From: Lucian Mogosanu Date: Sun, 23 Feb 2014 11:15:07 +0000 (+0200) Subject: posts: 019, 01a X-Git-Tag: v0.4~28 X-Git-Url: https://git.mogosanu.ro/?a=commitdiff_plain;h=b57c45cb879b21afd96ae9620d275ca971f3d6a6;p=thetarpit.git posts: 019, 01a --- diff --git a/images/2014/02/grim-fandango-001-thumb.png b/images/2014/02/grim-fandango-001-thumb.png new file mode 100644 index 0000000..0666e4a Binary files /dev/null and b/images/2014/02/grim-fandango-001-thumb.png differ diff --git a/images/2014/02/grim-fandango-001.png b/images/2014/02/grim-fandango-001.png new file mode 100644 index 0000000..86ba294 Binary files /dev/null and b/images/2014/02/grim-fandango-001.png differ diff --git a/images/2014/02/grim-fandango-002-thumb.png b/images/2014/02/grim-fandango-002-thumb.png new file mode 100644 index 0000000..77be8ae Binary files /dev/null and b/images/2014/02/grim-fandango-002-thumb.png differ diff --git a/images/2014/02/grim-fandango-002.png b/images/2014/02/grim-fandango-002.png new file mode 100644 index 0000000..fc1f820 Binary files /dev/null and b/images/2014/02/grim-fandango-002.png differ diff --git a/images/2014/02/grim-fandango-003-thumb.png b/images/2014/02/grim-fandango-003-thumb.png new file mode 100644 index 0000000..33b435f Binary files /dev/null and b/images/2014/02/grim-fandango-003-thumb.png differ diff --git a/images/2014/02/grim-fandango-003.png b/images/2014/02/grim-fandango-003.png new file mode 100644 index 0000000..05a1b57 Binary files /dev/null and b/images/2014/02/grim-fandango-003.png differ diff --git a/images/2014/02/grim-fandango-004-thumb.png b/images/2014/02/grim-fandango-004-thumb.png new file mode 100644 index 0000000..82fd955 Binary files /dev/null and b/images/2014/02/grim-fandango-004-thumb.png differ diff --git a/images/2014/02/grim-fandango-004.png b/images/2014/02/grim-fandango-004.png new file mode 100644 index 0000000..161e0ee Binary files /dev/null and b/images/2014/02/grim-fandango-004.png differ diff --git a/images/2014/02/grim-fandango-005-thumb.png b/images/2014/02/grim-fandango-005-thumb.png new file mode 100644 index 0000000..ce2f9b3 Binary files /dev/null and b/images/2014/02/grim-fandango-005-thumb.png differ diff --git a/images/2014/02/grim-fandango-005.png b/images/2014/02/grim-fandango-005.png new file mode 100644 index 0000000..7008261 Binary files /dev/null and b/images/2014/02/grim-fandango-005.png differ diff --git a/images/2014/02/grim-fandango-006-thumb.png b/images/2014/02/grim-fandango-006-thumb.png new file mode 100644 index 0000000..fd4f246 Binary files /dev/null and b/images/2014/02/grim-fandango-006-thumb.png differ diff --git a/images/2014/02/grim-fandango-006.png b/images/2014/02/grim-fandango-006.png new file mode 100644 index 0000000..e5cf26c Binary files /dev/null and b/images/2014/02/grim-fandango-006.png differ diff --git a/images/2014/02/grim-fandango-007-thumb.png b/images/2014/02/grim-fandango-007-thumb.png new file mode 100644 index 0000000..602bc5b Binary files /dev/null and b/images/2014/02/grim-fandango-007-thumb.png differ diff --git a/images/2014/02/grim-fandango-007.png b/images/2014/02/grim-fandango-007.png new file mode 100644 index 0000000..133a615 Binary files /dev/null and b/images/2014/02/grim-fandango-007.png differ diff --git a/images/2014/02/password_strength.png b/images/2014/02/password_strength.png new file mode 100644 index 0000000..e0439fa Binary files /dev/null and b/images/2014/02/password_strength.png differ diff --git a/posts/y00/019-passwords-versus-passphrases.markdown b/posts/y00/019-passwords-versus-passphrases.markdown new file mode 100644 index 0000000..c1d41e6 --- /dev/null +++ b/posts/y00/019-passwords-versus-passphrases.markdown @@ -0,0 +1,92 @@ +--- +postid: 019 +title: Passwords versus passphrases +excerpt: A layman's analysis of XKCD's "Password Strength". +author: Lucian Mogoșanu +date: February 16, 2014 +tags: asphalt, tech +--- + +A while ago Randall Munroe posted a comic called "Password Strength": + + + +This sparked a lot of debate on the Internet. Although the math seems right, +after skimming through the discussions on the [XKCD forums][1] and on [Stack +Exchange][2], the whole thing has left me a bit skeptical, not as far as the +mathematical