From: Lucian Mogosanu Date: Sun, 8 Mar 2015 12:56:12 +0000 (+0200) Subject: posts: 036, 037 X-Git-Tag: v0.4~3 X-Git-Url: https://git.mogosanu.ro/?a=commitdiff_plain;h=8535fb0c35e4d3e07e9a3c20544b9e4728adefe3;p=thetarpit.git posts: 036, 037 --- diff --git a/posts/y01/036-password-security.markdown b/posts/y01/036-password-security.markdown new file mode 100644 index 0000000..669f121 --- /dev/null +++ b/posts/y01/036-password-security.markdown @@ -0,0 +1,164 @@ +--- +postid: 036 +title: Password security, a game theoretical approach +date: February 28, 2015 +author: Lucian Mogoșanu +tags: cogitatio +--- + +In the age of computers and the Internet, passwords have been, are and will +remain a cornerstone concept when it comes to security in general and +authentication in particular, as the problem of choosing an efficient and +reliable means of authentication remains open. Moreover, its impact in the real +world is not to be underestimated, given that mostly everyone nowadays relies +on computers and, indeed, the Internet for their activities. + +Given that there is no such thing as "100 percent security", there is no such +thing as a fully secure authentication scheme, a reality which is reinforced by +the dependency of all known forms of authentication on the human factor. +Speaking of which, there aren't that many authentication schemes out there. + +One of the classical forms of authentication employed in real life is the +"third party" approach: if I need to do something which involves a second party +in the system, then I need to be authenticated by a third party, be it person +or machine. This scheme is widely employed on the Internet nowadays, whether by +the Public Key Infrastructure or by the various Webs of Trust. The problem with +this approach is that a third party might not always be available or it might +not be desired. Furthermore, even when a third party is specified in the +protocol, it itself will have to authenticate to the other two parties, leading +to a "chicken before the egg" problem; this is why, among others, cryptographic +protocols such as zero-knowledge proofs were conceived. + +Other authentication factors are "something you possess" and "something you +are". The first factor is for example used to prove certain abilities possessed +by the agent, such as driving; in IT security, the so-called tokens providing +one-time passwords are a good example of ownership factors. The second factor +relies heavily on the usage of unique identifiers, e.g. fingerprint or retinal +patterns, DNA, voice, face, etc., to authenticate parties; humans obviously use +these features to identify other people; research fields such as computer +vision try to achieve the same thing, with some, yet limited, success. + +Both authentication factors have been known to be successfully broken. +Possessed objects can be stolen and/or forged; fingerprints can be extracted +and forged; voice patterns and facial features can be reproduced, and so on and +so forth. Identification is a difficult practical problem as much as it is a +deep philosophical problem. + +Finally, passwords can be classified as the "something you know" factor. They +are similar in nature to cryptographic keys, in that they are secret, but +unlike keys, they are considered to be known by a human instead of somehow +generated or stored by the machine. Note that the terms "something you know" +and "secret" are generally poorly defined by those who use passwords in their +daily lives and they usually lead to security breaches, either due to the +user's ineptness or because of the protocol designer's incompetence. + +Take the following scenario for example: you're the only person who knows that +your mother's name is Mary, leaving out, say, close people whom you trust; yet +choosing "Mary" or even "MymomsnameisMary" as a password is a bad idea, as +"Mary" is and has been so far a common name in the Western world, on the +Internet and in the known Universe. Any common word in the dictionary is a bad +idea, although more commonly-used *random* words should [increase the +password's security][passphrases]. + +These are more or less good advices and there are many more out there. But I +assert that in order to manage passwords efficiently, people, or at least the +ones who know what they are doing, need to rely less on policies and more on +general principles[^1]. One such principle can be built on the basis that +pretty much everyone and everything on the Internet can be thought of as agents +storing "secrets". I believe that the meaning of "secrets" can be defined using +the knowledge provided to us by the field of game theory, which (fortunately +for us) works with agents, viewed by us as refinements of some distributed +system such as the Internet. + +Thus, let $A$ be a set of agents organized under some arbitrary topology[^2]. +We assume $A$ is countable, so we can write + +$A = \{a_1, a_2, a_3, \dots\}$. + +We could probably form our argument on the basis that $A$ is finite, but it +might be useful to take into account infinity in case we want to model +asymptotic behaviour[^3]. + +In respect to password security every agent $a_i \in A$ knows[^4] a piece of +"secret" information (say, a string) $s_i$ not known by any other agent $a_j +\in A, a_j \neq a_i$. Additionally $s_i$ would be *hard to guess*, i.e. a +password-breaking algorithm, be it mere brute-forcing or dictionary, NLP +analysis etc., would take a long amount of time to find $s_i$. In other words, +assuming the system is made up entirely of agents that are rational with +respect to the security of their passwords, it has the following +characteristics: + +* Every agent $a_i \in A$ has limited information +* For any agent $a_i \in A$, guessing the password of $a_j \in A, a_j \neq + a_i$, i.e. $s_j$ would prove to be unfeasible + +Note that these assumptions do not lead to an accurate model of reality: the +properties of $A$ would most probably yield a stable outcome, in that no agent +would find it useful, in the utilitarian sense, to try to break the password of +another agent. This obviously *doesn't* happen in real life, but it does tell +us how agents *should* choose their passwords in order to minimize their +chances of a breach, both from an algorithmic point of view as well as from a +social standpoint. + +On the surface this looks like a platitude: choose a "hard to guess" password +and you're "approximately safe". However, both "hard to guess" and +"approximately safe" are once again vaguely defined terms; what truly helps us +is the observation that this game looks very similar to a rock-paper-scissors +match, wherein no agent has a true advantage over the other. In fancier words, +we're dealing with a game where an equiprobable mixed strategy leads to an +equilibrium; that is, assuming all the agents speak a common language made up +of symbols from a set $\Sigma$, *random* passwords from a finite subset of +$\Sigma^{*}$ would be "hard to guess". + +Uncoincidentally, this is supported by the fact that so-called "strong" +passwords need to come from a pool of random letters and/or words, i.e. they +need to have a high entropy. This means that, for example, a password made up +of twenty "z"s is much easier to break than a password made up of twenty +randomly-chosen -- or rather randomly-generated by a machine -- letters, on the +simple basis that the human brain being inherently biased towards meaningful +information, it's more probable that it would generate a sequence of repeating +letters than a uniformly distributed set of letters. + +By relaxing the problem to human agents, we can state that a "secret" password +must be: + +* randomly generated from a set of characters and/or words and it must be long + enough given the purpose it's used for, e.g. nowadays you'll need a + ten-character password for most of the stuff you're using or a one + hundred-character password to be safe from the NSA for the time being, and +* easy to remember. + +Another example is that of [passphrases][passphrases] given by Randall Munroe: +passwords made up of four or more words in English are strong enough, as long +as they're randomly selected by a machine that has fairly strong random number +generation capabilities, *not* by a human[^5]. + +Passwords are not only important now, but they have the chance to be even more +important as they become adopted for systems such as +[brainwallets][brainwallet]. The above half-baked model merely scratches the +surface of defining a principled approach to password security, but it has the +potential to be used for true practical purposes, such as defining security +risks and policies for a set of applications where the system cannot be +strongly secure, but merely resilient. Of course, that is so far the curse of +the entire field of cryptography. + +[^1]: It's not that policies are not useful or ineffective, but that they would +be better understood and they could be improved if they were conceived based on +a set of governing principles. My best guess (at least for now) is that +building a formal model from this game theoretical approach is possible and +possibly even feasible. + +[^2]: I don't know whether the agents' organization and/or infrastructure is +relevant to the problem, but I will leave this detail out for the sake of +simplicity. + +[^3]: The Internet is huge, and growing. + +[^4]: And I'm guessing that epistemic logic would prove to be very useful here. + +[^5]: Sorry Bruce, you're clearly wrong on [this one][schneier]. I'm actually +quite disappointed in you, y'know. + +[passphrases]: /posts/y00/019-passwords-versus-passphrases.html +[schneier]: https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html +[brainwallet]: https://en.bitcoin.it/wiki/Brainwallet diff --git a/posts/y01/037-charlie-hebdo.markdown b/posts/y01/037-charlie-hebdo.markdown new file mode 100644 index 0000000..5548089 --- /dev/null +++ b/posts/y01/037-charlie-hebdo.markdown @@ -0,0 +1,135 @@ +--- +postid: 037 +title: Thoughts on Charlie Hebdo, and the absolute necessity of offending people +excerpt: Je ne suis pas Charlie, mais je pense encore +date: March 8, 2015 +author: Lucian Mogoșanu +tags: cogitatio +--- + +Some might say that the 7th of January marks a turning point in the way Europe +looks at terrorist acts, very much like the 11th of September did for the +Americans. Others would claim that Europeans never liked Arabs and Gypsies and +whatnot anyway, and it was only a matter of time until shit hit the fan. While +I don't personally have any thoughts regarding one or the other, it is clear +now that the West's choice regarding its relationship to the Oriental culture +and civilization -- although both "culture" and "civilization" could be +outright denied from being used in conjunction with the Arab world of the 21st +century -- is long overdue. More generally, a well thought out solution to the +West's post-World War II ideological confusions and crises is long overdue. + +It should be clear now for any sane-minded person -- are there any sane persons +in the audience this fine evening? -- that the tolerance, "politeness" and +political corectness preached and often practiced by all Westerners alike, from +the United States to Austria[^1], is based upon a shaky foundation consisting +mainly of double-meanings and hypocrisy. Moreover, elected incompetents choose +to apply the ostrich strategy as far as this issue is concerned, while other no +less incompetent politicians take advantage of the people's reactiveness and +lack of rationality to promote batshit crazy agendas. + +Well then, you should wonder by now, what's the solution to all this? To which +I will answer that you are obviously an idiot, and that decades of lack of +proper education for yesterday's pampered children, nowadays' fucked up adults, +and moreover, nowadays' "offended" 30+ children, women and gays can't make up +for the centuries of [religiousness to come][religiousness]. There are times +for you, me and all the other self-deprecating "victims" to suck it up, and the +beginning is right there, on the 7th of January. However, there is one, +ultimately