007 5:19 am UTC

Re: "Responsible Behavior" Discussion

Postby tradiuz » Tue Jan 01, 2008 2:36 pm UTC

Finger. I remember when I used to finger people to get their schedule. Good ol' days of IRC.
All My Mushrooms wrote:I'm practicing abstinence until someone offers me sex.

User avatar
Hurduser
Posts: 285
Joined: Tue Dec 04, 2007 6:14 pm UTC
Location: Esperantujo

Re: "Responsible Behavior" Discussion

Postby Hurduser » Tue Jan 01, 2008 8:32 pm UTC

I loled... since I read it today and with a hangover it was even more funny.
Frag mal nach im IRC
'zum Kotzen' das heisst dort XP.
Win2k, nur so zum staunen,
hat mehr Bugs als nur zweitausend.

User avatar
M.qrius
Rainbow Brite
Posts: 519
Joined: Sat Nov 10, 2007 12:54 am UTC
Location: Rainbow's end
Contact:

Re: "Responsible Behavior" Discussion

Postby M.qrius » Tue Jan 01, 2008 11:55 pm UTC

Zaraden wrote:Image

Cool :D It's like an easter-egg in most of the older comics :)

nick
Posts: 14
Joined: Sat Nov 03, 2007 2:01 am UTC

Re: "Responsible Behavior" Discussion

Postby nick » Wed Jan 02, 2008 2:21 am UTC

Cynical Jawa wrote:Out of curiosity, how many of you folks actually use PGP/similar on regular basis?

And what for? Unless it's work related, gotta be illegal subterfuge going on.
Then again, since they're spying on everyone these days, I'm inclined to do it just to fuck with them. ;)

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: "Responsible Behavior" Discussion

Postby Workaphobia » Wed Jan 02, 2008 4:05 am UTC

nick wrote:Unless it's work related, gotta be illegal subterfuge going on.

No! Bad user! No cookie!

nick wrote:Then again, since they're spying on everyone these days, I'm inclined to do it just to fuck with them. ;)

I'm inclined to generate 700 MB of one time pad data, burn it to a CD to share with my friends, and encrypt all my communications with them. I'm just too lazy to actually implement that plan.
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

User avatar
williamager
Posts: 299
Joined: Wed Dec 27, 2006 9:32 am UTC
Location: Aldeburgh, Suffolk (actually US...)
Contact:

Re: "Responsible Behavior" Discussion

Postby williamager » Wed Jan 02, 2008 10:27 am UTC

nick wrote:
Cynical Jawa wrote:Out of curiosity, how many of you folks actually use PGP/similar on regular basis?

And what for? Unless it's work related, gotta be illegal subterfuge going on.
Then again, since they're spying on everyone these days, I'm inclined to do it just to fuck with them. ;)


I use GPG for personal reasons. However, after spending some time trying to write an explanation of my usage, I decided that it probably wouldn't be wise to do so. It suffices to say that not all information should be publicly accessible.
Do I dare
Disturb the universe?
In a minute there is time
For decisions and revisions which a minute will reverse

User avatar
Hurduser
Posts: 285
Joined: Tue Dec 04, 2007 6:14 pm UTC
Location: Esperantujo

Re: "Responsible Behavior" Discussion

Postby Hurduser » Wed Jan 02, 2008 4:26 pm UTC

Cynical Jawa wrote:Out of curiosity, how many of you folks actually use PGP/similar on regular basis?


I do. it DOES only make sense if it is regularly used...
Frag mal nach im IRC
'zum Kotzen' das heisst dort XP.
Win2k, nur so zum staunen,
hat mehr Bugs als nur zweitausend.

OskarS
Posts: 13
Joined: Fri Dec 28, 2007 11:40 am UTC

Re: "Responsible Behavior" Discussion

Postby OskarS » Thu Jan 03, 2008 1:47 am UTC

Workaphobia wrote:I'm inclined to generate 700 MB of one time pad data, burn it to a CD to share with my friends, and encrypt all my communications with them. I'm just too lazy to actually implement that plan.


NO! BAD CRYPTOGRAPHY!!

