--- /dev/null
+---
+postid: 036
+title: Password security, a game theoretical approach
+date: February 28, 2015
+author: Lucian Mogoșanu
+tags: cogitatio
+---
+
+In the age of computers and the Internet, passwords have been, are and will
+remain a cornerstone concept when it comes to security in general and
+authentication in particular, as the problem of choosing an efficient and
+reliable means of authentication remains open. Moreover, its impact in the real
+world is not to be underestimated, given that mostly everyone nowadays relies
+on computers and, indeed, the Internet for their activities.
+
+Given that there is no such thing as "100 percent security", there is no such
+thing as a fully secure authentication scheme, a reality which is reinforced by
+the dependency of all known forms of authentication on the human factor.
+Speaking of which, there aren't that many authentication schemes out there.
+
+One of the classical forms of authentication employed in real life is the
+"third party" approach: if I need to do something which involves a second party
+in the system, then I need to be authenticated by a third party, be it person
+or machine. This scheme is widely employed on the Internet nowadays, whether by
+the Public Key Infrastructure or by the various Webs of Trust. The problem with
+this approach is that a third party might not always be available or it might
+not be desired. Furthermore, even when a third party is specified in the
+protocol, it itself will have to authenticate to the other two parties, leading
+to a "chicken before the egg" problem; this is why, among others, cryptographic
+protocols such as zero-knowledge proofs were conceived.
+
+Other authentication factors are "something you possess" and "something you
+are". The first factor is for example used to prove certain abilities possessed
+by the agent, such as driving; in IT security, the so-called tokens providing
+one-time passwords are a good example of ownership factors. The second factor
+relies heavily on the usage of unique identifiers, e.g. fingerprint or retinal
+patterns, DNA, voice, face, etc., to authenticate parties; humans obviously use
+these features to identify other people; research fields such as computer
+vision try to achieve the same thing, with some, yet limited, success.
+
+Both authentication factors have been known to be successfully broken.
+Possessed objects can be stolen and/or forged; fingerprints can be extracted
+and forged; voice patterns and facial features can be reproduced, and so on and
+so forth. Identification is a difficult practical problem as much as it is a
+deep philosophical problem.
+
+Finally, passwords can be classified as the "something you know" factor. They
+are similar in nature to cryptographic keys, in that they are secret, but
+unlike keys, they are considered to be known by a human instead of somehow
+generated or stored by the machine. Note that the terms "something you know"
+and "secret" are generally poorly defined by those who use passwords in their
+daily lives and they usually lead to security breaches, either due to the
+user's ineptness or because of the protocol designer's incompetence.
+
+Take the following scenario for example: you're the only person who knows that
+your mother's name is Mary, leaving out, say, close people whom you trust; yet
+choosing "Mary" or even "MymomsnameisMary" as a password is a bad idea, as
+"Mary" is and has been so far a common name in the Western world, on the
+Internet and in the known Universe. Any common word in the dictionary is a bad
+idea, although more commonly-used *random* words should [increase the
+password's security][passphrases].
+
+These are more or less good advices and there are many more out there. But I
+assert that in order to manage passwords efficiently, people, or at least the
+ones who know what they are doing, need to rely less on policies and more on
+general principles[^1]. One such principle can be built on the basis that
+pretty much everyone and everything on the Internet can be thought of as agents
+storing "secrets". I believe that the meaning of "secrets" can be defined using
+the knowledge provided to us by the field of game theory, which (fortunately
+for us) works with agents, viewed by us as refinements of some distributed
+system such as the Internet.
+
+Thus, let $A$ be a set of agents organized under some arbitrary topology[^2].
+We assume $A$ is countable, so we can write
+
+$A = \{a_1, a_2, a_3, \dots\}$.
+
+We could probably form our argument on the basis that $A$ is finite, but it
+might be useful to take into account infinity in case we want to model
+asymptotic behaviour[^3].
+
+In respect to password security every agent $a_i \in A$ knows[^4] a piece of
+"secret" information (say, a string) $s_i$ not known by any other agent $a_j
+\in A, a_j \neq a_i$. Additionally $s_i$ would be *hard to guess*, i.e. a
+password-breaking algorithm, be it mere brute-forcing or dictionary, NLP
+analysis etc., would take a long amount of time to find $s_i$. In other words,
+assuming the system is made up entirely of agents that are rational with
+respect to the security of their passwords, it has the following
+characteristics:
+
+* Every agent $a_i \in A$ has limited information
+* For any agent $a_i \in A$, guessing the password of $a_j \in A, a_j \neq
+ a_i$, i.e. $s_j$ would prove to be unfeasible
+
+Note that these assumptions do not lead to an accurate model of reality: the
+properties of $A$ would most probably yield a stable outcome, in that no agent
+would find it useful, in the utilitarian sense, to try to break the password of
+another agent. This obviously *doesn't* happen in real life, but it does tell
+us how agents *should* choose their passwords in order to minimize their
+chances of a breach, both from an algorithmic point of view as well as from a
+social standpoint.