matters go as much as on the assumptions on which the comic +relies. + +Scientifical papers on security[^1] idiomatically define a so-called "attacker +model", from which they derive assumptions about how someone will attempt to +crack some particular computing system, in our case an arbitrary password-based +authentication system. Now that we're done with the boring stuff, it's safe to +say that assuming that any mildly experienced script kiddie will attempt a +brute-force before a dictionary attack is completely nonsense. + +Now, as per the comic and the previously stated analyses, a passphrase should at +least in theory make a dictionary attack *weaker*, since it increases the +word-level entropy, turning it into a brute-force attack at word-level. More +exactly, for an alphabet $\Sigma$ and a password $p$ of $l(p)$ elements from +$\Sigma$, the brute-forcing complexity is + +$C(p) = \left|{\Sigma}\right|^{l(p)}$ + +where $\left|{\cdot}\right|$ denotes set cardinality. + +I'll illustrate this by using the word count of the `/usr/share/dict/words` in +my distribution[^2]: + +~~~~ {.bash} +% wc -l /usr/share/dict/words +99171 /usr/share/dict/words +~~~~ + +The main difference between classical brute-forcing and a "brute-force +dictionary" is that while the first uses as a basis a fixed alphabet (i.e. the +printable ASCII charset plus-minus some Unicode) and a large exponent (i.e. the +password length), the second relies solely on growing the alphabet's size. + +So for word-level bruteforcing, we'll have: + +$C_w(p) = \left|{\Sigma_w}\right|^{l_w(p)} = 99171^4$ + +where $\Sigma_w$ is a word-based alphabet and $l_w(p)$ is the number of +words in a passphrase $p$. + +In contrast, for a character-based alphabet $\Sigma_c$ for which +$\left|{\Sigma_c}\right| = 26$, the password length yielding the equivalent +complexity would have to be about $l_c(p) = 14.1243217044885998$, give or take +a few decimal places. + +One thing that I attempted to do was to find the "correct horse" passphrase's +strength in relation to a smaller dictionary, which led me to the "tiny" +dictionary from [Openwall][3], of about 250 words. Interestingly enough, it +seems that none of the words chosen for the passphrase given in the comic are +in that dictionary, which would make [words][4] a pretty strong source of +random words, assuming that the underlying random number generator is strong +enough. + +This is however only the beginning of a long, possibly neverending, intricate +story. As passphrases become more common, I will venture to guess that "simply +random" might not be enough and that some form of strong randomness will be +required. For example, one might need to check that a given passphrase cannot +be guessed by a Markov text generator based on the probability distribution +inferred from, say, all the pages of Wikipedia. Natural language passphrases +such as [Assange's published password][5] are thus becoming increasingly weak +while password strength metrics vary more and more based on the attacker model. + +[^1]: A thing which XKCD is most definitely not. Despite the fact that Munroe +has educated opinions on the subjects he touches in his comics, the latter +should always be taken with a grain of salt, however "interesting" they may +seem. + +[^2]: Debian Jessie, Testing at the time of writing. + +[1]: http://forums.xkcd.com/viewtopic.php?f=7&t=73384 +[2]: http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase +[3]: http://openwall.com/ +[4]: https://en.wikipedia.org/wiki/Words_%28Unix%29 +[5]: https://www.schneier.com/blog/archives/2011/09/unredacted_us_d.html diff --git a/posts/y00/01a-grim-fandango.markdown b/posts/y00/01a-grim-fandango.markdown new file mode 100644 index 0000000..396ac33 --- /dev/null +++ b/posts/y00/01a-grim-fandango.markdown @@ -0,0 +1,111 @@ +--- +postid: 01a +title: Grim Fandango +author: Lucian Mogoșanu +date: February 23, 2014 +tags: gaming +--- + +

With bony hands I hold my partner, +on soulless feet we cross the floor. +The music stops as if to answer, +an empty knocking at the door. +It seems his skin was sweet as mango +when last I held him to my breast. +But now, we dance this grim fandango, +and will for years until we rest.