Two issues here:

1) If you mean "generate 700 MB of one time pad data" as "I'm gonna let some rand() spit out some data", then your encryption would barely be baby proof. Make sure it is truly random, like thermal noise or throwing a die a few billion times.

2) I'm sorry, but you're going to distribute it to your "friends"? Plural? What part of "one time" in "one time pad" don't you get? A one time pad used twice is useless (well, not quite, but basically useless). Which is why the entire system is basically useless, the logistics of the one time pad are murder.

If you want to annoy Big Brother, don't try your hand at some dinky crypto-scheme you cooked up in your garage (they love it when people do that), use real, proven methods implemented by experts. Like PGP/GPG or for data something like TrueCrypt. They're far easier to use and WAAAY, WAAAAAAAAAAY more secure.

User avatar
williamager
Posts: 299
Joined: Wed Dec 27, 2006 9:32 am UTC
Location: Aldeburgh, Suffolk (actually US...)
Contact:

Re: "Responsible Behavior" Discussion

Postby williamager » Thu Jan 03, 2008 3:12 am UTC

OskarS wrote:
Workaphobia wrote:I'm inclined to generate 700 MB of one time pad data, burn it to a CD to share with my friends, and encrypt all my communications with them. I'm just too lazy to actually implement that plan.


NO! BAD CRYPTOGRAPHY!!

Two issues here:

1) If you mean "generate 700 MB of one time pad data" as "I'm gonna let some rand() spit out some data", then your encryption would barely be baby proof. Make sure it is truly random, like thermal noise or throwing a die a few billion times.


While use of rand() itself might be inadvisable, most modern operating systems implement PRNGs that appear to be mostly secure. While there are certainly attack methods, they generally seem involve control of all entropy sources. If you believe these to be insecure, then surely you cannot recommend GPG?

2) I'm sorry, but you're going to distribute it to your "friends"? Plural? What part of "one time" in "one time pad" don't you get? A one time pad used twice is useless (well, not quite, but basically useless). Which is why the entire system is basically useless, the logistics of the one time pad are murder.


Given his statement, I assume that Workaphobia intended to use the system for writing messages meant for all of his friends, rather than for messages to individual friends. While I am by no means an expert in the field, I fail to see how this would require the OTP to be used twice. In fact, I'm not sure why this would be required even if it were used to send messages to individual friends, though clearly each friend would be able to decrypt every message.

If you want to annoy Big Brother, don't try your hand at some dinky crypto-scheme you cooked up in your garage (they love it when people do that), use real, proven methods implemented by experts. Like PGP/GPG or for data something like TrueCrypt. They're far easier to use and WAAAY, WAAAAAAAAAAY more secure.


While I can agree that nearly all encryption algorithms devised in such a manner are weak, a properly devised one time pad scheme should be more secure than GPG.
Do I dare
Disturb the universe?
In a minute there is time
For decisions and revisions which a minute will reverse

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: "Responsible Behavior" Discussion

Postby Workaphobia » Thu Jan 03, 2008 4:34 am UTC

Hurduser wrote:
Cynical Jawa wrote:Out of curiosity, how many of you folks actually use PGP/similar on regular basis?


I do. it DOES only make sense if it is regularly used...


So, in lieu of actually doing the research myself, how well does it integrate with your desktop experience? I never really experimented with it beyond some front-end for it that could handle files, and shell integration under konqueror. Do you use it in a more complicated way than that, or does that suffice? Do/would you use the same keys between gpg and other cryptographic applications, such as encrypted IM communications?

OskarS wrote:
Workaphobia wrote:I'm inclined to generate 700 MB of one time pad data, burn it to a CD to share with my friends, and encrypt all my communications with them. I'm just too lazy to actually implement that plan.


NO! BAD CRYPTOGRAPHY!!

Two issues here:

1) If you mean "generate 700 MB of one time pad data" as "I'm gonna let some rand() spit out some data", then your encryption would barely be baby proof. Make sure it is truly random, like thermal noise or throwing a die a few billion times.

