Actually the liquid prohibition in airports do serve a purpose. It is the perfect customs barrier.
You cannot buy any local beverages and take with you because they will most likely break due to the low temperatures in the luggage compartment if you put it in the checked in luggage, and if you put it in the hand luggage security will throw it away.
This means that if people want to take liquor etc. home they will have to buy it at the last connecting airport thus increasing revenue. Also all airports on the way (plus airlines that sell beverages on board) will recieve extra income from water sales etc.
So instead of buying a cheap and good champagne locally in France for instance, you are forced to buy an expensive non-local champagne in the airport.
And the really cool twist: We are doing it for security, so you - the traveller - must pay for all the security checks through your ticket and airport tax costs!
Wow. What a bunch of one-sided WoW Zealot crap. </flamebait>
Don't get me wrong WoW looks nice, have a nice amount of content, and (from a programmer's point of view) has a really nice customiseability with LUA. However when you dig down below the nice graphics what you are left with is a child that only a WoW zealot could really love. And before you throw the you don't know what your talking about card I would like to mention that I have also played WoW since release and only stopped playing 6 or so months ago.
Why? The short answer: The game SUCKS!
The long answer:
Quality of support: Blizzard is about one thing making money and screwing over the players. With a player base of what? 4.000.000? There where annoying bugs that where unfixed for over 8 months - Harvesting bug anyone? And the support is a matter of you receiving a mail in you mailbox 1-2 days after submitting the bug with an automated reply saying yeah yeah we know it is there, go get an icecream for a month or two. One of the MMORPGs I have tried had a max 5 min. personal chat with a techie trying to find the cause of the problem and that was a MMORPG with a player base of maybe 40k-50k
Quality WoW servers: WoW what a bunch of crappy servers. Come on! What company would accept a web server that would have to be taken offline for 6 hours once every week to maintain? - answer NONE, but Blizzard/WoW zealots accept it (Just to get my Karma up: They are definately not running Linux:-) ).
Bad class design: The classes are way to specialised with almost no customisability. This results in "perfect" groups and classes that extremely unwanted in certain areas of the game. This is opposed to many games that have a certain overlap between classes thus enabling very different groups to handle the same task, but with different tactics.
"End" content: The content of the game is solely based (post 60, maxed faction relations) are based solely on Zealots. There is absolutely no content except instances for 60+, and those intsances are extremely hard (don't get me wrong that is a good thing), so you have to be member of a guild. Not only that but you need to collect the "perfect" group so you have to plan for a certain time to get all those together. And not only that (yeah yeah it's a long list:-) ) if you have a job (in RL) and have to leave at say 1 o'clock in the night lo and behold, you have a whole guild pissed that you are such a quitter. I only have one comment: I have one job I (that is pay cash) I don't need another (the cost cash). It's all about fun and instances are only fun if your a WoW Zealot that get adrenaline kicks and don't have a RL to worry about.
Player base: And size does not matter (at least not as much as you are trying to make it). The main reason for the 4 Mil players are a combination of a game that is really nice (sub 60) and which is the continuation of Diablo 2. A large part of the player base are simply players of Diablo 2 that continued to Blizzards new game. This is also a negative in WoW as I see it because you end up with a player base that consists of a large amount of 13-15 year old wannabes. Anyone remember all those annoying PK'ers in D2, well guess what they moved to WoW. This means that as opposed to most other MMORPGs there are absolutely no community in WoW compared to other MMORPGs, there are simply kill groups where some gets to do a lot of work (to get respect?) for setting up the next world boss/instance kill and a whole bunch of Zealots following orders. WoW is the first MMORPG where I would never trust walking up to someone and asking him to hold something valueable for a sec.
Equipment is everything: Last but not least, skill/build is nothing, equipment is everything. Because classes are so a like with very little customisation it really
Bob and Alice sharing the same secret is called shared secret.
A one-time-pad is when you use a shared secret to encrypt a message by taking the message and the shared secret and xor'ing them together.
Note that: 1. The key and message must have exactly the same length 2. The shared secret must be a uniform random (i.e. a shared sentence will not be enough) 3. The shared secret can only be used once
If that is satisfied it gives you the only provable 100% secure encryption (provided the shared secret is secret for all but Bob and Alice).