+ +Once upon a time there was this guy called Tim Schafer. You might know him from +such epic point and click adventure games such as Day of The Tentacle, The +Secret of Monkey Island, Monkey Island 2 or Full Throttle. Well, one day he[^1] +decided to ruin the point and click, in fact the entire adventure genre for +everyone by creating a non-point and click adventure game. And that game was +called *Grim Fandango*. And it was a glorious piece of art. + + +I've never been too fond of the idea of keyboard/controller-based adventure +games with a fixed camera. Despite my previous experience with Escape From +Monkey Island, I decided to give Grim Fandango a try about six years ago, +mostly due to the many praises I had heard in relation to it. Then, six years +later, I decided to give it another try and delve even deeper into its +universe. + +Grim Fandango is, in short, a very successful combination of "noir" and comedy. +It's noir more than in the traditional sense, by having a hint of black comedy +embedded in its core. It is, I quote the '40ish cover, "an epic tale of crime +and corruption in the land of the dead", telling the story of a Grim Reaper +called Manuel "Manny" Calavera who's living his life, well, his afterlife, in +the dead people's world, trying to get through his mid-afterlife crisis like +any guy who's been dead for too long now does. + + +The game goes through four years of Manny's adventure, the same period it takes +to get to the Ninth Undeworld[^2] by foot. People who have been "good" get a +ticket to a train called The Number Nine, which takes them directly to the +Ninth Underworld. One of the eligible clients, whom Manny steals from his +pompous workmate Domino Hurley, is Mercedes Colomar, the typical innocent lady. +She is pretty much the driver of Grim Fandango's rather thick plot, which you +are familiar with if you've played the game. If you haven't then you should be +really playing the game right now instead of reading this. + +Comic relief is provided in more than one way, either subtly or obviously. +First off, everyone and their dog is a skeleton, forming a rough sketch of +their souls, including skin ridges or funny-looking haircuts. Besides everyone +and their dog, the game is populated with demons used for "menial" tasks such +as driving or taking care of the server[^3], the most notable being Manny's +sidekick Glottis. + + +The graphics are not bad at all, but the aspect where the GrimE engine really +shines is the ability to present scenes and angles in a very movie-like +fashion. The action itself is presented from a few fixed points of view; this +can rapidly become frustrating, as it's often hard to make the character focus +on a specific object and interact with it. However, the cut-scenes look no less +than amazing, more so that the voice actors did a pretty good job. + +Last but not least, the game's soundtrack is mostly big band jazz with some +South American intermissions and influences, exactly what you'd expect from a +noir-infused universe. Since I've been listening to it for about last six +months (and counting), I can only say that it's anything but boring. + +I'll end the post with a quote: + +> All day long, Manny, I sort through pure sadness. I find evidence, and I +> piece together stories. But none of my stories end well -- they all end here. +> And the moral of every story is the same: we may have years, we may have +> hours, but sooner of later, we push up flowers. + +* Membrillo + + + + + + +[^1]: Ok, maybe not as much him as the blazingly idiotic team behind him. It +was, y'know, experimentation, trying to reach new markets, all that mumbo-jumbo +that companies with too much money on their hands pull out of their hats. +Unfortunately LucasArts have had many more years to show this to the public. + +[^2]: The Underworld is most probably inspired from the Aztec Mythology, namely +from [Mictlan][1]. Unfortunately, at the time of writing searching the Web for +"Ninth Underworld" reveals a long list of crap which is supposedly related in +some way or another to the Mayan Calendar. + +[^3]: Sorry, sysadmins. + +[1]: http://en.wikipedia.org/wiki/Mictlan