Heh, give me a small amount of credit, I'm not going to be catting from /dev/urandom. But I was wondering what would be a good (preferably cheap) method to generate bulk entropy. I was actually wondering if it would be feasible to capture static television signal on a TV card for that purpose. I think there are supposedly a few other poor-man's methods like catting sound card line in noise
OskarS wrote:2) I'm sorry, but you're going to distribute it to your "friends"? Plural? What part of "one time" in "one time pad" don't you get? A one time pad used twice is useless (well, not quite, but basically useless). Which is why the entire system is basically useless, the logistics of the one time pad are murder.

Again you underestimate me. :) It's relatively simple to avoid this problem with minor modifications. For instance, if you can securely communicate how many bytes from the beginning of the pad are exhausted, that takes care of it. One way to do this, off the top of my head, would be to reserve a few bytes in well-known locations for sending this cumulative byte count at agreed-upon times, and then perhaps adding constraints on who's allowed to hold a conversation at what times. Or, a much more simple solution is to partition the OTP pairwise so every two people can communicate with a unique piece of the pad - and since each of the friends are given complete trust it does not matter that they receive the same CD.
OskarS wrote:If you want to annoy Big Brother, don't try your hand at some dinky crypto-scheme you cooked up in your garage (they love it when people do that), use real, proven methods implemented by experts. Like PGP/GPG or for data something like TrueCrypt. They're far easier to use and WAAAY, WAAAAAAAAAAY more secure.

Let's assume that we're only worried about network insecurity, and that things like surveillance vans sitting outside my house 24/7 are outside the domain of this problem. Then I don't see how you could convince me that a system using truly random bits that are preshared could possibly be less secure than PGP, especially given the ease of implementation. On the one hand, we could xor a string with a key and transmit the result. On the other, we could perform a very complicated sequence of operations using an algorithm that some suspect has already been broken by the NSA, implemented by software whose exact workings are public knowledge (not that I'm arguing that OSS is less secure). Besides, wouldn't it confuse the authorities more if everyone didn't use the exact same implementation?
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

OskarS
Posts: 13
Joined: Fri Dec 28, 2007 11:40 am UTC

Re: "Responsible Behavior" Discussion

Postby OskarS » Thu Jan 03, 2008 8:29 am UTC

williamager wrote:While use of rand() itself might be inadvisable, most modern operating systems implement PRNGs that appear to be mostly secure. While there are certainly attack methods, they generally seem involve control of all entropy sources. If you believe these to be insecure, then surely you cannot recommend GPG?


The problem with using PRNGs with one time pads isn't what PRNG you're using, but the fact that there is a P prefixed to the RNG. You cannot use a pseudo-random number generator, since this is only as strong as its seed. If you had 700 MB of data, but used a seed thats a X bits long, you'd only have security of those X bits (which would need to be totally random to begin with). You could make the seed longer of course, but then you might as well use 256-bit AES (as it is monumentally, almost indecently, secure already). However, if you wish to make it totally and utterly uncrackable (as in: when the aliens land in a thousand year, not even they with their monumental super-quantum computing power could solve it), you'd need 700 mb of completely random data. That's a lot of die-throws.

Given his statement, I assume that Workaphobia intended to use the system for writing messages meant for all of his friends, rather than for messages to individual friends. While I am by no means an expert in the field, I fail to see how this would require the OTP to be used twice. In fact, I'm not sure why this would be required even if it were used to send messages to individual friends, though clearly each friend would be able to decrypt every message.


I interpreted it as he was going to use it to send messages (or data) to his friends. If he encrypted two different messages and sent it to two different friends, it would be trivial (as in you could probably do it with pen and paper) to extract the key and ruin his whole system.

While I can agree that nearly all encryption algorithms devised in a manner are weak, a properly devised one time pad scheme should be more secure than GPG.


