Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM using Napoleon Dynamite Quote to Encrypt Data

Posted by ryuzaki0 on from the masters-of-the-bo-staff dept.

schmack writes "A developer discovers a quote from the movie Napoleon Dynamite is being used as the cipher key by IBM to publish encrypted XML at this year's Wimbledon grand slam. But is this a rather glaring lapse in security or an easter egg for curious hackers, many of whom would surely be fans of the quirky movie?"

1 of 170 comments (clear)

  1. Re:Huh? by gkhan1 · · Score: 4, Informative

    There are a few things I wish to clarify about your post

    If you don't want normal people to access the project, a standard encryption like 128bit AES is enough to feel safe.

    First off, right now 128 bit AES is virtually unbreakable. I mean, the US government has approved 128 bit AES for use in encrypting classifed documents. That should tell you alot. It's true, maybe in 10 years or so, one might be able to crack 128 bit AES in a few weeks or so, which is kinda bad for a modern cipher. But you can rest assured, if you use 128 bit AES (correctly implemented, and with a good password), there isn't a force on earth that could crack it (right now, that is).

    By normal people I mean bored people with only little computing power.

    This statement makes no sense at all. Do you have any idea how fast AES is? On my puny, 2 year old, cheap crap Dell computer, I just benchmarked 256 bit AES, it can encrypt 55.3 MB/s. Fifty-five megabytes per second! That's fast as hell! By little computing power, are you reffering to ENIAC? 'Cause I bet even that transistor-less monster can crank out a few kbs per seconds, AES is that fast. I routinely watch Hi-Def movies on a drive encrypted by TrueCrypt. That means that the movie is decrypted on the fly, while I'm watching it!

    And even that will probably not be enough against black-ops a la your-favorite-secret-agent-franchise...

    I HATE IT when people say "Well, I'm sure that NSA could crack any cipher, their so secrative and so cool!" NO THEY COULDN'T. No one can crack a 256 bit AES with a correct implementation (and a good key). It's just not doable. I refer you to an earlier post of mine, where I got really pissed and did a few calculations. You cannot crack 256 bit AES. It's. Not. Possible.

    The mistake you seem to be making in your post is that you assume that most encrypted material get cracked because they used a weak cipher. That is not true. 99.9999% of all modern codes that are cracked are cracked because of a poor implementation. Some-one selects a bad password, maybe someone gets your PGP key from your computer, maybe a secret agent beat the crap out the poor IT guy and got in. Whatever. It's simply not feasable to crack modern ciphers by cryptanalysis. It's virtually impossible, and there are so many easier ways to do it.

    In conclusion: If you want your material safe, it's fine to use 128 bit AES, but there's no reason not to use 256 bit, so you could just as well use that. Just make damn sure that you use a good password and keep it safe. And no, a quote from Napoleon Dynamite is NOT a good password.