Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM using Napoleon Dynamite Quote to Encrypt Data

Posted by ryuzaki0 on from the masters-of-the-bo-staff dept.

schmack writes "A developer discovers a quote from the movie Napoleon Dynamite is being used as the cipher key by IBM to publish encrypted XML at this year's Wimbledon grand slam. But is this a rather glaring lapse in security or an easter egg for curious hackers, many of whom would surely be fans of the quirky movie?"

8 of 170 comments (clear)

  1. Huh? by LordKaT · · Score: 4, Insightful

    I don't really see this as a "lapse" in security. I mean, it was an XML file with updated scares, not a SQL database with every known Social Security Number. The application in question (a flash scoreboard) doesn't exactly call for some kind of PKE scheme.

    1. Re:Huh? by Stiletto · · Score: 4, Insightful


      If a project doesn't require strong encryption, does it require encryption at all?

    2. Re:Huh? by hyfe · · Score: 5, Insightful
      If a project doesn't require strong encryption, does it require encryption at all?

      Of course it does. The lock to your house is most certainly breakable. Does that mean you should throw away the door?

      Weak'ish encryption protects you against untargetted attacks, such as network-snooping. Anybody doing untargetted attacks are probably going to have massive amount of data to search through. Even the most simplistic encryption algorithm involving keys is going to force the attacker to include state-information in his application.. which as we all is just plain painfull on high-traffic networks.

      --
      "" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
    3. Re:Huh? by DerekLyons · · Score: 5, Insightful
      If a project doesn't require strong encryption, does it require encryption at all?

      Yes.
       
      It's a common misconception that encryption is supposed to be 'unbreakable' (for some large value of 'unbreakable'), in all instances. In the real world of security (I.E. DoD etc...) it's quite common to have the complexity and difficulty of the cipher or code to match the 'speed value' (to coin a term) of the information. For example, diplomatic messages need to be kept hidden essentially forever - thus strong encryption. Tactical communications between Army formations or Navy ships can have a much lesser grade of encryption applied because their value is almost always rendered moot before they can be broken.
       
      The 'need' for ultra-strong, resist-attack forever grade encryption for personal use is an artifact of the (not uncommon) geek need to be [bigger|faster|stronger] than anyone else when it comes to computer stuff.
  2. The client had the key anyway. by vidarlo · · Score: 4, Insightful

    If you read the article, you'll see that he found the key in the flash applet that presented the data to the website visitors. So even if they used a truly random key, it would be worth no more, since the client could just read the flash file (de-assemblers for flash is out there. Search on google.), and get the key. So really, there is no point of better encryption, because the determined people will get the key anyway.

    Remember that flash runs on your computer. Thus, the encryption key has to be on your computer so the flash application can decode the XML file and show you the results. As long as Trusted Computing does not excist, there is no way to stop a determined person from getting the key. Thus, using a stronger key would not make it more difficult. It is not like the key was discovered by accident. The writer of TFA was looking for the key in the flash file...

    Nothing here to see, please move along!

    --
    Assembling etherkillers for fun an profit
  3. Preemptive Questioning Your Own Answers by soloport · · Score: 5, Insightful

    It was totally retarded, why do people like it?

    Look, it's all right there:
    Q. Why do people like it?
    A. It was totally retarded.

    You're, uh, one step away from Yoda-speak.

  4. Exactly! by FatSean · · Score: 4, Insightful

    Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

    --
    Blar.
    1. Re:Exactly! by vidarlo · · Score: 4, Insightful
      Not sure why exactly they would want to encrypt the scores as they flew over the network though. The scores are public knowledge...who cares if they are sniffed? Technology demonstration? Wanted to use the 'encryption' buzzword perhaps?

      To force people interested in live stats either to view their website (=ad revenue) or watch their tv broadcast (=ad revenue). 3rd party apps accessing the information means less ad revenue. Simple as that.

      --
      Assembling etherkillers for fun an profit