Trivially speaking, this is true: if you are able to A) gather completely random data and B) only use the key once, then yes, it would be more secure. It would be completely secure, in fact. However there are a number of reasons why this is not advisable in the least:

1) Finding truly random data is HARD. One may think some data is random, but it is really not. Smart people with big computers could probably figure out some pattern.
2) If you ever messed up, only a little bit, and accidentally encrypted two messages with the same key, you're done. Your security is blown out the window. This is why one time pads are almost never used, it's useless for any needs where you have significant traffic. There is just too many keys.

and, most importantly

3) Modern cryptography is entirely dependent on peer-review. If one dude makes a system which he thinks is secure, he is almost certainly wrong (even if he is an expert). When 1000 experts look at the system and gives their ok, then it is probably secure. But only probably. Weaknesses in systems can be incredibly sneaky. David Kahn says it best in The Codebreakers (the ultimate tomb on the history of cryptography): "Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."

The fact is, PGP/GPG is secure. It rests on the scholarly works of decades of academia, and if you select a long enough key, ensure authenticity, and keep your key to yourself, it is entirely unbreakable, by any force on earth. It is ridiculous really to say that a system is "more secure", because even if that is theoretically true, PGP/GPG is completely unbreakable in this world of ours.

OskarS
Posts: 13
Joined: Fri Dec 28, 2007 11:40 am UTC

Re: "Responsible Behavior" Discussion

Postby OskarS » Thu Jan 03, 2008 9:09 am UTC

I wrote a really long response to the other guy, and I fear I will do it again. Apologies to all that are not that interested :) BTW, my previous answer might have sounded needlessly harsh, I just wanted to strongly discourage the notion. My passions get the better of me some times, I apologize :)

Workaphobia wrote:Heh, give me a small amount of credit, I'm not going to be catting from /dev/urandom. But I was wondering what would be a good (preferably cheap) method to generate bulk entropy. I was actually wondering if it would be feasible to capture static television signal on a TV card for that purpose. I think there are supposedly a few other poor-man's methods like catting sound card line in noise


The problem with any such system would be knowing that the data is really random. Such requires a fairly deep understanding about the math involved. I remember trying to get through the chapter on generating random numbers in The Art of Computer Programming, and while I could reasonably get through how to build PRNGs, I was completely lost on the random-number tests. Best leave that to the experts.

Again you underestimate me. :) It's relatively simple to avoid this problem with minor modifications. For instance, if you can securely communicate how many bytes from the beginning of the pad are exhausted, that takes care of it. One way to do this, off the top of my head, would be to reserve a few bytes in well-known locations for sending this cumulative byte count at agreed-upon times, and then perhaps adding constraints on who's allowed to hold a conversation at what times. Or, a much more simple solution is to partition the OTP pairwise so every two people can communicate with a unique piece of the pad - and since each of the friends are given complete trust it does not matter that they receive the same CD.


This would obviously work, and you wouldn't even need to communicate the offset securely: you can tell your friend the offset in plain text, if the key was truly random it wouldn't help your attackers one iota. But surely, you do see the logistical difficulties with this idea?

Let's assume that we're only worried about network insecurity, and that things like surveillance vans sitting outside my house 24/7 are outside the domain of this problem. Then I don't see how you could convince me that a system using truly random bits that are preshared could possibly be less secure than PGP, especially given the ease of implementation. On the one hand, we could xor a string with a key and transmit the result. On the other, we could perform a very complicated sequence of operations using an algorithm that some suspect has already been broken by the NSA, implemented by software whose exact workings are public knowledge (not that I'm arguing that OSS is less secure). Besides, wouldn't it confuse the authorities more if everyone didn't use the exact same implementation?


As I said in a previous post, in a perfect world with a perfect implementation, then yes obviously this would be more secure in a theoretical sense. I also said it was ridiculous to make that argument, because there is not a force on earth than can crack a (say) 4096-bit RSA key.

There is a cryptographic principle that few people are aware of called Kerckhoffs' Law: None of the security in a cryptographic system can reside in the system itself, all the security must lie within the key. It is inevitable that your system will be known (the Germans tried like hell to keep the Enigma secret, but inevitably there was a dude who leaked the machine to the French, who gave it to the Poles), so your argument that a system whose workings are public knowledge are less secure is laughed at by cryptologists. Aside from the One Time Pad, AES is the strongest symmetric cipher ever concieved (well, basically, you could qualify that, but you shouldn't, because you'd look like a fool), yet its workings are entirely in the open. I could implement it if I wished. Just look at the US government, all documents that are classified TOP SECRET are encrypted with 192 or 256-bit AES. If it's good enough for the Pentagon.....