palliative, solution to all of this, and if there's one tiny chance +that Western civilization survives, this is its only chance. + +This solution comes by no coincidence from Charlie Hebdo itself, and it plainly +states the following: our only chance for survival as a civilized people lies +in the right of offending others -- they used to call it "free speech" three +centuries ago or whenever it was that Voltaire lived, but otherwise [educated +idiots][xkcd] nowadays seem to misunderstand its meaning. No, it doesn't mean +that you *have* to do it, but that if you *can't* do it then the society in +which you live has lost the spirit of free speech[^2]. + +So how would this so-called "right to offend" be formulated? Despite what +thick-headed figures such as [the Pope][francis] believe, the right to offend +specifically constitutes the right to say anything without suffering physical +consequences upon doing this[^3], this principle standing as a basic difference +between civilized people and savages, or, if you will, between normal people +and retarded pieces of shit that are worth being thrown down society's drain. I +think we can all agree that beating someone and/or killing them because they've +offended your mother is not as evil as it is plain stupid, and if we can't, +then fuck your momma's fat ass. + +This basic principle being defined and established, we can now look at the +specifics: insults aimed at persons or groups[^4] should be allowed; trolling +is just fine; offending overgrown children is an absolute necessity, especially +for today's spoiled societies; informing people of the wrongdoings of +politicians, and expressing it using violent language, is a must for the +continued prosperity of people. The examples could go on, I think you got the +gist of it. + +Now sensitive, hysterical or otherwise simply guilty people will attempt to +bring forth the argument that this will bring the state of things to turmoil. +Of course it might, especially in places where that would have happened +anyway. In all the other places, civilized people will simply go about their +lives and will make use of verbal violence only as a necessary evil; moreover, +as the civilized, serious and rational people that they are, they will no doubt +employ humour and rational speech, which is at times various orders of +magnitude sharper than simple "hate speech", "trolling" or whatever you're +calling it nowadays. + +Indeed the pen, nay, the *word* is mightier than the sword. This alone should +make civilized folks think twice before supressing the use of words, or worse, +redefine language to ends that are unhealthy for civilized society. If you +think shutting up when you oughta speak is "being civilized", then you are +undoubtedly in the wrong, as were many others before you[^5]. + +That is not to say that there isn't such a thing as too much speech, or too +violent speech. There are however other ways of suppressing that: one of them +involves proper education providing a balance between conservatism and the need +for improvement; another involves simply keeping idiots at bay, which I know is +unpopular due to the general precept of "being tolerant". As we can see, +however, being *too* tolerant is not an option, unless you consider changing +your family's rules to accommodate pillagers and rapists[^6]. + +Now then, what's it going to be? At the end of the day the West has to make a +decision and stick to it, because the time for acting like an ostrich is long +gone. + +[^1]: No, I am not going to include Hungary, Romania, Bulgaria and generally +the Balkans in this list. It wouldn't be fair to us, given that we're such +"uncivilized" and all. + +[^2]: Now, about the whole thing about "keeping things civil" going on on the +Internet... if you have to tell someone to "keep things civil", then clearly +one of you two is out of their right mind. + +[^3]: The right to free speech is ultimately the right to free thought: anyone +may say that they want to rape the Pope's mother, because anyone may think this +and, furthermore, may wish for this. This is entirely different from anyone +having the actual right to do this; Hitler wasn't "evil" because he stated that +he wished to ethnically cleanse Europe, he was "evil" because he used his +political leverage to actually *enforce* it. That being said, Stalin was at +least as dangerous as Hitler, despite the subversive methods employed by the +communists to accomplish the very same deed. + +[^4]: Though we can agree that the latter are also stupid, with some rare +exceptions, which is not to say that what Charlie Hebdo did isn't laughable, in +the good sense. Insulting an entire religion is a pretty weird thing to do; +mocking an entire religion is perfectly fine; now, mocking a religion with the +side effect of insulting them, that requires some skill. + +[^5]: It took Romanians half a century to realize this and most of us still +regret the mistakes of our ancestors to this day; although I am surprised to +see co-nationals of my age, some of them dear friends of mine, who chuckle when +they hear me say that the West has much to learn from Romanian history. Yes it +does, and there are certain characteristics of the West which I am glad to see +out of [Romanian mentality][mentality]. + +[^6]: This by itself is a difficult subject: closing down, say, the EU's +borders could have disastrous economical consequences, and it would also mean +the -- to be more or less expected, in my opinion -- splitting of the Internet +as we know it. On the other hand we have the Roman Empire's example of +multiculturalism, which didn't work out all that well at the end. In other +words this is a problem we've been trying to solve in the last decades, give or +take a few millenia. + +[religiousness]: /posts/y01/034-the-transition-back-into-religiousness.html +[xkcd]: http://xkcd.com/1357/ +[francis]: http://www.washingtonpost.com/news/world/wp/2015/01/15/pope-francis-on-charlie-hebdo-you-cannot-insult-the-faith-of-others/ +[mentality]: /posts/y00/00f-a-change-of-mentality.html