Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM using Napoleon Dynamite Quote to Encrypt Data

Posted by ryuzaki0 on from the masters-of-the-bo-staff dept.

schmack writes "A developer discovers a quote from the movie Napoleon Dynamite is being used as the cipher key by IBM to publish encrypted XML at this year's Wimbledon grand slam. But is this a rather glaring lapse in security or an easter egg for curious hackers, many of whom would surely be fans of the quirky movie?"

170 comments

  1. What is with that movie? by roman_mir · · Score: 1, Flamebait

    It was totally retarded, why do people like it?

    As to being a security issue, unless someone compiles all quotes from all movies into a text file, it is not.

    --
    You can't handle the truth.
    1. Re:What is with that movie? by NexFlamma · · Score: 0, Offtopic

      As to being a security issue, unless someone compiles all quotes from all movies into a text file, it is not. And how difficult a task would that really be?

      See, movies these days, have these things called "scripts"...

    2. Re:What is with that movie? by Anonymous Coward · · Score: 0

      Because they are susceptible to peer pressure. Duh.

    3. Re:What is with that movie? by athakur999 · · Score: 5, Funny
      It was totally retarded, why do people like it?


      roman_mir, don't be jealous that I've been chatting online with babes, all day. Besides, we both know I'm training to become a cage fighter.

      --
      "People that quote themselves in their signatures bother me" - athakur999
    4. Re:What is with that movie? by spencerogden · · Score: 1

      Right, then how many quotes are in those sripts, knowng that quotes could be of many lengths.

      I'm too lazy at the moment, but if you calculated the number of substring with say, 1-10 words, I think you'd find that the key space is more than large enough.

      --

      Spencer Ogden

    5. Re:What is with that movie? by Anonymous Coward · · Score: 1, Interesting

      MOD PARENT +5 INSIGHTFUL!!!

      There is a disturbing trend in film today that automatically bills any film that is both watchable and different as a "cult classic" or a "hidden gem". I find it personally disturbing that people seem to be losing their ability to a) seperate humor from simple sarcasm or irony, and b) discern aesthetic merit -- not absolutely but just generally -- and seperate pure schlock from geuine plot-driven, substantive films.

    6. Re:What is with that movie? by Anonymous Coward · · Score: 0

      Just a taste issue, I guess.

      I've never seen N.D., so I can't comment on it - but I couldn't stand the movie "Office Space" and can't stand the TV show "The Office" (the US version, never seen the UK version) but both seem to be worshipped around here. Go figure.

    7. Re:What is with that movie? by roman_mir · · Score: 1

      And who might you be?

      --
      You can't handle the truth.
    8. Re:What is with that movie? by Sage+Gaspar · · Score: 4, Funny

      Whoever he wants to be. Gosh!

    9. Re:What is with that movie? by shotgunefx · · Score: 3, Insightful

      I ain't modding him up, but I won't mod him down either.

      I really like the movie, granted it was annoying at times the first run through.

      I imagine one of the reasons it's popular because it's a movie about "losers", you don't really see that too often. Even when you do, they characters aren't really losers, just perceived that way (and usually not perceived that way by the final reel).

      --

      -William Shatner can be neither created nor destroyed.
    10. Re:What is with that movie? by Just+Some+Guy · · Score: 1
      And who might you be?

      The fact that you didn't recognize one of the most often-used quotes of the movie means that you probably didn't watch it. Since you didn't watch it, how do you know that "it was totally retarded"? Did you read that somewhere and decide that it sounded cool and anti-trendy to hate the movie?

      --
      Dewey, what part of this looks like authorities should be involved?
    11. Re:What is with that movie? by CableModemSniper · · Score: 0, Troll

      Exactly. No one should be a fan of that movie.

      --
      Why not fork?
    12. Re:What is with that movie? by CableModemSniper · · Score: 1

      I saw the movie and recognized the quote. The movie was "totally retarded." The sad thing is that the "trendy" thing to do is like that piece of crap film.

      --
      Why not fork?
    13. Re:What is with that movie? by Kreigaffe · · Score: 0, Offtopic

      I've heard "The Office" stank/stinks..

      but "Office Space" is truly a work of genius. It's barely even a movie about an office. It's more about the battle with an absolute lack of motivation and work ethic, the pitfalls of trying to scheme your way out of the daily grind.

      Also, it's about avoiding federal POUND ME IN THE ASS prison.. which is something we all can identify with.

      --
      ... still waiting for this free-as-in-beer free beer I keep hearing about. :|
    14. Re:What is with that movie? by Just+Some+Guy · · Score: 1

      I honestly thought it was funny, even though I expected to hate it and only watched it because a friend insisted. It's OK that you disliked it, though - at least you actually saw enough of it to form an opinion of your own.

      --
      Dewey, what part of this looks like authorities should be involved?
    15. Re:What is with that movie? by 1u3hr · · Score: 1
      As to being a security issue, unless someone compiles all quotes from all movies into a text file, it is not.

      As TFA says, the line was in clear text elsewhere in the file. So it was like hiding the front door key under the doormat. Maybe its real purpose is to give legal weight to a claim that it wasn't published freely, in case they want to shut down anyone leeching it commercially. Probably it's a DMCA violation to crack the encryption.

      And I think you'll find that movie quotes ARE compiled into text files to run against codes. They could just scrape them from IMDB. I remember some years ago somene complaining in a newsgroup how someone had used their password to abuse an account. They were so sure that no one would guess "THX1138", as it came from an "obscure movie". Lines and names from geeky "obscure" movies, books, TV shows, comics are the first things crackers try.

    16. Re:What is with that movie? by XMyth · · Score: 1

      Thanks for setting me straight. To think, I actually used to like that movie.

      Thanks for fixing my (and others) opinions!

    17. Re:What is with that movie? by Takumi2501 · · Score: 1

      I think that the real security problem is that the key could be reverse-engineered from the program used to interperet the data. They'd probably have been better off using something server-side (such as PHP) to build this program on. Unfortunately, PHP isn't as flexible as Flash, and puts a higher load on the server.

      Then again, the idea may just to have been to discourage lazy people. After all, it's not like we're dealing with sensitive data here.

      --
      Sent from my computer.
      Now GET OFF MY LAWN!
    18. Re:What is with that movie? by Takumi2501 · · Score: 1
      Then again, the idea may just to have been to discourage lazy people. After all, it's not like we're dealing with sensitive data here.
      *May just have been to discourage lazy people.

      How did I not catch that when I previewed?
      --
      Sent from my computer.
      Now GET OFF MY LAWN!
    19. Re:What is with that movie? by roman_mir · · Score: 1

      The fact that you didn't recognize one of the most often-used quotes of the movie means that you probably didn't watch it. - I watched it, alright, but that's my point, why would I remember quotes from a retarded movie?

      --
      You can't handle the truth.
    20. Re:What is with that movie? by heinousjay · · Score: 1

      It's entirely possible for opinions to be stupid. That is a fact.