The truth is PGP/GPG are secure. Use a long enough key, there is not a computer in the world that could crack it. As for ease of implementation, it's way easier to do than your system, all the hard work has already been done! Just install Thunderbird, GPG and Enigmail, and you're done! A child could do it! It is guaranteed to be secure (peer-review, to the rescue!) while your homecooked system would likely have some weakness. And it is has the benefit of being asymmetric (your system would have to require that you first have a secure channel of communication with your friends, not easy if they happen to be vacationing in Guatemala). There is a whole bunch of goodies that come with asymmetric cryptography. If a CIA agent would happen to get the bright idea to raid your pals house (which he likely would have, since he is staying in a surveillance van outside your house), using your method everything you ever sent to someone else would be compromised, your whole system would be ruined. If you used GPG, nothing would be ruined: the agent still wouldn't know your secret key.

There is in no way more security in programming your own system than using the ones already available. It's a cardinal rule in cryptography, don't make it yourself if there already is an implementation that has been proven to be secure. And you should be thankful for that: every day when you log in to your email account or your bank, you are using public key technology to ensure that you are safe from attackers. That's what SSL is. All communications using SSL are completely secure (unless you do foolish things like just clicking "OK" when warning signs pop up in your browser, which I guess most people do). If this stuff could be cracked, the internet would flat-out not work. You couldn't do anything at all without the world knowing your credit card number.

I really have more to say, but I think I've made enough references to obscure cryptographers. Again, I apologize for the length. I've made my point, and hopefully convinced you of the errors of your ways :P

Tengfred
Posts: 8
Joined: Mon May 07, 2007 2:29 pm UTC

Re: "Responsible Behavior" Discussion

Postby Tengfred » Thu Jan 03, 2008 9:54 am UTC

OskarS wrote:The truth is PGP/GPG are secure. Use a long enough key, there is not a computer in the world that could crack it.

Except Quantum Computers. I suppose they are not actually "in the world" at the moment though (nor are they likely to be anytime soon for that matter).

User avatar
williamager
Posts: 299
Joined: Wed Dec 27, 2006 9:32 am UTC
Location: Aldeburgh, Suffolk (actually US...)
Contact:

Re: "Responsible Behavior" Discussion

Postby williamager » Thu Jan 03, 2008 10:33 am UTC

OskarS wrote:I wrote a really long response to the other guy, and I fear I will do it again. Apologies to all that are not that interested :) BTW, my previous answer might have sounded needlessly harsh, I just wanted to strongly discourage the notion. My passions get the better of me some times, I apologize :)


I have found that assuming a lack of intelligence and prudence in other interlocutors, even when justified, as in my case, is generally not conducive to polite discussion, especially on this forum, and especially when the others may be asking questions for the sake of theory and pedanticism rather than from some firmly held belief or actual plan. The diligent reader will notice my own, actual, use of GPG mentioned earlier in this thread, and also the fact that I have been trying to respond to specific statements of yours, not trying to defend Workaphobia's actual proposal, which I didn't think was serious.

I also must admit that I find your statements concerning the security of GPG and SSL to be confusing. Certainly, the algorithms may be secure, but aren't the implementations dependent upon so many factors as to make claims like "guaranteed to be secure" and "completely unbreakable, by any force on earth" rather optimistic? After all, aren't rubber hoses, court orders, keyloggers, and rootkits rather effective at cracking such systems?
Do I dare
Disturb the universe?
In a minute there is time
For decisions and revisions which a minute will reverse

User avatar
mrorange
Something from Reservoir Dogs, perhaps?
Posts: 587
Joined: Wed Sep 05, 2007 4:46 am UTC
Location: frozen butthole of nowhere, Alaska

Re: "Responsible Behavior" Discussion

Postby mrorange » Thu Jan 03, 2008 5:00 pm UTC

its getting to read discussions like these that make me love xkcd and all the people who read it.
Truth be told/If I can be so bold/Your sig did inspire/What here did transpire/So that you would me admire/cause me to aspire/to greater heights/of lyrical plights.
-ThorFluff
BomanTheBear wrote: but then i started playing rugby and breakdancing.

mmcmonster
Posts: 26
Joined: Thu Aug 02, 2007 11:58 am UTC

Re: "Responsible Behavior" Discussion

Postby mmcmonster » Thu Jan 03, 2008 8:23 pm UTC

A continuation?