My main comments was that this was particular more secure than normal OTP passwords, so why bother to make a matrix with the information ?
And no there isn't anyway that you can make this secure (as the other poster have said in his reply there is always the man in the middle).
What you need to make this secure is some advanced cryptology (or said in other words - don't try this at home kids).
The are several approaches, one being Zero-Knowledge (ZK). ZK is a proof that you know a secret without telling the receiver anything about the secret. The proofs in these systems can't be recorded and played back, so in effect what an attacker can do is hear what is getting sent. If the proof succeds, then the server and client know they have the same key and they can derive a session key from this. Note that using this the man-in-the-middle will never learn the secret, he will just see the proof being sent over the line.
To give it a more pratical twist, consider the following protocol where you use a normal password and a one-time-password, just to improve security. 1. The user connects to the server. 2. The server replies, use OTP nr. 15, and use the nounce (random value) x_server. 3. The client makes a nounce himself: x_client
Computes the response r = H(password, OTP(15), x_server, x_client), where H is a cryptographic hash function.
The client then sends r, x_client to the server 4. The server checks that r == H(password, OTP(15), x_server, x_client).
If this is true then it is considered a succesful log in. 5. Both server and client can compute a session key from password, OTP(15), x_server, x_client using a hash function. Note this should NOT be the same hash function as in step 3 or you have sent the session key in clear text over the network.
A couple of notes about the scheme above: 1. The one-time-passwords should be distributed securely and kept securely (as you already mentioned yourself). 2. It's not zero-knowledge, just something similar. 3. It's smart, so it's most likely patented. 4. Never think cryptology is easy, that when it gets really insecure.
It might prevent a purely eavesdropping attack - at the cost of easy denial of service attack, but both phishing and man in the middle will work (very well at that).
And there is no one-time pad in the suggested solution. One-time pad is a (secure) encryption. There is OTP = One time passwords, which can be secure. The above would work I guess if you threw in
SSL conenction at log on
server certificate
educated users that actually check the complete correctness of the certificate each time
and a secure connection after log on (not necessarily encrypted, but one that can't be hijacked).
But given that solution, why use a 19x19 matrix and not just a normal list of 4 char one-time passwords?
Ok then do the following: Initate the log in 19x19 / 4 times and the system will be totally locked. Note you can't reuse unanswered request - problem easy for 1st year cryptology students, so left to the reader.
And the 2 other problems still pose a big problem.
Face it - the idea is crap. Don't fix a bad problem (passwords are weak) with crap - all you get out of it, is a system that stinks.
At every log in the user exposes some of the 19x19 grid, so an attacker can just eavesdrop until he has a fair part of the matrix and then keep trying to log in until he get only squares that he knows. This will take a fair amount of the attacker, but with a little patience he'll know alot of the matrix at the end of the month so he would prob. need (know half the matrix) ~2^8 to (know 1/4 of the matrix) 2^16 tries before succeeding.
It's very susceptible to man in the middle attack, simply let the user connect to you instead of the server and get him to answer the questions from the server, and when authenticated, drop the line to the user and continue with your connection to the server.
It's even more susceptible to phishing. Just keep letting him answer different queries in the square and make a lame excuse why the previous result couldn't be used (e.g. connection to DB temporarily lost, please try again:-P).
When you know a fair portion of the matrix simply try to log in until you get a hit in what you know of the matrix.
And that is not even taking into account that the user has to keep a 19x19 matrix secret for a month.
The morale is if you don't know crypto don't do it because this is even less secure than a pure password scheme because you give people a sense of security where there is none!
Some years ago a danish hacker managed to hack his way into pentagon. This was done by using the first letters in the title of the persons whose account he was trying to break.
Your way might prevent you from a dictionary attack, but not from any dedicated hacker who knows what he's doing, if the sentence is in any way related to you.
You should chose you passwords from/dev/random (to pick in the set of all allow characters) and memorize them. Then you might have a chance.