      --
      Slashdot - where whining about luck is the new way to make the world you want.
    21. Re:What is with that movie? by hunterx11 · · Score: 1

      I think it was a pretty decent movie that just got beaten mercilessly into the ground by some rather retarded fans.

      --
      English is easier said than done.
    22. Re:What is with that movie? by rjshields · · Score: 1
      Exactly. No one should be a fan of that movie.
      So I'm not allowed to like the movie because some 31337 gaming teenager on slashdot says so? Get some hair on your balls, kiddy ;)
      --
      In this world nothing is certain but death, taxes and flawed car analogies.
    23. Re:What is with that movie? by roman_mir · · Score: 1

      Also, it's about avoiding federal POUND ME IN THE ASS prison.. which is something we all can identify with. - I see, so how is that bank account accruing all of those fractions of pennies working out for you?

      --
      You can't handle the truth.
    24. Re:What is with that movie? by Anonymous Coward · · Score: 0

      BUURRRRRRRN!

    25. Re:What is with that movie? by Anonymous Coward · · Score: 0

      Fine, except I put the decimal in the other wrong place so I'm only accuring 0.0000001 cent a day. However, thanks to compound interest I'll be a millionaire in 3053!

    26. Re:What is with that movie? by Firehed · · Score: 1

      I did watch it, and wished I do so in theatres so I could ask for my money back. I spent however long that movie was of my life waiting for funny to come, and it didn't. I suppose I'll get modded down too, but it seems to me that if society demands a movie about someone so pathetic that it's (supposed to be) funny, we've got a long way to go. It easily gained my label of "worst movie ever" (and not even Comic Book Guy style), and I honestly can't imagine what it would take to be ousted from that title.

      --
      How are sites slashdotted when nobody reads TFAs?
    27. Re:What is with that movie? by Anonymous Coward · · Score: 0
      It was totally retarded


      With your choice of words, I would have guessed you to be a fan.
    28. Re:What is with that movie? by Anonymous Coward · · Score: 0

      Anyone who makes it to the end of this thread should get a prize. Or shot.

    29. Re:What is with that movie? by TenLow · · Score: 1
      Well you're posting in what has turned into a discussion about quotes from that movie, so it's not a leap of faith to expect the quotes used in the replies would be from the movie.

      Flippin' idiot!

    30. Re:What is with that movie? by Anonymous Coward · · Score: 0

      That's unfortunate. You spent so much energy focusing on the introduction of the main character that you missed out on how lame he actually wasn't. And since that was the idea behind the film, you really missed out. In all seriousness, you should try watching it again. Or, just catch the 80's version. :D

    31. Re:What is with that movie? by Anonymous Coward · · Score: 0

      http://www.cswap.com/2004/Napoleon_Dynamite/cap/en /25fps/a/00_10

    32. Re:What is with that movie? by painQuin · · Score: 0

      I was starting to think I was the only person around who thought that...

      --
      A guilty conscience means at least you've got one.
    33. Re:What is with that movie? by mh101 · · Score: 2, Insightful
      Of course it's a cult classic.

      A cult classic is a work (e.g. a movie or TV show) or group of works (e.g. songs by a certain band) that may not achieve widespread mainstream popularity but does attract devoted, even fanactical, attention from a select group. See cult film, cult televison, cult radio and cult following for related topics.
      en.wikipedia.org/wiki/Cult_classic

      There's plenty of people who don't like, or haven't seen, Napoleon Dynamite, but there are others who think it's one of the funniest movies they've ever seen. If everyone thought it was a fantastic movie, then it wouldn't be a cult classic.
      --
      Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
    34. Re:What is with that movie? by glassjaw+rocks · · Score: 1

      I would have to say it's definatley NOT a cult classic.

      Everybody's mother has seen the movie. It's damn near a household name.

      --
      -gjr
    35. Re:What is with that movie? by roman_mir · · Score: 1

      You are a flipping idiot if you can't get through your stupid thick skull that any sentence could be a quote and it still doesn't mean that I have to recognize it.

      Moron.

      (by the way, isn't it nice how the very first post in this thread is moded as a Flamebait, while it is actually just an opinion. You don't like opinions, do you, mods?

      --
      You can't handle the truth.
    36. Re:What is with that movie? by sickboy1969c · · Score: 1
      roman_mir, don't be jealous that I've been chatting online with babes, all day. Besides, we both know I'm training to become a cage fighter.
      Since when? You've got like the worst reflexes of all time!
    37. Re:What is with that movie? by Jonner · · Score: 1

      You've fallen into a false dichotomy: it was both an opinion and flamebait. In fact, if you think about it, most flamebait comments are opinions, particularly contentious opinions.

    38. Re:What is with that movie? by Jonner · · Score: 1

      I'm almost positive my mother hasn't seen it.

    39. Re:What is with that movie? by roman_mir · · Score: 1

      One man's terrorist is another man's freedom fighter, right?

      This is all a matter of perception. I see an opinion, someone else sees a flamebait because it contradicts his/her opinion.

      --
      You can't handle the truth.
    40. Re:What is with that movie? by Lotharus · · Score: 1

      Cool! What's my prize?

      *bang!*

      OW!

      --
      http://undecidedgames.blogspot.com
  2. depends by Spiked_Three · · Score: 3, Interesting

    on whether or not they were encrypting anything important. If they were then they were idiots.

    --
    slashdot troll = you make a compelling argument I do not like the implications of.
    1. Re:depends by posterlogo · · Score: 1

      IDIOTS!

    2. Re:depends by Minwee · · Score: 4, Funny

      Once the terrorists gain access to the scores from Wimbledon then it's all over for the free world. They could use our own tennis scores against us.

      They had better be using the strongest encryption available for this kind of thing.

    3. Re:depends by Megane · · Score: 1

      Once the terrorists gain access to the scores from Wimbledon then it's all over for the free world. They could use our own tennis scores against us.

      Be on the lookout for blacmanges with AK-47s.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    4. Re:depends by nametaken · · Score: 1

      Not to worry, I've secured the free world's tennis scores with my awesome dancing skills.

      That, and my pet liger.

    5. Re:depends by jrumney · · Score: 1

      Yes, but were they idiots for using a movie quote for the key as the summary suggests, or were they idiots for assuming that Flash is secure? I've seen a lot of "password protected" Flash apps out there, so there should be a lesson in this article, but the Slashdot summary doesn't exactly highlight the real problem. It is trivial to decompile Flash, folks. Your encryption keys are right there in plain text for all to see.

  3. well... by joe+155 · · Score: 0, Redundant

    "But is this a rather glaring lapse in security or an easter egg?"

    If what they were sending was important then it is definately the former, if it's something which they meant for people to have a go at then it'll be the latter.

    --
    *''I can't believe it's not a hyperlink.''
    1. Re:well... by tdvaughan · · Score: 2, Insightful

      Hm....so what you're saying is that if it's a lapse in security then it's a lapse in security but if it's an easter egg then it's an easter egg? I like the way you're thinking!

    2. Re:well... by Cheapy · · Score: 3, Funny

      If what they were sending was important then it is definately the former, if it's something which they meant for people to have a go at then it'll be the latter.

