Slashdot Mirror

CDMA uses the CMEA and ORYX algorithms, which are pretty weak as well, as shown in the linked papers. However, CDMA has somewhat of an advantage, because it's difficult to obtain the encrypted data stream in the first place: the nature of CDMA transmission means you can't pull a signal out of the noise unless you know the codes being used by the base station and handset.

The AES attacks are nothing to worry about.

No, it wouldn't. At least, not always.

Ok, I'm game. What's been implemented post-9/11 that's made us more secure?

I agree with Bruce Schneier on this: "Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers."

To make stupid people feel more secure by appearing to do something.

Sadly, most people confuse "activity" with "progress".

It seems everyone forgot the DRM and 'Trusted Computing' (aka distrust the user) introduced in Vista, one of the major criticisms (not look & feel).
You may recall this analysis: http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html, (Schneier wrote something here: http://www.schneier.com/blog/archives/2007/02/drm_in_windows_1.html)

Not sure how 7 is now, but its not like the bashing against DRM/Trusted Computing/TCPA was not without reason, and might have worked. Also, since that time, complaining made music download websites turn their back to DRM.

See his blog post

Be aware that if you have Windows 'system restore' enabled, then no matter how many times you securely erase - the file could still be in the shadow copy (which is completely untouchable). http://www.schneier.com/blog/archives/2009/12/the_security_im.html

The problem with "nothing to hide", as Bruce Schneier has noted on his blog, is that is based upon the fallacious assumption that there is no threat to privacy unless the government uncovers unlawful activity. Now, you say that you are an honest citizen and I believe you, but here is the problem: the laws, as they exist today, are so complex and convoluted that it is practically impossible for ordinary Americans to live their everyday lives without breaking at least some of them. This is a common tool used by many governments, not just the United States, to maintain power over individual citizens. The implicit threat is that any one of us could be selected for "special attention" or "selective enforcement" at any time if the government (or some faction within the government) decides that it doesn't like us or that we are "troublemakers". In light of this truth, what do I gain from making it easier for the government to profile and watch me? You might argue that my efforts to remain anonymous, or at least pseudo-anonymous are futile and perhaps they are, but that doesn't mean that I am going to hand them my privacy on a silver platter.

Let me translate for you: the "interception" here was by the government. The "security issue" is that somebody in the government leaked that info, or (less likely) that it was swiped by someone outside the government.

We don't know that.
Schneier on the issue: http://www.schneier.com/blog/archives/2009/11/leaked_911_text.html

Anyone could have been logging all that pager traffic. Not necessarily government. With 2009 technology, it wouldn't even be expensive. In 2001, it would only be a little expensive.

PS Are there any such applications in existence today?

TrackMeNot

Yep. TrackMeNot's been available for a little while.

And here's Bruce Schneier's reason not to use it.

You could also try CustomizeGoogle or the Scroogle scraper...

You're missing one important vector.

http://www.schneier.com/blog/archives/2006/01/countering_trus.html

And they also recommended a couple of changes to DES when it was being developed:

http://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html

Folks at the time thought it was some nefarious backdoor, but a couple of decades later came to realize it actually improved the security of DES.

If your passphrase is reduced to an SHA1 or MD5 hash (apparently Linux distros use salted md5 for user passwords by default), it doesn't need to be brute-forced. You can generate a collision, the speed of which is affected only by the length of the hash and the available computing power (that is, sha1(password) takes just as long as sha1(I.u5e5^ub3r-l337+p@$VV0rds,y0!*I_R=a#5m4rt3y/m4n!) to break)

http://en.wikipedia.org/wiki/MD5#Vulnerability

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

http://en.wikipedia.org/wiki/Collision_attack

Of course this probably has very few practical uses - It can't be used to break into a TrueCrypt volume, and if someone has hashes (weak or otherwise) of your passwords they've either gained physical access to your PC with an unencrypted disk (and once your physical security is broken, you also become vulnerable to the xkcd wrench attack), or you're a total idiot (or both).

..in his essay, "The eternal value of privacy"

Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.

Warning Sign #9: Cracking contests.

I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

It should be pointed out that Schneier was talking about ciphers, not voting machines, and he was talking about companies announcing cracking contests and using the announcement as an indication of security, in lieu of actually providing enough information to allow serious review of security.

It's the combination of secrecy and cracking contests that is the snake oil warning sign. The only way we can determine if something is secure is to have lots of smart, knowledgeable people with full access to the details try to break it. With crypto stuff, this is normally done by publishing at academic conferences and in academic journals and then encouraging other academics to give it a shot, but that's far from the only way to do it.

Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.

Warning Sign #9: Cracking contests.