Is this (http://xkcd.com/358/) the party they were at? Did no one else get this? Remember, the party is real, while the people in the tree is the dream party. Makes total sense. :-)

User avatar
DeadCatX2
Posts: 240
Joined: Mon Dec 11, 2006 4:22 pm UTC
Contact:

Re: "Responsible Behavior" Discussion

Postby DeadCatX2 » Fri Jan 04, 2008 5:32 pm UTC

tradiuz wrote:Remember to practice safe hex.

And don't sign a minor's keys, either. You don't want to become a registered hex offender.


fnsnet wrote:Pleasure to be of assistance. :D

>.>
<.<
...that's what she said!

User avatar
Hurduser
Posts: 285
Joined: Tue Dec 04, 2007 6:14 pm UTC
Location: Esperantujo

Re: "Responsible Behavior" Discussion

Postby Hurduser » Mon Jan 07, 2008 4:48 pm UTC

photosinensis wrote:You know, we should have one massive XKCD key-signing party. I'll bring the tequila.

I loled when reading that!
Frag mal nach im IRC
'zum Kotzen' das heisst dort XP.
Win2k, nur so zum staunen,
hat mehr Bugs als nur zweitausend.

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: "Responsible Behavior" Discussion

Postby Workaphobia » Tue Jan 08, 2008 2:13 am UTC

OskarS wrote:I interpreted it as he was going to use it to send messages (or data) to his friends. If he encrypted two different messages and sent it to two different friends, it would be trivial (as in you could probably do it with pen and paper) to extract the key and ruin his whole system.

Hence why having a huge key is helpful, since I obviously can't reuse it.
OskarS wrote:1) Finding truly random data is HARD. One may think some data is random, but it is really not. Smart people with big computers could probably figure out some pattern.

My understanding was that while finding large quantities of entropy is a matter to take into account, it is not a show stopper; generating it isn't as difficult as it used to be in the days of Shannon and earlier.
OskarS wrote:2) If you ever messed up, only a little bit, and accidentally encrypted two messages with the same key, you're done. Your security is blown out the window.

Well, only those two messages, not the whole system. But I don't understand why we're worried about accidentally screwing up. It's not like I would personally select the indices of the bits to use for every message. Just like in every other cryptographic discussion, we assume that each party has a computer suitably secure and programmed to execute the cryptographic operations on its user's behalf. Anyway, if you compare the damage done by "screwing up" in an OTP system, with that done by screwing up in a reusable key system, it's a lot worse to leak a private key than it is to leak just two messages. Thus OTPs have the advantage if we neglect the difficulty of the additional key bits required.
OskarS wrote:This is why one time pads are almost never used, it's useless for any needs where you have significant traffic. There is just too many keys.

Significant traffic. What about IM communications or email or any other text communication? What about plaintext messages that leave grammatical information about the structure and intent of the message public, but make perfectly secure critical details such as dates and places?
OskarS wrote:3) Modern cryptography is entirely dependent on peer-review. If one dude makes a system which he thinks is secure, he is almost certainly wrong (even if he is an expert). When 1000 experts look at the system and gives their ok, then it is probably secure. But only probably. Weaknesses in systems can be incredibly sneaky. David Kahn says it best in The Codebreakers (the ultimate tomb on the history of cryptography): "Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."

The fact is, PGP/GPG is secure. It rests on the scholarly works of decades of academia, and if you select a long enough key, ensure authenticity, and keep your key to yourself, it is entirely unbreakable, by any force on earth. It is ridiculous really to say that a system is "more secure", because even if that is theoretically true, PGP/GPG is completely unbreakable in this world of ours.