      Captain Obvious to the rescue once again!

      --
      Would you kindly mod me +1 insightful?
    3. Re:well... by Anonymous Coward · · Score: 0

      I bet that's not the password anymore...

    4. Re:well... by thePowerOfGrayskull · · Score: 2, Funny

      What an amazing grasp of the obvious!

    5. Re:Well... by WilliamSChips · · Score: 1, Informative

      You forgot one: password.

      --
      Please, for the good of Humanity, vote Obama.
    6. Re:Well... by yaff · · Score: 1

      Hey! That's the code to my luggage!

    7. Re:Well... by c_forq · · Score: 1

      That's why I am so smart, my password is qwertyQWERTY, no on expects it twice - and a change in case on top of that! Haha!

      --
      Computers allow humans to make mistakes at the fastest speeds known, with the possible exception of tequila and handguns
    8. Re:Well... by Amouth · · Score: 1

      i am sorry bit you don't meet the complxity requirements.. please enter you password in the form of an unsigned int

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
    9. Re:Well... by ro_coyote · · Score: 1

      my password is qwertyQWERTY

      Just ROT-13 that bad boy and you'll really be cooking!

  4. Well... by Rendo · · Score: 0

    Since the most commonly used passwords are 12345 qwerty god and love, I wouldn't be surprised if the password was "Gooodddd" :)

  5. Huh? by LordKaT · · Score: 4, Insightful

    I don't really see this as a "lapse" in security. I mean, it was an XML file with updated scares, not a SQL database with every known Social Security Number. The application in question (a flash scoreboard) doesn't exactly call for some kind of PKE scheme.

    1. Re:Huh? by Stiletto · · Score: 4, Insightful


      If a project doesn't require strong encryption, does it require encryption at all?

    2. Re:Huh? by Soul-Burn666 · · Score: 1

      Yes.
      If you don't want normal people to access the project, a standard encryption like 128bit AES is enough to feel safe.
      By normal people I mean bored people with only little computing power.

      But if you for some reason want to pass around data about your nuclear projects or such, you'd take many more precautions and use multiple and stronger encryption schemes, to be on the safer side of safe.
      These projects are in the interest of strong governments who have we don't know how much computing power and intention to get those documents.
      And even that will probably not be enough against black-ops a la your-favorite-secret-agent-franchise...

      --
      ^_^
    3. Re:Huh? by hyfe · · Score: 5, Insightful
      If a project doesn't require strong encryption, does it require encryption at all?

      Of course it does. The lock to your house is most certainly breakable. Does that mean you should throw away the door?

      Weak'ish encryption protects you against untargetted attacks, such as network-snooping. Anybody doing untargetted attacks are probably going to have massive amount of data to search through. Even the most simplistic encryption algorithm involving keys is going to force the attacker to include state-information in his application.. which as we all is just plain painfull on high-traffic networks.

      --
      "" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
    4. Re:Huh? by Deltaspectre · · Score: 3, Funny

      I think what he's saying is....

      If you're going camping you don't necessarily need to lock your tent door up, because it's such a trivial thing to do

      --
      My UID is prime... is yours?
    5. Re:Huh? by DerekLyons · · Score: 5, Insightful
      If a project doesn't require strong encryption, does it require encryption at all?

      Yes.
       
      It's a common misconception that encryption is supposed to be 'unbreakable' (for some large value of 'unbreakable'), in all instances. In the real world of security (I.E. DoD etc...) it's quite common to have the complexity and difficulty of the cipher or code to match the 'speed value' (to coin a term) of the information. For example, diplomatic messages need to be kept hidden essentially forever - thus strong encryption. Tactical communications between Army formations or Navy ships can have a much lesser grade of encryption applied because their value is almost always rendered moot before they can be broken.
       
      The 'need' for ultra-strong, resist-attack forever grade encryption for personal use is an artifact of the (not uncommon) geek need to be [bigger|faster|stronger] than anyone else when it comes to computer stuff.
    6. Re:Huh? by Anonymous Coward · · Score: 0

      Nuclear shit doesnt get "transmitted" it is "hand delivered on media".

      Nuff said.

    7. Re:Huh? by rickyb · · Score: 1

      The movie was scary enough for some. I sure don't need an XML file full of them, especially if they get updated.

    8. Re:Huh? by hyfe · · Score: 1
      With the tent door open, it's easy for people to see if the tent is empty and if it's safe to go inside and search the tent for valuables.

      With the tent door closed, they have to chance somebody lieing inside taking a nap

      Good choice of analogy.

      --
      "" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
    9. Re:Huh? by Deltaspectre · · Score: 1

      Honestly, who keeps valuables in a tent!

      --
      My UID is prime... is yours?
    10. Re:Huh? by Anonymous Coward · · Score: 0
      ".|A(0{?y01/3z4xy0|?|B|L-Kfpkxey^tom5638BHQ{y9|G .Ak `he&5'|_pl_464:UO>{z7{G@C?D=yDACAFA{/z-z./2

      ??

      Somehow, I'm missing something about how obvious this "quote" is supposed to be"


      It says, "Vote for Pedro." Gosh.
    11. Re:Huh? by Gerzel · · Score: 2, Informative

      Hand delivery is still a form of transmission and can still be intercepted, even if it is a lot harder. Thus there is still a need for incryption of such things.

    12. Re:Huh? by Anonymous Coward · · Score: 1, Interesting

      If a project doesn't require strong encryption, does it require encryption at all?

      ROT-13 is eminently useful. So is encryption by printing text upside down at the bottom of a magazine page so you don't accidentally see the answers to a quiz.

      The password of a database could be stored lightly encrypted in a web server's config file. Just strong enough that it can't be directly decoded by someone taking a quick peek over your shoulder.

      Communication between a rifle and a smart bullet can be relatively lightly encrypted. By the time the code has been cracked the bullet has already made the hole it was destinend to make.

      A program activation key (like PC games have) doesn't need to be very strong because it can always be cracked at a different point, i.e. by disassembling or modifying the program. No sense having a steel door in a house if the walls are cardboard (and cannot be made stronger).

    13. Re:Huh? by gkhan1 · · Score: 4, Informative

      There are a few things I wish to clarify about your post

      If you don't want normal people to access the project, a standard encryption like 128bit AES is enough to feel safe.

      First off, right now 128 bit AES is virtually unbreakable. I mean, the US government has approved 128 bit AES for use in encrypting classifed documents. That should tell you alot. It's true, maybe in 10 years or so, one might be able to crack 128 bit AES in a few weeks or so, which is kinda bad for a modern cipher. But you can rest assured, if you use 128 bit AES (correctly implemented, and with a good password), there isn't a force on earth that could crack it (right now, that is).

      By normal people I mean bored people with only little computing power.

      This statement makes no sense at all. Do you have any idea how fast AES is? On my puny, 2 year old, cheap crap Dell computer, I just benchmarked 256 bit AES, it can encrypt 55.3 MB/s. Fifty-five megabytes per second! That's fast as hell! By little computing power, are you reffering to ENIAC? 'Cause I bet even that transistor-less monster can crank out a few kbs per seconds, AES is that fast. I routinely watch Hi-Def movies on a drive encrypted by TrueCrypt. That means that the movie is decrypted on the fly, while I'm watching it!