The article says it's impossible because alot of different things can't be satisfied:
Anonymity/Privacy
Infrastructure
Vote buying/Should "surfing"
Vulnerability to hackers
Most of these are easy to solve with trivial teqniques, and really
shows that the article shows that it is a restriction of peoples minds
and not the e-voting as such. It's easy to argument against everything
if you use the old way of thinking, and don't do the necessary research
into what is possible. I'll try and address the points and show that
there are teqniques to make them atleast as good as todays normal elections
and maybe even better.
A note I would like to make before embarking on this journey is that
elections should atleast until a certain amount of trust is gotten be
combined with normal election, so that people who doesn't feel confident
in the new system can always use the old. This is also due to all the
script kiddies out there who pose a major problem in terms of DOS attacks.
Anonymity/Privacy:
This is the point that is the most important about
democracy and therefore also the one that should be stressed the most.
The funny part about this is that it has been known how to do this for
the last 5 years following a paper by R. Cramer, R. Gennaro and
B. Schoenmakers: A
Secure and Optimally Efficient Multi-Authority Election Scheme and
probably before that by others. This is done with homomorphic encryption
which can be compared to putting your vote into a box and locking it.
Then you can take all the locked boxes and combine them into 1 big
(without opening them) and then open the big box and get the result, which
will tell nothing about what each person voted (unless they all voted the
same). And there are alot of other schemes that improve this in certain
ways or make voting in other ways. An example that improves the above
(from exponential decryption to polynomial) is by M. Jurik and I. Damgaard:
A Generalisation, a Simplification
and some Applications of Paillier's Probabilistic Public-Key System.
Infrastructure:
This is probably the thing they're most right about. The problem is that
to make something sufficiently secure you need digital signatures and
that means you need a PKI (public key infrastructure). There are different
ways to do this. First you could require everyone that want's to use
the internet voting to register a public key. Secondly you could distribute
key cards. These 2 are both cumbersome and expensive, which is why I
tend to agree with the article on this point. But there are products out
there that can solve this easily eg.
Cryptomathic which has a
product named easy sign (got to products->Trust Products->easy Sign). In
short this sets up a server that has all the secret keys stored in a
secure way and users can the get the server to sign for them by using
a password system. This is not optimal in terms of security but it is
very close and it grants an very cheap PKI.
Vote buying/Should "surfing":
This is a real problem to e-vote, since you can't really see the person
doing this, but it is also one that with just a little bit of thought
can be done pretty easily. To avoid that anyone gives away their chip
card, password etc. you just bind it to the government information, so
that you can always go to a web site and get your health record, IRS
numbers and stuff like that with the same means of authentication. That
means that if you give it away you will not only give your vote away, but
also alot of personal information. To avoid that you have someone stand
behind you and make sure you vote the right thing, you can introduce
regret offices, where you on the election day can come down and get you
vote changed (getting your signature and the election offices signature)
and then this will override votes that was made over the internet.
As a last point I would like to make is that today it is also possible to
buy votes, either with fake IDs (which might not even be need in certain
places) or give the vote a micro camera and make them take a picture
that they have voted what you wanted.
Vulnerability to hackers:
This I'll only briefly discuss since the 2 papers mentioned in the
anynomity/privacy section actually provide threshold decryption,
which means that if a certain fractions of the servers (>50%) is online
and non-hacked then the correct result can be found. If the servers
is running different hardware and software configurations, it would
take a _extremly_ good hacker to accomplish this in 1 day.
As for DOS there isn't much you can do, but you can always distribute
things which means that the attack will have to be larger to accomplish
total breakdown.
These are my views and I don't say that they are flawless, but they do
give a fair amount of security. There is 1 more point I'll like to
stress which was not in the article since this might actually be an
improvement. The 2 articles mentioned above provides what is known as
universal verifiability, which means that it gives any person the
possibility of checking that the result is correct (given enough
computing power). Now that would be something most americans
would have liked in Florida ?
Slashdot Mirror
Ok, I'll bite .. what do you actually use the 2nd monitor for ?
Okay I'll bite too ... Pictures of Natalie Portman?
Actually the liquid prohibition in airports do serve a purpose. It is the perfect customs barrier.