+
+On the surface this looks like a platitude: choose a "hard to guess" password
+and you're "approximately safe". However, both "hard to guess" and
+"approximately safe" are once again vaguely defined terms; what truly helps us
+is the observation that this game looks very similar to a rock-paper-scissors
+match, wherein no agent has a true advantage over the other. In fancier words,
+we're dealing with a game where an equiprobable mixed strategy leads to an
+equilibrium; that is, assuming all the agents speak a common language made up
+of symbols from a set $\Sigma$, *random* passwords from a finite subset of
+$\Sigma^{*}$ would be "hard to guess".
+
+Uncoincidentally, this is supported by the fact that so-called "strong"
+passwords need to come from a pool of random letters and/or words, i.e. they
+need to have a high entropy. This means that, for example, a password made up
+of twenty "z"s is much easier to break than a password made up of twenty
+randomly-chosen -- or rather randomly-generated by a machine -- letters, on the
+simple basis that the human brain being inherently biased towards meaningful
+information, it's more probable that it would generate a sequence of repeating
+letters than a uniformly distributed set of letters.
+
+By relaxing the problem to human agents, we can state that a "secret" password
+must be:
+
+* randomly generated from a set of characters and/or words and it must be long
+ enough given the purpose it's used for, e.g. nowadays you'll need a
+ ten-character password for most of the stuff you're using or a one
+ hundred-character password to be safe from the NSA for the time being, and
+* easy to remember.
+
+Another example is that of [passphrases][passphrases] given by Randall Munroe:
+passwords made up of four or more words in English are strong enough, as long
+as they're randomly selected by a machine that has fairly strong random number
+generation capabilities, *not* by a human[^5].
+
+Passwords are not only important now, but they have the chance to be even more
+important as they become adopted for systems such as
+[brainwallets][brainwallet]. The above half-baked model merely scratches the
+surface of defining a principled approach to password security, but it has the
+potential to be used for true practical purposes, such as defining security
+risks and policies for a set of applications where the system cannot be
+strongly secure, but merely resilient. Of course, that is so far the curse of
+the entire field of cryptography.
+
+[^1]: It's not that policies are not useful or ineffective, but that they would
+be better understood and they could be improved if they were conceived based on
+a set of governing principles. My best guess (at least for now) is that
+building a formal model from this game theoretical approach is possible and
+possibly even feasible.
+
+[^2]: I don't know whether the agents' organization and/or infrastructure is
+relevant to the problem, but I will leave this detail out for the sake of
+simplicity.
+
+[^3]: The Internet is huge, and growing.
+
+[^4]: And I'm guessing that epistemic logic would prove to be very useful here.
+
+[^5]: Sorry Bruce, you're clearly wrong on [this one][schneier]. I'm actually
+quite disappointed in you, y'know.
+
+[passphrases]: /posts/y00/019-passwords-versus-passphrases.html
+[schneier]: https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
+[brainwallet]: https://en.bitcoin.it/wiki/Brainwallet
--- /dev/null
+---
+postid: 037
+title: Thoughts on Charlie Hebdo, and the absolute necessity of offending people
+excerpt: Je ne suis pas Charlie, mais je pense encore
+date: March 8, 2015
+author: Lucian Mogoșanu
+tags: cogitatio
+---
+
+Some might say that the 7th of January marks a turning point in the way Europe
+looks at terrorist acts, very much like the 11th of September did for the
+Americans. Others would claim that Europeans never liked Arabs and Gypsies and
+whatnot anyway, and it was only a matter of time until shit hit the fan. While
+I don't personally have any thoughts regarding one or the other, it is clear
+now that the West's choice regarding its relationship to the Oriental culture
+and civilization -- although both "culture" and "civilization" could be
+outright denied from being used in conjunction with the Arab world of the 21st
+century -- is long overdue. More generally, a well thought out solution to the
+West's post-World War II ideological confusions and crises is long overdue.
+
+It should be clear now for any sane-minded person -- are there any sane persons
+in the audience this fine evening? -- that the tolerance, "politeness" and
+political corectness preached and often practiced by all Westerners alike, from
+the United States to Austria[^1], is based upon a shaky foundation consisting
+mainly of double-meanings and hypocrisy. Moreover, elected incompetents choose
+to apply the ostrich strategy as far as this issue is concerned, while other no
+less incompetent politicians take advantage of the people's reactiveness and
+lack of rationality to promote batshit crazy agendas.
+
+Well then, you should wonder by now, what's the solution to all this? To which
+I will answer that you are obviously an idiot, and that decades of lack of
+proper education for yesterday's pampered children, nowadays' fucked up adults,
+and moreover, nowadays' "offended" 30+ children, women and gays can't make up
+for the centuries of [religiousness to come][religiousness]. There are times
+for you, me and all the other self-deprecating "victims" to suck it up, and the
+beginning is right there, on the 7th of January. However, there is one,
+ultimately palliative, solution to all of this, and if there's one tiny chance
+that Western civilization survives, this is its only chance.