      And even that will probably not be enough against black-ops a la your-favorite-secret-agent-franchise...

      I HATE IT when people say "Well, I'm sure that NSA could crack any cipher, their so secrative and so cool!" NO THEY COULDN'T. No one can crack a 256 bit AES with a correct implementation (and a good key). It's just not doable. I refer you to an earlier post of mine, where I got really pissed and did a few calculations. You cannot crack 256 bit AES. It's. Not. Possible.

      The mistake you seem to be making in your post is that you assume that most encrypted material get cracked because they used a weak cipher. That is not true. 99.9999% of all modern codes that are cracked are cracked because of a poor implementation. Some-one selects a bad password, maybe someone gets your PGP key from your computer, maybe a secret agent beat the crap out the poor IT guy and got in. Whatever. It's simply not feasable to crack modern ciphers by cryptanalysis. It's virtually impossible, and there are so many easier ways to do it.

      In conclusion: If you want your material safe, it's fine to use 128 bit AES, but there's no reason not to use 256 bit, so you could just as well use that. Just make damn sure that you use a good password and keep it safe. And no, a quote from Napoleon Dynamite is NOT a good password.

    14. Re:Huh? by Anonymous Coward · · Score: 0

      I don't really see this as a "lapse" in security. I mean, it was an XML file with updated scares, not a SQL database with every known Social Security Number. The application in question (a flash scoreboard) doesn't exactly call for some kind of PKE scheme.

      Agreed. This was a solution to a minor problem. The entire scope of the project was Wimbledon so if the "encryption" lasts a day, everyone who's going to pay for up-to-the-minute streaming is already onboard. After that, there's nothing to be gained from harder encryption and everything to be lost. As a friend of mine was fond of saying: "the only part of a software deployment that will work perfectly everytime is the part that is designed to break." In this case, they can almost instantly work around (knock on wood) issues on the fly: something that is probably not possible with a full-on solution involving multiple development and deployment teams.

    15. Re:Huh? by bladesjester · · Score: 1

      Gone camping lately? Some of the high end gear is extremely expensive.

      --
      Everything I need to know I learned by killing smart people and eating their brains.
    16. Re:Huh? by JasonTik · · Score: 1

      The quote is the key. What you posted is just the ciphertext.

    17. Re:Huh? by Luthair · · Score: 1
      This statement makes no sense at all. Do you have any idea how fast AES is? On my puny, 2 year old, cheap crap Dell computer, I just benchmarked 256 bit AES, it can encrypt 55.3 MB/s. Fifty-five megabytes per second! That's fast as hell! By little computing power, are you reffering to ENIAC? 'Cause I bet even that transistor-less monster can crank out a few kbs per seconds, AES is that fast. I routinely watch Hi-Def movies on a drive encrypted by TrueCrypt. That means that the movie is decrypted on the fly, while I'm watching it!
      Actually it made perfect sense, the parent said 128-bit AES was sufficent when protecting data from normal people and then proceeded to define normal as someone with access to only a little computing power. They were referring to breaking the encryption, not encrypting or decrypting.
    18. Re:Huh? by frostoftheblack · · Score: 1

      No, it does not.

      Believe it or not, this is a psychological disadvantage. If you had semi-sensitive information, and you encrypted it, you'd feel semi-safe, wouldn't you? Unfortunately, most people would encrypt that (in a weak algorithm), and say, "great, that's done". It gives them a false sense of security. It affects you psychologically into thinking your data is safe, or even semi-safe. But do you really distinguish the difference between safe and semi-safe? I know I can't...

      What about if there is no encryption? It's probably better than weak encryption. If you know it is not safe, you will be careful what you do with it. You'll make certain that wherever you take your data (or send it), it won't get into the wrong hands. You know it's not safe, so you protect it. If I know the source code to my secret project is unencrypted, I'll make sure nobody can access it. I'll treat it as if I can't let it be stolen, not as if it's okay to be stolen and not read.

      If it's sort of safe, you think it's safe and therefore you let your guard down. Worse idea.
      It's better to have no encryption than very weak encryption.

      --
      Do not mark in this space. For official office use only.
    19. Re:Huh? by gkhan1 · · Score: 1

      Ahh, yes, now I see, I read his comment wrong. Sorry 'bout that. My point still stands though, there is no reason not to use 256 bit AES instead of 128 bit.

    20. Re:Huh? by Tablizer · · Score: 1

      .|A(0{?y01/3z4xy0|?|B|L-Kfpkxey^tom5638BHQ{y9|G.Ak `he&5'|_pl_464:UO>{z7{G@C?D=yDACAFA{/z-z./2

      That is Perl that prints, "Osama is Great and will conquer the evil crusador Bush"

      --
      Table-ized A.I.
    21. Re:Huh? by WuphonsReach · · Score: 1

      I HATE IT when people say "Well, I'm sure that NSA could crack any cipher, their so secrative and so cool!" NO THEY COULDN'T. No one can crack a 256 bit AES with a correct implementation (and a good key). It's just not doable. I refer you to an earlier post of mine, where I got really pissed and did a few calculations. You cannot crack 256 bit AES. It's. Not. Possible.

      Well, no they couldn't for brute force attacks on the key.

      But that's not the only attack vector out there for AES (or other block ciphers). My copy of Practical Cryptography is buried at the moment, but it gives a very good list of the various methods of attacking ciphers. Along with a run-down of the AES finalists and where things might be weak.

      There's some arguments to be made that 128bit AES is only good for about 20-30 years and that you need to use 256bit AES to be more sure of keeping secret stuff secret for 50-60 years. (Again, the first few chapters of Practical Cryptography cover this choice.)

      Besides, as you noted, most attacks focus on breaking the implementation or using social engineering / wiretaps / keystroke logging / spyware to simply steal the passphrase or key as it's being entered / accessed. No need to break the algorithm (or brute force) at all if you can get the key some other way.

      --
      Wolde you bothe eate your cake, and have your cake?
    22. Re:Huh? by gkhan1 · · Score: 3, Interesting

      This is exactly my point (maybe I wasn't very clear ;). If you want to break the encryptions, you don't do it using cryptanalysis. The only way is exploiting the human factors. The ciphers themselves are solid. That's why I said "using the correct implementation and a good key" all the time. If you encrypt something with a tool like TrueCrypt which uses a rock solid, completly bulletproof implementation with a good password (and, ofcourse, assuming that no one has hacked your system) you will be completly safe from any potential snoopers.