I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf

[Via Schneier]

The paper: http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf

And the required Schneier blog post: http://www.schneier.com/blog/archives/2009/11/protecting_oss.html

Schneier's synopsis is pretty good. Apparently, most hardware only provides page-level memory granularity, whereas protecting these hooks requires byte-level granularity.

With Pwsafe, you can Double-click an entry to copy the password to the clipboard, and ctrl-v to drop it in the form. For the truly ambitious, you can assign a "run" event to an entry that allows you to start an app or URL and automagically populate the credentials.

Well, it's against the laws of thermodynamics to be able to brute force AES-256 for a start. If there were exploitable weaknesses in the algorithm, given that there are open source AES-256 implementations, it would not be possible to keep them quiet. This leaves brute forcing. (Of course, people can choose bad passphrases, but most who go to the bother of using AES-256 will probably use something decent)

http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2Kelvin, an ideal computer running at 3.2K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.'

Oh yeah, well if I were an attacker, I would build a gravity weapon so powerful that it would pull the moon out of its orbit and crash it into the earth.

OR I would create a poison so potent that just a few drops of it in any lake would kill everyone within a 5-mile radius.

OR I would plant thermonuclear bombs in the capitals of the 10 largest cities in the U.S. and detonate them all at once.

See, Mike McConnell? It's easy to invent terrorist movie plots. If they gave out awards for Most Creative Terrorist Strategies That Would Never Work, you all all of your three-letter agencies would win first prize every time.

And watch out for evil maids installing malware that subverts your encryption and sends/stores everything unencrypted.
And don't tell me that ain't easy with Linux.
That's right, you can never leave your computer unlocked unattended. Realistic?

The main argument against DRM is that it plain and simple doesn't work. No matter what scheme you come up with, you are doomed to failure because you're going against a natural law of the digital universe. It is the nature of digital information to be copied. Bruce Schneier (here and here) famously explained that "digital files cannot be made uncopyable, any more than water can be made not wet." You're giving away copies of a file, with some protection the expectation that the user's own computer will honor your desires not to have the file's displayable only to some! On the face of it, it's absolutely absurd, but that is exactly what all DRM schemes are trying to do. The fact that you go to all the trouble to do this means that you only inconvenience your real customers, treating them as though they were thieves. The pirates will inevitably break your attempts at DRM, and then they'll be competing against you, offering to the market a product that is superior to the one you are offering in many crucial ways. The so-called "content industry" finds itself on the wrong side of history this time: the combination of general-purpose computers and the digitization of information has led to this pass, and the only way back is to eliminate general-purpose computers entirely (an impossible task, to be sure, but one being attempted in the guise of 'trusted computing'), and/or restrict the digitization of information (definitely impossible).

Maybe authors should learn to stop worrying and love the Bomb so to speak. There are ways of making money even in the face of unrestricted copying. For books, a system that might be workable is patronage, the same way composers made money back in the day. Books on various topics could be commissioned by patrons who would pay authors to write books about topics they need to have references on. Once the book is done, the author has already made all the money he or she can expect from the work, and if dead-tree editions are offered and royalties are received from that in the traditional fashion, so much the better. There are many ways this could work, but it's up to people who have more business sense than I to make viable business plans out of them.

The main argument against DRM is that it plain and simple doesn't work. No matter what scheme you come up with, you are doomed to failure because you're going against a natural law of the digital universe. It is the nature of digital information to be copied. Bruce Schneier (here and here) famously explained that "digital files cannot be made uncopyable, any more than water can be made not wet." You're giving away copies of a file, with some protection the expectation that the user's own computer will honor your desires not to have the file's displayable only to some! On the face of it, it's absolutely absurd, but that is exactly what all DRM schemes are trying to do. The fact that you go to all the trouble to do this means that you only inconvenience your real customers, treating them as though they were thieves. The pirates will inevitably break your attempts at DRM, and then they'll be competing against you, offering to the market a product that is superior to the one you are offering in many crucial ways. The so-called "content industry" finds itself on the wrong side of history this time: the combination of general-purpose computers and the digitization of information has led to this pass, and the only way back is to eliminate general-purpose computers entirely (an impossible task, to be sure, but one being attempted in the guise of 'trusted computing'), and/or restrict the digitization of information (definitely impossible).

Maybe authors should learn to stop worrying and love the Bomb so to speak. There are ways of making money even in the face of unrestricted copying. For books, a system that might be workable is patronage, the same way composers made money back in the day. Books on various topics could be commissioned by patrons who would pay authors to write books about topics they need to have references on. Once the book is done, the author has already made all the money he or she can expect from the work, and if dead-tree editions are offered and royalties are received from that in the traditional fashion, so much the better. There are many ways this could work, but it's up to people who have more business sense than I to make viable business plans out of them.

