IBM using Napoleon Dynamite Quote to Encrypt Data

schmack writes "A developer discovers a quote from the movie Napoleon Dynamite is being used as the cipher key by IBM to publish encrypted XML at this year's Wimbledon grand slam. But is this a rather glaring lapse in security or an easter egg for curious hackers, many of whom would surely be fans of the quirky movie?"

Huh?

[LordKaT]

I don't really see this as a "lapse" in security. I mean, it was an XML file with updated scares, not a SQL database with every known Social Security Number. The application in question (a flash scoreboard) doesn't exactly call for some kind of PKE scheme.

Re:Huh?

[Stiletto]

If a project doesn't require strong encryption, does it require encryption at all?

Re:Huh?

[hyfe]

If a project doesn't require strong encryption, does it require encryption at all?

Of course it does. The lock to your house is most certainly breakable. Does that mean you should throw away the door?

Weak'ish encryption protects you against untargetted attacks, such as network-snooping. Anybody doing untargetted attacks are probably going to have massive amount of data to search through. Even the most simplistic encryption algorithm involving keys is going to force the attacker to include state-information in his application.. which as we all is just plain painfull on high-traffic networks.

Re:Huh?

[DerekLyons]

If a project doesn't require strong encryption, does it require encryption at all?

Yes.
 
It's a common misconception that encryption is supposed to be 'unbreakable' (for some large value of 'unbreakable'), in all instances. In the real world of security (I.E. DoD etc...) it's quite common to have the complexity and difficulty of the cipher or code to match the 'speed value' (to coin a term) of the information. For example, diplomatic messages need to be kept hidden essentially forever - thus strong encryption. Tactical communications between Army formations or Navy ships can have a much lesser grade of encryption applied because their value is almost always rendered moot before they can be broken.
 
The 'need' for ultra-strong, resist-attack forever grade encryption for personal use is an artifact of the (not uncommon) geek need to be [bigger|faster|stronger] than anyone else when it comes to computer stuff.

The client had the key anyway.

[vidarlo]

If you read the article, you'll see that he found the key in the flash applet that presented the data to the website visitors. So even if they used a truly random key, it would be worth no more, since the client could just read the flash file (de-assemblers for flash is out there. Search on google.), and get the key. So really, there is no point of better encryption, because the determined people will get the key anyway.

Remember that flash runs on your computer. Thus, the encryption key has to be on your computer so the flash application can decode the XML file and show you the results. As long as Trusted Computing does not excist, there is no way to stop a determined person from getting the key. Thus, using a stronger key would not make it more difficult. It is not like the key was discovered by accident. The writer of TFA was looking for the key in the flash file...

Nothing here to see, please move along!

Preemptive Questioning Your Own Answers

[soloport]

It was totally retarded, why do people like it?

Look, it's all right there:
Q. Why do people like it?
A. It was totally retarded.

You're, uh, one step away from Yoda-speak.

Exactly!

[FatSean]

Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

Re:Exactly!

[vidarlo]

Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

To force people interested in live stats either to view their website (=ad revenue) or watch their tv broadcast (=ad revenue). 3rd party apps accessing the information means less ad revenue. Simple as that.

Re:well...

[tdvaughan]

Hm....so what you're saying is that if it's a lapse in security then it's a lapse in security but if it's an easter egg then it's an easter egg? I like the way you're thinking!

Re:What is with that movie?

[shotgunefx]

I ain't modding him up, but I won't mod him down either.

I really like the movie, granted it was annoying at times the first run through.

I imagine one of the reasons it's popular because it's a movie about "losers", you don't really see that too often. Even when you do, they characters aren't really losers, just perceived that way (and usually not perceived that way by the final reel).

Re:I thought Napoleon Dynamite was a horrible movi

[plopez]

it is much more fun to talk about than it was to actually see it. which is one marker of a cult classic.

Huh?

[maddogdelta]

.|A(0{?y01/3z4xy0|?|B|L-Kfpkxey^tom5638BHQ{y9|G.Ak `he&5'|_pl_464:UO>{z7{G@C?D=yDACAFA{/z-z./2

??

Somehow, I'm missing something about how obvious this "quote" is supposed to be.

Re:you can

[Schraegstrichpunkt]

Because Linux only runs on x86.

Re:What is with that movie?

[mh101]

Of course it's a cult classic.

A cult classic is a work (e.g. a movie or TV show) or group of works (e.g. songs by a certain band) that may not achieve widespread mainstream popularity but does attract devoted, even fanactical, attention from a select group. See cult film, cult televison, cult radio and cult following for related topics.
en.wikipedia.org/wiki/Cult_classic

There's plenty of people who don't like, or haven't seen, Napoleon Dynamite, but there are others who think it's one of the funniest movies they've ever seen. If everyone thought it was a fantastic movie, then it wouldn't be a cult classic.