      I really can't say enough good things about TrueCrypt. Every step of the process is done 100% right. What it does is that it it mounts a virtual drive on your system that is encrypted to a file on your harddrive. There is no trace in the files themselves that they are encrypted, they are completly idestinguisable to random noise. You can even hide a hidden drive inside a volume (so if someone forces you to reveal your password, you can still hide a bunch of files inside a volume). It is completly impossible to know whether a hidden drive even exists within a virtual drive if you don't have the password (for the hidden drive that is, which should be different from your standard drive password). It also includes tons of other features, you can choose any cipher you like, from Blowfish to 3-DES (although I have no idea why you wouldn't just go with 256 bit AES), you can backup the fileheaders if someone loses their password, you can use keyfiles in addition to your passwords, you can create "travel disks" so you can take your encrypted stuff on the road an not have to install TrueCrypt on every computer you wish to use, and any other feature you could possibly want if you want to encrypt data. If you don't want to bother with PGP, you could even make a tiny drive, add your files to it, and email it to someone! It's also fast as hell, as I said, you could watch Hi-Def movies from an encrypted drive and it will decrypt it on the fly and you wont notice a thing. All that, and it's open source! I really encourage anyone to use it that has a need to encrypt data.

    23. Re:Huh? by Anonymous Coward · · Score: 0



      WHATEVER!

      jeeez...!

    24. Re:Huh? by popeguilty · · Score: 1

      Ah, Perl, the only language that looks the same before and after encryption.

    25. Re:Huh? by Anonymous Coward · · Score: 0

      Of course it does. The lock to your house is most certainly breakable. Does that mean you should throw away the door?

      YES.

      My god a thousand times yes.

    26. Re:Huh? by Eivind · · Score: 1
      You're missing the point. Using "simpler" (as in childsplay) crypto rather than standard well-tested crypto in low-security applications would make sense if doing so saved you significant amounts of programming-time, working-memory or cpu-time or had other significant advantages.

      That's not the case, infact the oposite is likely to be the case as aes(message,key) is likely to be well-tested, well-documented code you can simply use whereas xor_with_sillystring(message) is likely to first need being written by you, then debugged etc.

      Thus, the only scenario where it makes sense to use sillycode is in cases where the easy crackability of the ciphertext is a feature, something you explicitly want.

      "We don't need a million years, only a week of security" is not an argument if you can have the million-years security more easily than the week security. (ignoring the very real possibility that you'll make a mistake and your week-security turns out to be 2-seconds security)

    27. Re:Huh? by bean123456789 · · Score: 1

      You cannot crack 256 bit AES. It's. Not. Possible.

      Not true, just nobody has figured out the attack for it yet! At one point in time the Ceaser cypher was "unbreakable". As long as the original data can be brought back, the cypher can be broken. Why do you think people are always trying to figure out better encryption schemes?

    28. Re:Huh? by Anonymous Coward · · Score: 0
      I actually personally had to overcome this very problem today.

      We were discussing storing customer account numbers, both public key encrypted as well as the last four digits for printing on the customer's receipt. The plan was to also store a hash of the account number so that we could safely transmit hashes to a web service to search the database and return results. The hash would use a "secret salt." The team who developed the hash were convinced that their scheme was secure because it was using SHA-256.

      But a secret isn't a secret if the bad guys can steal a hard drive containing that secret, and a credit terminal isn't always located in a secured environment. I pointed out that if someone gained access to their secret salt they could easily perform a dictionary attack and deduce every account number given a database of hashes. I even scratched up a demo program that showed someone could crack their "secure" scheme in under a second if they knew the secret salt.

      The epiphany came when we realized that we'll reduce our exposure by transmitting (but not storing) a cleartext account number than we will be if we store the secret salt everywhere, sending only the hash of the account number. At least we'll be exposing numbers only one at a time, rather than risking a database full of them.

      It's a weird feeling when you realize that there are real-world cases where you've improved overall security by NOT encrypting rather than by using bad encryption. Besides, we send the cleartext over SSL to at least thwart the network hackers.

  6. Let me be the first to say... by ChePibe · · Score: 5, Funny

    Idiots!

    1. Re:Let me be the first to say... by Anonymous Coward · · Score: 0

      I think you're missing the: Gosh!

    2. Re:Let me be the first to say... by Bluesman · · Score: 1

      No, he's missing the Frickin' :-)

      --
      If moderation could change anything, it would be illegal.
  7. The client had the key anyway. by vidarlo · · Score: 4, Insightful

    If you read the article, you'll see that he found the key in the flash applet that presented the data to the website visitors. So even if they used a truly random key, it would be worth no more, since the client could just read the flash file (de-assemblers for flash is out there. Search on google.), and get the key. So really, there is no point of better encryption, because the determined people will get the key anyway.

    Remember that flash runs on your computer. Thus, the encryption key has to be on your computer so the flash application can decode the XML file and show you the results. As long as Trusted Computing does not excist, there is no way to stop a determined person from getting the key. Thus, using a stronger key would not make it more difficult. It is not like the key was discovered by accident. The writer of TFA was looking for the key in the flash file...

    Nothing here to see, please move along!

    --
    Assembling etherkillers for fun an profit
    1. Re:The client had the key anyway. by daeg · · Score: 3, Informative

      You don't even need to decompile the flash. Unless recent flash versions have changed, the majority of actionscript is almost completely readable directly in the file with little-to-no obfuscation.

  8. Preemptive Questioning Your Own Answers by soloport · · Score: 5, Insightful

    It was totally retarded, why do people like it?

    Look, it's all right there:
    Q. Why do people like it?
    A. It was totally retarded.

    You're, uh, one step away from Yoda-speak.

    1. Re:Preemptive Questioning Your Own Answers by roman_mir · · Score: 1, Funny

      Totally retarde the movie was, why people like it clear is to me now. I thank you for mind of mine clearing now, go I to the street and preach will I my ideas.

      --
      You can't handle the truth.
    2. Re:Preemptive Questioning Your Own Answers by roman_mir · · Score: 2, Funny

      Flamebait the parent post was no more than retard the moderator could not joke outfigure.

      --
      You can't handle the truth.
  9. Exactly! by FatSean · · Score: 4, Insightful

    Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

    --
    Blar.
    1. Re:Exactly! by vidarlo · · Score: 4, Insightful
      Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

      To force people interested in live stats either to view their website (=ad revenue) or watch their tv broadcast (=ad revenue). 3rd party apps accessing the information means less ad revenue. Simple as that.

      --
      Assembling etherkillers for fun an profit
    2. Re:Exactly! by Ohreally_factor · · Score: 1

      Sports scores are time sensitive information to those that are betting on them. Thus, as pointed out elsewhere, the crypto need only delay the information by a few seconds to be effective. If this doesn't make the concept clear, then see this movie.

      --
      It's not offtopic, dumbass. It's orthogonal.
    3. Re:Exactly! by Burning1 · · Score: 1

      Because it's too easy to forge packets and create cheated scores. That's probably why someone dug deep enough to discover the key.

    4. Re:Exactly! by Anonymous Coward · · Score: 0

      Except the BBC don't need ad revenue.

  10. DMCA? by Eudial · · Score: 1

    What ever happened to the DMCA?

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
    1. Re:DMCA? by LiquidCoooled · · Score: 1

      DMCA = America.

      Wimbledon = England.