The security of PGP/GPG rests on RSA (although I think it supports other alternatives), which in turn requires P != NP and even still might be breakable by the NSA. The security of OTPs is mathematically proven and beyond question. But you're likely talking about implementation flaws. There's a lot more that can go wrong in asymmetric cryptography calculations than in a simple xor-ing with a bit pattern. Sure, you can attack the network stack or the application using the OTP, but that's beyond the part of the problem I wish to model.

Really, I can just as easily use PGP over a OTP-encrypted channel, since I can't see how applying the xor operation either before or after the asymmetric operation is performed can possibly detract from the security of PGP. You wouldn't object to that, would you?

OskarS wrote:The problem with any such system would be knowing that the data is really random. Such requires a fairly deep understanding about the math involved. I remember trying to get through the chapter on generating random numbers in The Art of Computer Programming, and while I could reasonably get through how to build PRNGs, I was completely lost on the random-number tests. Best leave that to the experts.

Yes, using the sound card or something similar would probably not be the best idea based just on people's opinions of its randomness; if I did that I'd probably combine it with other systems as above. But surely there are certified trustworthy devices for this purpose.
OskarS wrote:This would obviously work, and you wouldn't even need to communicate the offset securely: you can tell your friend the offset in plain text, if the key was truly random it wouldn't help your attackers one iota. But surely, you do see the logistical difficulties with this idea?

One problem with sending it in plaintext would be that it could be modified, but then again I suppose that holds for the entire system as I've described it, since I didn't say anything about hashes or MACs. The logistical difficulties you mention are easily subsumed by the protocol/algorithm - my computer, not I, would generate these offsets and enforce rules about who gets to speak when. The only problem again is generation and distribution, which is taken care of by dedicated hardware and face-to-face meetings.

OskarS wrote:There is a cryptographic principle that few people are aware of called Kerckhoffs' Law: None of the security in a cryptographic system can reside in the system itself, all the security must lie within the key. It is inevitable that your system will be known (the Germans tried like hell to keep the Enigma secret, but inevitably there was a dude who leaked the machine to the French, who gave it to the Poles), so your argument that a system whose workings are public knowledge are less secure is laughed at by cryptologists.

I never made such an argument, or at least I did not intend it to sound that way; I am not advocating security through obscurity in general. I meant that when the system and its implementation become exceedingly simple as is the case with OTP, the importance of public review diminishes, and (perhaps) the relative benefit of obscurity increases. I can see how I didn't quite communicate that.

OskarS wrote:If a CIA agent would happen to get the bright idea to raid your pals house (which he likely would have, since he is staying in a surveillance van outside your house), using your method everything you ever sent to someone else would be compromised, your whole system would be ruined. If you used GPG, nothing would be ruined: the agent still wouldn't know your secret key.

The point of the original idea is to send a big "screw you" to the NSA in the event that they somehow have cracked RSA. But that's a valid point, the OTP system I described is damaged more by a breach.

williamager wrote:
OskarS wrote:I wrote a really long response to the other guy, and I fear I will do it again. Apologies to all that are not that interested :) BTW, my previous answer might have sounded needlessly harsh, I just wanted to strongly discourage the notion. My passions get the better of me some times, I apologize :)


I have found that assuming a lack of intelligence and prudence in other interlocutors, even when justified, as in my case, is generally not conducive to polite discussion, especially on this forum, and especially when the others may be asking questions for the sake of theory and pedanticism rather than from some firmly held belief or actual plan. The diligent reader will notice my own, actual, use of GPG mentioned earlier in this thread, and also the fact that I have been trying to respond to specific statements of yours, not trying to defend Workaphobia's actual proposal, which I didn't think was serious.

I also must admit that I find your statements concerning the security of GPG and SSL to be confusing. Certainly, the algorithms may be secure, but aren't the implementations dependent upon so many factors as to make claims like "guaranteed to be secure" and "completely unbreakable, by any force on earth" rather optimistic? After all, aren't rubber hoses, court orders, keyloggers, and rootkits rather effective at cracking such systems?