True, but I didn't realise Youtube was actually sharing that information publicly. When you signed up to a site years ago, who knows what information you entered and forgot about.
On a (related) side note, this seems interesting:
http://www.schneier.com/blog/archives/2009/04/identifying_peo.html

Schneier had an interesting piece on deriving a limit of the necessary key length from thermodynamics.
http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html ... assuming your password is only bruteforce-able ... otherwise http://xkcd.com/538/

From Schneiers blog:

"The OFAC requirements apply to all U.S. citizens. The law prohibits anyone, not just car dealers, from doing business with anyone whose name appears on the Office of Foreign Assets Control's Specially Designated Nationals list," says Thomas B. Hudson, senior partner at Hudson Cook LLP, a law firm in Hanover, Md., and publisher of Carlaw and Spot Delivery, legal-compliance newsletters and services for car dealers and finance companies.

Hudson says that, according to the law, supermarkets, restaurants, pawnbrokers, real estate agents, everyone, even The Washington Post, is prohibited from doing business with anyone named on the list. "There is no minimum amount for the transactions covered by the OFAC requirement, so everyone The Post sells a paper to or a want ad to whose name appears on the SDN list is a violation,"

Sounds like the law is stopping people from not checking this list of witc.. err bad guys. So the Supreme Court aren't so much wrong as they are hypocrites and liars. Business as usual I guess.

Computation speed is only part of the problem. Even with the fastest possible computer there wouldn't be enough energy available to brute force a 128-bit symmetric key in a reasonable amount of time.

Isn't traffic usually higher during business days than during the weekends? If so, during a pandemic I'd expect lower traffic, not higher.

Exactly. But as a thought experiment, let's stop and consider what would happen if every single child and adult in the country stayed home for a day and watched TV or surfed the web. In terms of Internet traffic and operations, how exactly would that be any different than every single weeknight between the hours of 8PM and 10PM? How about during the holidays where there is an entire week out of the year where almost no one goes work or school?

Why do big government agencies never seem to realize that the Internet is really pretty robust as it is? Can we stop already with the wacky movie-plot security theories?

Whoever in the GAO wasted the American people's taxes on this asinine venture needs to be reported via FraudNet.

Street Performer Protocol.

Exactly, we simply won't be able to collect enough energy to do computation at the speed of theoretical limits.

It comes down to a lack of energy. Flipping a bit takes a minimum amount of energy, kT, where T is the absolute temperature of the system and k is the Boltzman constant. If you were to build a Dyson sphere around the sun and capture all it's energy perfectly an ideal computer using all this energy without loss would only be able to count up to 2^192 in 32 years. As Bruce says in that linked article, "[B]rute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."

The reason to use a longer key is not to make brute-force attempts take longer, as brute-forcing even 128 bits is never going to be possible, but to cover for potential weaknesses in the cryptographic algorithm that might reduce the strength of the key.

Notice, if you will, that the only Memory Stick, Memory Stick Micro, Memory Stick Pro, and Memory Stick Pro Duos you see bear the company name Sony or that of one of the few strictly sublicensed partner company brand names. Sandisk/Lexar are two examples of such companies, with Sandisk being a direct partner with Sony for the Memory Stick spec. You will find SD cards from Sandisk, Lexar, Crucial, Kingston and numerous other companies. I hope that answers your question about which format is more open and prevalent. There are several companies offering hardware adapters to allow SD cards to be compatible with Memory Stick slots. The SD spec is easily (and more cheaply) licensed for use in all kinds of devices - industrial, commercial, and consumer, from what I've determined.

As for the DRM question: Sony only uses non-compatible proprietary DRM formats for everything, as a rule. Usually Windows-locked by default in any implementation. For the Memory Stick cards, it is optional to use, and is called MagicGate, a software/hardware duality. See: ATRAC. See also: MagicGate [1]. This is not to say enterprising individuals haven't taken care of this issue, it's just a fact of their track record as a company. The SD card DRM [2](CPRM 1|2) scheme on the other hand, is able to be licensed and used in Open Sauce (for a fee), for whatever reason one might choose to do so, and is rarely if ever enforced even when it is present, and is software mostly reliant on software, with the DRM itself only fully working if a CPRM capable device is present for key negotiation. It's been bypassed for years by programs like DVDShrink, etc.