      --
      liqbase :: faster than paper
  11. Flash player 8 by pjbgravely · · Score: 3, Interesting

    I see even so called Linux friendly IBM is blocking Linux users out because there is no Flash 8 for Linux yet. Oh well maybe next Wimbledon. Is there a Flash player 8 out for Mac?

    --
    Star Trek, there maybe hope.
    1. Re:Flash player 8 by Anonymous Coward · · Score: 0

      The number of tennis viewers is probably somewhat less than the number of soccer viewers. So, in essence, who gives a fuck?

    2. Re:Flash player 8 by spiff8675309 · · Score: 1
      I see even so called Linux friendly IBM is blocking Linux users out because there is no Flash 8 for Linux yet. Oh well maybe next Wimbledon. Is there a Flash player 8 out for Mac?

      Yes, Flash Player 8 is standard. The public beta of Flash Player 9 http://www.adobe.com/products/flashplayer/public_b eta/ is also available (at least for Mac Intel).

    3. Re:Flash player 8 by Anonymous Coward · · Score: 0

      releas of flash 9 is out for ppc macs as of the 27th, it looks

      http://www.adobe.com/shockwave/download/index.cgi? P1_Prod_Version=ShockwaveFlash&P2_Platform=MacOSX

    4. Re:Flash player 8 by pjbgravely · · Score: 1

      Flash player 8 may be standard, but with all sites that don't block Flash player 7 (but say they only work with 8) seem to work perfectly in the Linux release of Flash player 7. Really I am complaining about being blocked.

      --
      Star Trek, there maybe hope.
    5. Re:Flash player 8 by corychristison · · Score: 1

      My youngest brother is a Flash animator [mostly for fun -- but he want's to be an Animator when he finishes high school]

      There have been numourous times he's sent me a .swf file asking if I liked it, and it sometimes works but most of the time only certain parts of the animation work [ever export an advanced Flash 7 file as a GIF image? -- same thing here]

      The problem here is that all he needed to do was export for a lower version. Honestly, in most cases, you can export as Flash 6 and still maintain intended functionality... It's just that people don't understand that not everyone can view Flash 8 files.

    6. Re:Flash player 8 by 42forty-two42 · · Score: 1

      Flash Player 9 will be available for linux, sometime later this year.

  12. Re:I thought Napoleon Dynamite was a horrible movi by Anonymous Coward · · Score: 0

    Napoleon Dynamite IS a horrible movie, that's why it is liked so much. It's PAINFUL to watch, took many breaks in between the first time through.

  13. Microsoft uses "Wildebeest!!" as a password by Anonymous Coward · · Score: 1, Interesting

    In Excel, the Solver, Analysis Toolpak and Autosave add-ins are protected using the password "Wildebeest!!", and the Internet Assistant VBA add-in uses the password "Weezaarde!?"... More info about it is here.

  14. Gosh! by fdiskne1 · · Score: 3, Funny

    I wonder if the guy who cracked this has nunchuck skills and bowhunting skills too.

    --
    But why is the rum gone?
  15. sweet tags, napoleon by KevetS · · Score: 1

    Yay for juxtaposition of tags! I never would expect these to go together

    TAGS: wimbledon | ibm | napoleon | dynamite | encryption | liger |

    --
    This is my United States of whatever.
  16. This is pretty much.... by Itninja · · Score: 3, Funny

    ....the worst post ever made.
    Please, ITninja, like anyone could even know that.

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    1. Re:This is pretty much.... by Aquatic · · Score: 0
      ....the worst post ever made.


      I've heard that so many times it's lost all meaning.
      --
      Use your Blackberry Pearl as a Bluetooth Modem in OS X
  17. Re:I thought Napoleon Dynamite was a horrible movi by plopez · · Score: 3, Insightful

    it is much more fun to talk about than it was to actually see it. which is one marker of a cult classic.

    --
    putting the 'B' in LGBTQ+
  18. Spending too much time on Onion by alamandrax · · Score: 1

    I just read that headline like Doyle Redland. Is this even news?

    --
    'tis but a scratch.
  19. Script substrings by Beryllium+Sphere(tm) · · Score: 1

    >if you calculated the number of substring with say, 1-10 words, I think you'd find that the key space is more than large enough.

    Let N be the number of words in a script.

    Number of 1-word substrings: N
    Number of 2-word substrings: N - 1 (because the last word can't begin a 2-word substring)
      subtotal: 2N - 1
    Number of 3-word substrings: N - 2
      subtotal: 3N - 3
    Number of 4-word substrings: N - 3
      subtotal: 4N - 6

    10N - 45 is a miserable excuse for a keyspace.

    Scripts of popular movies such as the Star Wars trilogy are obvious things to include in a cracking dictionary.

    1. Re:Script substrings by Wolfrider · · Score: 4, Funny

      --Those responsible for the cipher key in question, have been sacked.
       
      We apologize for the inconvenience.
       
      A m00se once bit my sister...

      --
      .
      == WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
    2. Re:Script substrings by (H)elix1 · · Score: 4, Interesting

      Scripts of popular movies such as the Star Wars trilogy are obvious things to include in a cracking dictionary.

      Amen!

      I've seen this on some of my external servers - long lists of dictionary attacks. For a while someone was trying to log into executioner. Before an IP filter was added, we would get tons of login attempts in the logs. Quotes were always in there, including things like Darth quotes (Ifylofd, Tfiswto, Issapinfs, Ysnhcb, and the l33t spelling variants of words and phrases). It became a bit of a game to figure out who could guess the quote based on the attempted password. If you think the first letters of a quote are protection, you are in for a rude awakening when you get back into the office next week. (Happy 4th of July to those in the States)

      --
      +++ UGUCAUCGUAUUUCU
    3. Re:Script substrings by mcpkaaos · · Score: 1

      That might explain why Lucas keeps changing them.

      --
      It goes from God, to Jerry, to me.
    4. Re:Script substrings by archgoon · · Score: 2, Informative

      Okay my guesses are Ifylofd -> I find your lack of faith disturbing Tfiswto -> The force is with you Issapinfs -> I sense a presence I have not felt since... Ysnhcb -> You should not have come back. So, how did I do?

    5. Re:Script substrings by evilneko · · Score: 0

      Consider my passwords changed ;) Actually, I think I only used a quote for a password once: and I used the whole thing, replaced a number with its numeral, and sprinkled in a few caps for good measure. It made for a nice long password.

      --
      Slashdot - where to disagree, is to be a troll
    6. Re:Script substrings by (H)elix1 · · Score: 1

      Those were are guesses too. The passwords were tried in blocks, so you could get an idea of the movie they were pulling from. Some stuff we never did find a match for, but it seemed like they were not trying a random letter generator.

      --
      +++ UGUCAUCGUAUUUCU
    7. Re:Script substrings by HeroreV · · Score: 2, Funny

      You fail at life, but you win on /.

    8. Re:Script substrings by LunarCrisis · · Score: 1

      I'm guessing that Tfiswto is actually "The force is strong with this one"

      --
      Mr. Period: Nine is the one that's right by ten!
      Nine: One day I will kill him. Then, I will be Ten.
    9. Re:Script substrings by Bruce+Allen · · Score: 1

      Yeah, movie quotes are too easy. It's much better to use first letters of memorably-outrageous things you want to do to people you know! It's pretty easy to fit some numbers in there too...