+
+This solution comes by no coincidence from Charlie Hebdo itself, and it plainly
+states the following: our only chance for survival as a civilized people lies
+in the right of offending others -- they used to call it "free speech" three
+centuries ago or whenever it was that Voltaire lived, but otherwise [educated
+idiots][xkcd] nowadays seem to misunderstand its meaning. No, it doesn't mean
+that you *have* to do it, but that if you *can't* do it then the society in
+which you live has lost the spirit of free speech[^2].
+
+So how would this so-called "right to offend" be formulated? Despite what
+thick-headed figures such as [the Pope][francis] believe, the right to offend
+specifically constitutes the right to say anything without suffering physical
+consequences upon doing this[^3], this principle standing as a basic difference
+between civilized people and savages, or, if you will, between normal people
+and retarded pieces of shit that are worth being thrown down society's drain. I
+think we can all agree that beating someone and/or killing them because they've
+offended your mother is not as evil as it is plain stupid, and if we can't,
+then fuck your momma's fat ass.
+
+This basic principle being defined and established, we can now look at the
+specifics: insults aimed at persons or groups[^4] should be allowed; trolling
+is just fine; offending overgrown children is an absolute necessity, especially
+for today's spoiled societies; informing people of the wrongdoings of
+politicians, and expressing it using violent language, is a must for the
+continued prosperity of people. The examples could go on, I think you got the
+gist of it.
+
+Now sensitive, hysterical or otherwise simply guilty people will attempt to
+bring forth the argument that this will bring the state of things to turmoil.
+Of course it might, especially in places where that would have happened
+anyway. In all the other places, civilized people will simply go about their
+lives and will make use of verbal violence only as a necessary evil; moreover,
+as the civilized, serious and rational people that they are, they will no doubt
+employ humour and rational speech, which is at times various orders of
+magnitude sharper than simple "hate speech", "trolling" or whatever you're
+calling it nowadays.
+
+Indeed the pen, nay, the *word* is mightier than the sword. This alone should
+make civilized folks think twice before supressing the use of words, or worse,
+redefine language to ends that are unhealthy for civilized society. If you
+think shutting up when you oughta speak is "being civilized", then you are
+undoubtedly in the wrong, as were many others before you[^5].
+
+That is not to say that there isn't such a thing as too much speech, or too
+violent speech. There are however other ways of suppressing that: one of them
+involves proper education providing a balance between conservatism and the need
+for improvement; another involves simply keeping idiots at bay, which I know is
+unpopular due to the general precept of "being tolerant". As we can see,
+however, being *too* tolerant is not an option, unless you consider changing
+your family's rules to accommodate pillagers and rapists[^6].
+
+Now then, what's it going to be? At the end of the day the West has to make a
+decision and stick to it, because the time for acting like an ostrich is long
+gone.
+
+[^1]: No, I am not going to include Hungary, Romania, Bulgaria and generally
+the Balkans in this list. It wouldn't be fair to us, given that we're such
+"uncivilized" and all.
+
+[^2]: Now, about the whole thing about "keeping things civil" going on on the
+Internet... if you have to tell someone to "keep things civil", then clearly
+one of you two is out of their right mind.
+
+[^3]: The right to free speech is ultimately the right to free thought: anyone
+may say that they want to rape the Pope's mother, because anyone may think this
+and, furthermore, may wish for this. This is entirely different from anyone
+having the actual right to do this; Hitler wasn't "evil" because he stated that
+he wished to ethnically cleanse Europe, he was "evil" because he used his
+political leverage to actually *enforce* it. That being said, Stalin was at
+least as dangerous as Hitler, despite the subversive methods employed by the
+communists to accomplish the very same deed.
+
+[^4]: Though we can agree that the latter are also stupid, with some rare
+exceptions, which is not to say that what Charlie Hebdo did isn't laughable, in
+the good sense. Insulting an entire religion is a pretty weird thing to do;
+mocking an entire religion is perfectly fine; now, mocking a religion with the
+side effect of insulting them, that requires some skill.
+
+[^5]: It took Romanians half a century to realize this and most of us still
+regret the mistakes of our ancestors to this day; although I am surprised to
+see co-nationals of my age, some of them dear friends of mine, who chuckle when
+they hear me say that the West has much to learn from Romanian history. Yes it
+does, and there are certain characteristics of the West which I am glad to see
+out of [Romanian mentality][mentality].
+
+[^6]: This by itself is a difficult subject: closing down, say, the EU's
+borders could have disastrous economical consequences, and it would also mean
+the -- to be more or less expected, in my opinion -- splitting of the Internet
+as we know it. On the other hand we have the Roman Empire's example of
+multiculturalism, which didn't work out all that well at the end. In other
+words this is a problem we've been trying to solve in the last decades, give or
+take a few millenia.
+
+[religiousness]: /posts/y01/034-the-transition-back-into-religiousness.html
+[xkcd]: http://xkcd.com/1357/
+[francis]: http://www.washingtonpost.com/news/world/wp/2015/01/15/pope-francis-on-charlie-hebdo-you-cannot-insult-the-faith-of-others/
+[mentality]: /posts/y00/00f-a-change-of-mentality.html
projects / thetarpit.git / commitdiff