Ok, three points. First, OskarS, no offense taken; I do appreciate the conversation and insight, although I was already aware of most of your argument. Williamager, my proposal was serious to the extent that it's something I might want to do some day as a hobby to toy with, but that I will never actually have time to implement. Finally, keyloggers and rootkits are out-of-bounds since they require the end user's trusted machine to be insecure - something I refuse to model as it's too depressing (isn't that a convenient way of looking at real life? ;) )
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

Neoncow
Posts: 1
Joined: Tue Jan 08, 2008 12:25 am UTC

Re: "Responsible Behavior" Discussion

Postby Neoncow » Tue Jan 08, 2008 2:55 am UTC

If you're interested in having encrypted IM and want to deploy some crypto goodness now instead of waiting, you may be interested in Off the Record Messaging (OTR). It's an IM encryption protocol that aims to reproduce the "casual conversation" level of security that you would get by physically meeting up with someone.

The main thing differentiating OTR from your typical PGP schemes is that you get deniability and perfect forward secrecy. They have a (PDF) paper explaining situations where you might not want to use PGP. It also explains how they designed the protocol, which is great if you're interested in building your own crypto systems.

The authors also wrote plugins for existing IM clients.

jeffk
Posts: 44
Joined: Sun Sep 23, 2007 10:48 pm UTC

Re: "Responsible Behavior" Discussion

Postby jeffk » Mon Oct 06, 2008 6:43 pm UTC

I know I'm reviving a dead thread, but I was doing some surfing research...

I don't know if Phil reads XKCD, but apparently he's read this one.

Lunar Savage
Posts: 31
Joined: Wed Dec 16, 2009 2:01 am UTC

Re: "Responsible Behavior" Discussion

Postby Lunar Savage » Mon Sep 20, 2010 8:09 pm UTC

OskarS wrote:Basically, it's like this: in order to receive encrypted mail from people, you need to have a public key. This will let people encrypt emails to you that only you can read. However, there is the problem of authentication, how do you know for certain that key X belongs to person Y, someone could just have made a fake key so they can decrypt and read your mail and then pass it on to the real recipient (reencrypting it, so he doesn't know that you've read it). This is called a man-in-the-middle attack.

One solution for this is that people sign each others keys. It works like this: say you want to send an email to Bob, but you've never met him. You find his key online (they are stored on certain servers, like cryptographic phone books), but how can you be sure that it's really his? Well, turns out that you have a friend Alice, and you have her key and you know that it is hers. If Alice has signed Bob's key with her key (which only she can do, you need the secret part of the key-pair), it means that she's dead certain that that really is Bob's key (maybe they are friends, or have met somewhere in real life). So then you can be sure that Bob's key is genuine (since you have a common friend, Alice) and that your communications will be safe.

A key-signing party is simply a super-geeky party where people meet in real life so that they can be sure of people's identity and then everyone signs everyone else's key. It's a good way to expand the web of trust. The joke here (which totally is not funny if you explain it, but I found it hilarious when I read :D ) is that he has no idea who this girl is and yet he signed her key. The humor lies in the juxtaposition of what you expect (that they screwed) and what is the case (they signed each others key, also known as geek-sex).

As I said, not funny if you explain it, but it made me laugh :)


I know I'm bumping a thread long past dead. But I got to clicking through random today to relive some past XKCD humor. I didn't understand this particular comic and came here looking for an explanation. Just wanted to say thanks for the info! And actually...now that it's explained, I find it quite hilarious (I still don't understand why people think explaining a joke makes it less humorous...weirdos). xD :lol:
*Tips top hat, adjusts monocle, and walks away with cane* and yes, that IS Mr. Peanut laying unconscious on the curb.

User avatar
BioTube
Posts: 362
Joined: Sat Apr 11, 2009 2:11 am UTC

Re: "Responsible Behavior" Discussion

Postby BioTube » Tue Sep 21, 2010 3:18 am UTC

Lunar Savage wrote:I still don't understand why people think explaining a joke makes it less humorous...weirdos
For the most part:
E. B. White wrote:Explaining a joke is like dissecting a frog. You understand it better but the frog dies in the process.
Like any good rule, there are exceptions.
Frédéric Bastiat wrote:Government is the great fiction through which everybody endeavors to live at the expense of everybody else.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Jonathan589, Soupspoon, speising and 32 guests