  20. eets a slayjhammer by Anonymous Coward · · Score: 3, Funny

    It's a diversionary tactic, gosh!

    How do you keep a bunch of computer nerd hackers in suspense?...

  21. What's the big deal...? by __aaclcg7560 · · Score: 1

    The quote cipher was probably shifted over by one, reversed, and hashed a bazillion times. It's very unlikely that one of the /. script kiddies could ever figure it out.

    1. Re:What's the big deal...? by Computer+Guru · · Score: 1

      RTFA - it was a script kiddy (by and large).

    2. Re:What's the big deal...? by Anonymous Coward · · Score: 0
      The quote cipher was probably shifted over by one, reversed, and hashed a bazillion times. It's very unlikely that one of the /. script kiddies could ever figure it out.


      And you think that would make the key stronger? Congratulations! You've demonstrated that you know less about encryption than the script kiddies you deride!
  22. Thank you, Captain Obvious by JourneyExpertApe · · Score: 4, Funny

    We're looking for a good English to English translator. Would you be available soon?

    --
    If you can read this sig, you're too close.
  23. Is there any point to weak encryption? by Beryllium+Sphere(tm) · · Score: 2, Informative

    >If a project doesn't require strong encryption, does it require encryption at all?

    That is an insightful question.

    Historically, weak encryption had a niche for information whose value dropped sharply over time. If you have a lame algorithm that a cluster of supercomputers can crack in a week, you can still safely use it for messages like "unit 3, fall back to hill 41, await instructions".

    Sports scores might fall into that category, though the problem in this particular case was not weak encryption, it was a failure of key management.

    The other niche is information that you don't want to leak, but that nobody will pay enough to get cracked. No crook motivated by money would crack 40-bit encryption to get the number of your prepaid credit card with the $100 limit. The problem with this idea is the number of crackers motivated by ego rather than money.

    Some people have believed that weak crypto makes sense if the most cost-effective attack on the data is to attack something other than the crypto. This was the reasoning behind WEP, "Wired Equivalent Privacy". The idea was that since anyone could tap a wired network, the crypto didn't need to be strong. This failed because the crypto was not just weak but sloppy, causing it to collapse into near-zero protection, and because the threat models weren't comparable. The "cost" of tapping a wired network includes showing your face and getting into the building. Wardriving is much safer for an eavesdroper.

    All these ideas are nonsense today because strong crypto is just as easy to deploy as weak crypto, except in the world of puny embedded devices.

    1. Re:Is there any point to weak encryption? by HiThere · · Score: 1

      You left out one important one:
      You want the information to appear to be protected, but to leak anyway.

      If you want this to ever work, you need to routinely use weak encryption on things of varying importance, so that the importance of a message is unpredictable from the contents. (Naturally you will make sure that nothing REALLY important ever gets encrypted weakly ... unless either you want it to leak, or a mistake was made.

      This is the category that includes easter eggs, etc. And I suspect that the Wimbledon scores count as easter eggs.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  24. It was on Digg... by Computer+Guru · · Score: 0, Offtopic

    ..and the result was a disaster. Digg v3 isn't what it's cracked up to be. http://neosmart.net/blog/archives/205

  25. Huh? by maddogdelta · · Score: 1, Insightful

    .|A(0{?y01/3z4xy0|?|B|L-Kfpkxey^tom5638BHQ{y9|G.Ak `he&5'|_pl_464:UO>{z7{G@C?D=yDACAFA{/z-z./2

    ??

    Somehow, I'm missing something about how obvious this "quote" is supposed to be.

    --
    -- There are 10 kinds of people in the world, those who understand binary and those who don't.
  26. Star Wars + Napolean Dynamite by sigzero · · Score: 2, Funny

    This was hilarious! http://www.atomfilms.com/sw/content/anakin_dynamit e

  27. Is there an IANAL in the house? by glwtta · · Score: 1

    So, he disassembled a flash program to get a key to "circumvent" encryption. Is the DMCA's formidable vagueness enough to cover this?

    It's not clear that the "work" is or isn't protectable (shouldn't be, but I remember a lot of fuss about similar sports related content from some other site). Or is it now enough to have token encryption like this to make it illegal to "circumvent" it?

    --
    sic transit gloria mundi
    1. Re:Is there an IANAL in the house? by Schraegstrichpunkt · · Score: 1

      Are sports scores copyrightable? I'd expect them to fall under "mere facts".

      --
      http://outcampaign.org/
    2. Re:Is there an IANAL in the house? by belg4mit · · Score: 1

      Depends on where you are. In the US the MLB certainly seems to think it owns
      exclusive rights to them and everything else.

      --
      Were that I say, pancakes?
    3. Re:Is there an IANAL in the house? by Brandybuck · · Score: 1

      The scores themselves are public knowledge. Compilations of the scores are not, and are copyrightable. In other words, if you attend the game and post the final score, you're fine, but if you cut-n-paste from ESPN, you're in violation of copyright.

      --
      Don't blame me, I didn't vote for either of them!
    4. Re:Is there an IANAL in the house? by eril · · Score: 1

      Under US law/precedence, "mere facts" which are time sensitive (like stock quotes, or sports scores) can be copyrighted.

  28. It's satire by shaneh0 · · Score: 2, Informative

    Dynamite was the most deft satire of high school life that I've ever seen. There are a ton of people that are twentysomething or younger that DONT'T like the movie, but in my experience, most do. And the older you get, the more you're removed from todays High School experience, the less likely that you'll enjoy the movie.

    1. Re:It's satire by roman_mir · · Score: 1

      I first watched it when I was 28 or 29, don't remember exactly. Don't get me wrong, there were some funny moments in there that I enjoyed, but the overal impression from the flick was that of a total degradation, retardation and in general complete depression. And I enjoy a good dose of depression as much as the next guy, but all things considered, I would rather do something else than watch that movie ever again.

      --
      You can't handle the truth.
    2. Re:It's satire by frederickroyceperez · · Score: 1

      Fooey on youee

  29. IBM's approach by DoofusOfDeath · · Score: 0, Redundant

    They can encrypt is however they want to, ok??? GOSH...

  30. That's nothing... by Anonymous Coward · · Score: 1, Interesting

    That's nothing... For a long time (and maybe still) one US state's master Medicare/Medicaid database was secured at the admin level with a username/password from an AC/DC song's lyrics. Rock on!

  31. Don't ask me by Anonymous Coward · · Score: 0

    But is this a rather glaring lapse in security...?

    Well don't ask me, I voted for Pedro!

  32. Why, yes. Yes he does. by sketchman · · Score: 1

    How do I know this.
    I'm his uncle. We went wolverine hunting once.

    --
    "In a world that exists without walls and fences, who needs Windows and Gates?"
  33. Your aim sucks. by The+Last+Gunslinger · · Score: 1

    I'm sure the entire IBM corporation and its 300K+ employees intended to personally slight the linux user community with the use of this atrociously snobby and exclusive Flash 8 thingamabobber.