For an example: Sandisk SD cards that contain media/programs/etc of whatever type on the card at retail. You can copy the stuff straight to your hard drive without any trouble, or format the card, again, without any trouble, and proceed to use them. The data isn't locked, even though the DRM is present. Try this with the content that comes on those special MSD cards once for an unhappy experience. Try to erase the data off the card, and you are prevented, so you are stuck with a partially full card from the get-go. Ditto attempting to copy the data.

[1] Note: I apologize for using a Wikipedia link, but I couldn't find any direct information on MagicGate from the Sony website, other than their support section saying that Memory Stick cards or devices without MagicGate can't use ATRAC-based files (it seems the spec page for MagicGate no longer exists or was removed); also listed on the Sony site were several pages on which devices contain it and which do not.

[2] Note: Two best links I found dealing with CPRM.

I think they reached their new all time low each time they took rights away from their own citizens.

The link provides it. Symantec knew what that POS software was doing and yet it did nothing to identify it. In fact, I recall other mainstream AV never flagged it as malware.

Ref 12: http://www.symantec.com/security_response/writeup.jsp?docid=2005-110615-2710-99

More damning from Schneier (from the Wikipedia link)
Ref 13: http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html

As Bruce Schneier recently pointed out, MITM attacks are now much more common, and likely to become widespread.

Now, if they used that cell phone message to authenticate the exact transaction you are performing, you'll be much more secure.

Of course, if it's too easy to update the cell phone number, all bets are off.

Here's a bit by Schneier on how to recognize plaintext. Basically, plaintext looks like plaintext, either because it's intelligible lanugage, or because it matches the characteristics of a standard document format (headers, layout, etc.)

How one would go about programming a computer to recognize plaintext, I have no idea, but presumably somebody smarter than me has worked it out.

http://www.theregister.co.uk/2009/03/04/warrantless_gps_tracking/print.html
http://www.schneier.com/blog/archives/2009/05/no_warrant_requ.html
http://tech.slashdot.org/article.pl?sid=09/05/10/1549252
http://www.divorcenet.com/states/new_jersey/spying_on_your_spouse

We're already on the slippery slope. Google around, and see who can track you, with or without your permission, with or without a warrant.

An essay on shoulder surfing.

I no longer think it would be impossible to implement decently. Google Tech Talk has an interesting 1.5h video about the subject ...

Thanks. I'll watch that later. The GPP, though, wasn't talking about cryptographic verification. He was talking about mandatory VVPAT and audits (as per the link in his .sig). I too, have not seen an algorithm (cryptographic or otherwise) that allows voters to verify their votes after they leave their polling place without making it susceptible to manipulation or identity leakage of some kind. (granted, some are far better than others)

... Schneier also has a small blog post, hinting that there could well be some self-enforcing algorithms that let us confirm the system is secure even if we don't know all the details to test it.

I'd be interested in hearing about them. Unfortunately, he doesn't talk about them. He just nebulously speculates that they might exist. (useful, but light-years from practical)

Being able to sense the drug incoming, I was able to examine my reaction over the years.

THOMAS (The Human Oxytocin-Mediated Attachment System) How to run a con

Schneir on Oxytocin

Oxytocin.

Now, you know that whole "chemistry" thing, where some people strike you as attractive and some just... don't? That's in part determined by the differences between your immune systems.

That works because if the genes that code for your major histocompatibility complex (MHC) are similar to the other person's, you'll tend to find them less attractive than otherwise, and vice-versa. Why mate with someone who's immune to the same stuff you are? Your offspring won't have any survival advantage. Instead, evolution has selected for creatures that mate with partners whose immune systems are incompatible. Either because both parents tend to be unlikely to be sick at the same time, ensuring the presence of at least one caregiver. Or because some the offspring of such pairings get a mix of genes that features the the best bits of both parents. (Offspring that get the worst of both parents tend not to survive, but that's a problem for individuals, not the species.)

Love is just a chemical reaction in your brain, anyway. It's not magical, or sacred, or even very special. It's your brain recognizing the opportunity to mate with someone who matches your particular template for an ideal partner (usually based on early experiences, parents, and other external factors), and shooting you up with natural drugs to make you feel like it's way more than it really is.

I no longer think it would be impossible to implement decently. Google Tech Talk has an interesting 1.5h video about the subject and Schneier also has a small blog post, hinting that there could well be some self-enforcing algorithms that let us confirm the system is secure even if we don't know all the details to test it.

The problem is, it's much harder to recognize quality, especially in modern products, thus there is no market pressure for it. But there is a market pressure from the investor's end to produce as much things as possible.

Ultimately, it's an issue of asymmetric information and trust.

Bruce Schneier wrote about a similar concept, itself written by American economist George Akerlof.