You cannot buy any local beverages and take with you because they will most likely break due to the low temperatures in the luggage compartment if you put it in the checked in luggage, and if you put it in the hand luggage security will throw it away.
This means that if people want to take liquor etc. home they will have to buy it at the last connecting airport thus increasing revenue. Also all airports on the way (plus airlines that sell beverages on board) will recieve extra income from water sales etc.
So instead of buying a cheap and good champagne locally in France for instance, you are forced to buy an expensive non-local champagne in the airport.
And the really cool twist: We are doing it for security, so you - the traveller - must pay for all the security checks through your ticket and airport tax costs!
Wow. What a bunch of one-sided WoW Zealot crap.
</flamebait>
Don't get me wrong WoW looks nice, have a nice amount of content, and (from a programmer's point of view) has a really nice customiseability with LUA. However when you dig down below the nice graphics what you are left with is a child that only a WoW zealot could really love. And before you throw the you don't know what your talking about card I would like to mention that I have also played WoW since release and only stopped playing 6 or so months ago.
Why?
The short answer: The game SUCKS!
The long answer:
Bob and Alice sharing the same secret is called shared secret.
A one-time-pad is when you use a shared secret to encrypt a message by taking the message and the shared secret and xor'ing them together.
Note that:
1. The key and message must have exactly the same length
2. The shared secret must be a uniform random (i.e. a shared sentence will not be enough)
3. The shared secret can only be used once
If that is satisfied it gives you the only provable 100% secure encryption (provided the shared secret is secret for all but Bob and Alice).
My main comments was that this was particular more secure than normal OTP passwords, so why bother to make a matrix with the information ?
And no there isn't anyway that you can make this secure (as the other poster have said in his reply there is always the man in the middle).
What you need to make this secure is some advanced cryptology (or said in other words - don't try this at home kids).
The are several approaches, one being Zero-Knowledge (ZK). ZK is a proof that you know a secret without telling the receiver anything about the secret. The proofs in these systems can't be recorded and played back, so in effect what an attacker can do is hear what is getting sent. If the proof succeds, then the server and client know they have the same key and they can derive a session key from this. Note that using this the man-in-the-middle will never learn the secret, he will just see the proof being sent over the line.
To give it a more pratical twist, consider the following protocol where you use a normal password and a one-time-password, just to improve security.
1. The user connects to the server.
2. The server replies, use OTP nr. 15, and use the nounce (random value) x_server.
3. The client makes a nounce himself: x_client
Computes the response r = H(password, OTP(15), x_server, x_client), where H is a cryptographic hash function.
The client then sends r, x_client to the server
4. The server checks that r == H(password, OTP(15), x_server, x_client).
If this is true then it is considered a succesful log in.
5. Both server and client can compute a session key from password, OTP(15), x_server, x_client using a hash function. Note this should NOT be the same hash function as in step 3 or you have sent the session key in clear text over the network.
A couple of notes about the scheme above:
1. The one-time-passwords should be distributed securely and kept securely (as you already mentioned yourself).
2. It's not zero-knowledge, just something similar.
3. It's smart, so it's most likely patented.
4. Never think cryptology is easy, that when it gets really insecure.
And there is no one-time pad in the suggested solution. One-time pad is a (secure) encryption. There is OTP = One time passwords, which can be secure. The above would work I guess if you threw in
But given that solution, why use a 19x19 matrix and not just a normal list of 4 char one-time passwords?
Ok then do the following: Initate the log in 19x19 / 4 times and the system will be totally locked. Note you can't reuse unanswered request - problem easy for 1st year cryptology students, so left to the reader.
And the 2 other problems still pose a big problem.
Face it - the idea is crap. Don't fix a bad problem (passwords are weak) with crap - all you get out of it, is a system that stinks.
When you know a fair portion of the matrix simply try to log in until you get a hit in what you know of the matrix.
And that is not even taking into account that the user has to keep a 19x19 matrix secret for a month.
The morale is if you don't know crypto don't do it because this is even less secure than a pure password scheme because you give people a sense of security where there is none!