    You could have at least taken a potshot at Macromedia for not having released a Flash 8 plugin for linux yet. They would seem to be the ones who have left you hanging out to dry.

  34. you can by citizenr · · Score: 1

    you can always wine_run W32 Firefox with W32 flash plugin :)

    --
    Who logs in to gdm? Not I, said the duck.
    1. Re:you can by Schraegstrichpunkt · · Score: 2, Insightful

      Because Linux only runs on x86.

      --
      http://outcampaign.org/
  35. Randomly Generated? by feepness · · Score: 4, Funny

    Is it not possible that this was a randomly generated key that simply happened to be a Napoleon Dynamite quote?

    1. Re:Randomly Generated? by 42Penguins · · Score: 1

      computer hacking skills... infinite monkey-typewriting skills...

  36. Copyright Violation by DrSkwid · · Score: 1

    There is no "fair use" in the UK.

    No-one tell Darl

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  37. Easily made far more difficult by Anonymous Coward · · Score: 0

    The simple encryption which they used coudl easily be made far more difficultto circumvent simply by using a random key, inserting it into the flash app as it is loaded (simple string replace), then using a key to retreive the encrypted scores.

    Bang now each time the scores are loaded the flash app would have to be disassembled, which isnt going to happen.

  38. It's not just a pissing contest by Schraegstrichpunkt · · Score: 2, Informative
    It's a common misconception that encryption is supposed to be 'unbreakable' (for some large value of 'unbreakable'), in all instances. In the real world of security (I.E. DoD etc...) it's quite common to have the complexity and difficulty of the cipher or code to match the 'speed value' (to coin a term) of the information. For example, diplomatic messages need to be kept hidden essentially forever - thus strong encryption. Tactical communications between Army formations or Navy ships can have a much lesser grade of encryption applied because their value is almost always rendered moot before they can be broken.

    Do you know first-hand that this is true and is the policy?

    The 'need' for ultra-strong, resist-attack forever grade encryption for personal use is an artifact of the (not uncommon) geek need to be [bigger|faster|stronger] than anyone else when it comes to computer stuff.

    No. Well, yes it is, but it's not only a 'geek artifact'. On the Internet, if we need any cryptography at all, we need the strongest cryptography we can find, because we never know how capable our adversaries are. Actually, we know a little about our adversaries' capabilities: any adversary is capable of at least every attack that has ever been published, and possibly some attacks that haven't. Whenever we design a system using strong cryptography, we are designing the system with knowledge of current attacks. However, the system will be subjected to both current attacks and future attacks, so we need a margin of security[1] that is large enough that we can have confidence that the system will not be practically breakable while it is still in use.

    Basically, we need strong cryptography because designing systems against future, unknown attacks using knowledge of current, known attacks. This is harder than it looks.

    -----

    [1] By "margin of security", I mean, loosely, the difference between the limit of computing power that we assume will be available to any adversary, and the amount of computing power that we assume will be required to break the system.

    --
    http://outcampaign.org/
    1. Re:It's not just a pissing contest by DerekLyons · · Score: 1
      It's a common misconception that encryption is supposed to be 'unbreakable' (for some large value of 'unbreakable'), in all instances. In the real world of security (I.E. DoD etc...) it's quite common to have the complexity and difficulty of the cipher or code to match the 'speed value' (to coin a term) of the information. For example, diplomatic messages need to be kept hidden essentially forever - thus strong encryption. Tactical communications between Army formations or Navy ships can have a much lesser grade of encryption applied because their value is almost always rendered moot before they can be broken.

      Do you know first-hand that this is true and is the policy?

      Both firsthand (USN experience) and second hand (about two decades of studying the history and practice of cryptography). It's a fairly well know fact among those who have studied the subject.
       
       
      The 'need' for ultra-strong, resist-attack forever grade encryption for personal use is an artifact of the (not uncommon) geek need to be [bigger|faster|stronger] than anyone else when it comes to computer stuff.

      No. Well, yes it is, but it's not only a 'geek artifact'. On the Internet, if we need any cryptography at all, we need the strongest cryptography we can find, because we never know how capable our adversaries are.

      That's true... If you have an actual adversary. I seriously doubt any significant number of casual encryption users[1] having anything worth protecting.
       
       
      Basically, we need strong cryptography because designing systems against future, unknown attacks using knowledge of current, known attacks. This is harder than it looks.

      That's true *if and only if* the information is worth protecting forever. If it doesn't need protecting forever - it doesn't need strong encryption as it doesn't need to be protected from theoretical future attacks.

      [1] Folks who encrypt their email from paranoia or politics, as opposed to having something to actually hide. I.E. virtually everyone.
  39. Me Jar Jar is safeish by Tablizer · · Score: 2, Funny

    They should have used Jar Jar Binks and Westly Crusher quotes. Nobody wants to remember them.

    --
    Table-ized A.I.
    1. Re:Me Jar Jar is safeish by Anonymous Coward · · Score: 0

      Are you a member of this cult? ;)

    2. Re:Me Jar Jar is safeish by nacturation · · Score: 1

      They should have used Jar Jar Binks and Westly Crusher quotes.

      Westly Crusher? Is that a mixture of The Princess Bride and ST:TNG?

      Picard: "Mr. Crusher, engage."
      Crusher: "As... you... wish..."

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  40. folms, shows and hackers? by proudhawk · · Score: 1

    Not sure where they get the idea that a single movie
    is so popular with the "hacker culture". C'mon! Napoleon Dynamite???
    perhaps a proper survey is in order here.....

    meanwhile, Eureka Seven is about to start and I don't want
    to miss the episode (for those that don't know, Eureka Seven
    is ANIME).

    --
    Understanding is much like a 3-edged-sword. in this: there are always 2 sides and the truth.
  41. Its fun to see what shows up sometimes by Marrow · · Score: 1

    I once plugged the wrong ram into a IBM RS/6000 40p machine. The
    machine bios warned me: "Danger Will Robinson"!

  42. The answer by Descalzo · · Score: 1
    Napoleon himself gives us the answer to that math problem.

    The number of different quotes in the movie that could be used: Like a finity.

    --
    I cried real tears when Li Mu Bai died.
  43. RIP humility by vain+gloria · · Score: 1
    .|A(0{?y01/3z4xy0|?|B|L-Kfpkxey^tom5638BHQ{y9|G. Ak `he&5'|_pl_464:UO>{z7{G@C?D=yDACAFA{/z-z./2

    That is Perl that prints, "Osama is Great and will conquer the evil crusador Bush"

    WORST. JAPH. EVER.
  44. This obviously isn't Encryption by marqer2001 · · Score: 1

    This obviously isn't an attempt by IBM to try an encrypt the data. I'm not even all that certain of a reason they would want to... I mean, its not like they're getting X amount of money for each time the results are checked. If they were, they would be stupid to not determine the total amount based on the number of times the XML files were accessed... this would allow for them to profit not only from users using their scoreboards, but people using others' as well. Its a simple way for IBM to maximize profit.