What I find offensive are the complaints from people who voluntarily go the cheaper route, then complain that the cheaper product [doesn't perform as well | isn't as reliable | doesn't recover from errors as well | etc.] as the product created by idealistic engineers.

My dear Derleth, something you need to know about me: I am a system administrator.

I have administred/used/installed/maintained: SuSE, Mandrake (now Mandriva), Red Hat, Fedora, Debian, Ubuntu, Slackware, NetBSD, OpenBSD and FreeBSD machines. And I have probably forgotten a couple in the list above (Caldera comes to mind - waaaay before it became SCO).

So, yeah, I have used RPM and .deb based Linux distributions, thank you very much. And, yes, as you guessed, I started way back in 1995, when Slackware was pretty much the only game in town. Debian did not really exist yet and Red Hat was just crappy in those days. Slackware was - and still is - stable and coherent compared to pretty much all other distributions.

And that's just the free UN*X. I have also administered/installed and maintained HP-UX, AIX, Solaris, and Tru64 machines.

Except for the *BSDs and Slackware, frankly, most of them suck. Big time. Which is why I am typing this past 1:00am on a (very early) Sunday morning after spending an entire day installing AIX 5.3 TL8 SP6 servers in a production environment.

Give me Slackware anytime, please. Red Hat is a mess after two upgrades, Debian packages are maintained by a bunch of clueless hippies and n00bies, SuSE just plain sucks (yast meets smit, smit meets yast), Ubuntu is for point-and-click losers. And don't get me started on so-called "professional" UN*X such as AIX, please.

For instance, here is one reason Slackware is superior to all of these lame pieces of fluff: except maybe for Debian, it is the ONLY Linux distribution that won't install an X11 server by default. Here is a hint: you don't need a freaking X11 GUI on a production machine!!

(By the way, never ever mention the name "Gentoo" in front of me unless you really want to get a good ol' whack from my handy clue bat(tm).)

Anyhow, I am sorry if this sounded trollish - don't get me wrong, Red Hat and Debian and Ubuntu and [insert fave distro here] are perfectly acceptable, heck even Solaris or HP-UX are not that bad, but when it comes to simplicity and stability , Slackware is still the best Linux out there.

Slackware sucks. But, as far as I am concerned, it sucks a little bit less than all the others.

and plugins well just depends on how much you trust the external plugin.

You eventually have to trust someone, somewhere. Be it MS or the individual responsible for NoScript. Schneier wrote an interesting piece on countering "trusting trust."

Given that the js engine is loaded with security problems, its likely that java and flash are too

Likely that Flash is to? There have been far more zero day exploits in Flash than have been present in Mozilla's JS engine that were widely and actively exploited. Worse, Adobe sits on these exploits for weeks before doing anything about it.

You really just want to block all of this out by default and allow certain websites to run them as needed.

Guess what NoScript does? You don't need to muck with profile settings, either.

Javascript itself really should not be a problem if it were not for security problems in javascript itself.

I think you mean the issues with JS implementations?

privacy violation however is what cookies are specifically intended for.

No they're not:

Cookies are a way for a server to sustain a stateful session by passing information back to a user agent; the user agent returns the information back to the server on its next visit.

Just because something can be used to violate your privacy doesn't mean it is expressly intended to do so.

Privacy Salience and Social Networking Sites

I don't know if you're be facetious, but there is no right to keep and bear arms.

And that attitude right there is why your countrymen are losing freedoms on a regular basis. Your rights are not granted to you by the government -- they are natural rights that all human beings have. One of those is the right to keep and bear arms for defense of the person and community. The fact that you've allowed your Government to infringe upon your natural rights suggests to me that you have no concept of what your rights are and were destined to lose them before the debate even began.

the crown hasn't wanted an armed populace for a while.

You mean the Commons, right? Either way, therein lies your problem. Your Government doesn't regard your rights as inviolable. Hence why you continue to lose them as time goes on. The country that gave us the Magna Carta is now ruled by people that don't think you should have the right to remain silent, the right not to be a witness against yourself or the right to keep and bear arms.

Way to live up to your history. I guess the 13 colonies got out just in the nick of time, didn't we?

My understanding is that lib(dvd)css2 is in a legal limbo -- despite a quick search on Google, I can't find a single citation to show that it is expressly forbidden. However, there are warnings about using it and similar technologies all over the net.

So what? If "they" (whoever "they" may be) don't know you are using it, who cares? Well, for instance, what happens when you carry your laptop on an international flight, and as you return to the country, Customs asks to search your laptop?

I might just be paranoid, but it's something to keep in mind.

Insert obligatory "Bruce Schneier says it's ok to write down your password" link here