Some years ago a danish hacker managed to hack his way into pentagon. This was done by using the first letters in the title of the persons whose account he was trying to break.
/dev/random (to pick in the set of all allow characters) and memorize them. Then you might have a chance.
Your way might prevent you from a dictionary attack, but not from any dedicated hacker who knows what he's doing, if the sentence is in any way related to you.
You should chose you passwords from
Most of these are easy to solve with trivial teqniques, and really
shows that the article shows that it is a restriction of peoples minds
and not the e-voting as such. It's easy to argument against everything
if you use the old way of thinking, and don't do the necessary research
into what is possible. I'll try and address the points and show that
there are teqniques to make them atleast as good as todays normal elections
and maybe even better.
A note I would like to make before embarking on this journey is that
elections should atleast until a certain amount of trust is gotten be
combined with normal election, so that people who doesn't feel confident
in the new system can always use the old. This is also due to all the
script kiddies out there who pose a major problem in terms of DOS attacks.
Anonymity/Privacy:
This is the point that is the most important about
democracy and therefore also the one that should be stressed the most.
The funny part about this is that it has been known how to do this for
the last 5 years following a paper by R. Cramer, R. Gennaro and
B. Schoenmakers: A
Secure and Optimally Efficient Multi-Authority Election Scheme and
probably before that by others. This is done with homomorphic encryption
which can be compared to putting your vote into a box and locking it.
Then you can take all the locked boxes and combine them into 1 big
(without opening them) and then open the big box and get the result, which
will tell nothing about what each person voted (unless they all voted the
same). And there are alot of other schemes that improve this in certain
ways or make voting in other ways. An example that improves the above
(from exponential decryption to polynomial) is by M. Jurik and I. Damgaard:
A Generalisation, a Simplification
and some Applications of Paillier's Probabilistic Public-Key System.
Infrastructure:
This is probably the thing they're most right about. The problem is that
to make something sufficiently secure you need digital signatures and
that means you need a PKI (public key infrastructure). There are different
ways to do this. First you could require everyone that want's to use
the internet voting to register a public key. Secondly you could distribute
key cards. These 2 are both cumbersome and expensive, which is why I
tend to agree with the article on this point. But there are products out
there that can solve this easily eg.
Cryptomathic which has a
product named easy sign (got to products->Trust Products->easy Sign). In
short this sets up a server that has all the secret keys stored in a
secure way and users can the get the server to sign for them by using
a password system. This is not optimal in terms of security but it is
very close and it grants an very cheap PKI.
Vote buying/Should "surfing":
This is a real problem to e-vote, since you can't really see the person
doing this, but it is also one that with just a little bit of thought
can be done pretty easily. To avoid that anyone gives away their chip
card, password etc. you just bind it to the government information, so
that you can always go to a web site and get your health record, IRS
numbers and stuff like that with the same means of authentication. That
means that if you give it away you will not only give your vote away, but
also alot of personal information. To avoid that you have someone stand
behind you and make sure you vote the right thing, you can introduce
regret offices, where you on the election day can come down and get you
vote changed (getting your signature and the election offices signature)
and then this will override votes that was made over the internet.
As a last point I would like to make is that today it is also possible to
buy votes, either with fake IDs (which might not even be need in certain
places) or give the vote a micro camera and make them take a picture
that they have voted what you wanted.
Vulnerability to hackers:
This I'll only briefly discuss since the 2 papers mentioned in the
anynomity/privacy section actually provide threshold decryption,
which means that if a certain fractions of the servers (>50%) is online
and non-hacked then the correct result can be found. If the servers
is running different hardware and software configurations, it would
take a _extremly_ good hacker to accomplish this in 1 day.
As for DOS there isn't much you can do, but you can always distribute
things which means that the attack will have to be larger to accomplish
total breakdown.
These are my views and I don't say that they are flawless, but they do
give a fair amount of security. There is 1 more point I'll like to
stress which was not in the article since this might actually be an
improvement. The 2 articles mentioned above provides what is known as
universal verifiability, which means that it gives any person the
possibility of checking that the result is correct (given enough
computing power). Now that would be something most americans
would have liked in Florida ?