While snooping around the Internet reading articles, I found this rather interesting article: Diceware. This is a useful technique in generating hard-to-guess passwords/passphrases for use in cryptographic applications or more mundane stuff like securing one's email.
I generally advocate the use of random letters/numbers combination, with symbols thrown in if one's memory is great. With the full set of the English alphabet, as well as the numbers, and having approximately 8 characters in the password, we are looking at 628≈2×1014 different passwords, assuming of course that each character is chosen from a uniform distribution of the 62 characters. I generally find that memorising 8 random alpha-numeric characters as one chunk is not too hard. By that regard, attempting to memorise 16 random alpha-numeric characters as one chunk will take a little bit of effort, which will provide nearly 4×1028 different passwords. Again, by the uniform distribution argument, we are looking at a probability of 4.5×10-15 and 2.1×10-29 of successfully guessing the password. As a comparison, the probability of winning the lottery is about 1 in 14 million (about 7.1×10-8). Go figure.
Despite all these rather impressive figures, most folks still use simple easy-to-guess passwords. Among the top of the list are simple passwords that can be found in the dictionary; among the worst of choices. Oh the pain, the pain! That's another reason why I'm refusing to step into cryptography despite it being my love—the best cryptosystem in the world will always be thwarted due to the idiocy of how the humans in the protocol act/react. The mathematics may be sound, but the weakest link is the human; he/she refuses to follow the protocol to the T, takes shortcuts and makes lots of mistakes in the protocol, resulting in the overall system failure.
Social engineering, anyone? Most of the world's espionage activities do not really involve glorified system cracking by highly elite computer hackers; all it takes is just good old dumpster-diving and piecing the trash back together to re-create the documents that we thought were destroyed.
Am I paranoid? Perhaps, but then again, if in this time and age one isn't paranoid about one's privacy (let alone security), then surely one must be one of the said ignoramuses. I mean, come on, already governments are using automated video surveillance to ensure that anyone who attempts to behave differently will be detected and "neutralised" before they do harm. Sure, if the governing laws are sound, and if the people who are tasked to implement the laws are also sound, and if everyone involved are impartial and work only towards what they are supposed to do to secure our safety, then things will work out well.
Remember my earlier comment about humans being the weakest link? Well, this time around, this can be seen by the various abuses of powers by some of the black sheep of law enforcement. So, who should we trust with our privacy and security?
Terrorism is not about bombing buildings or constructing explosives; it is about creating a society of terror, where folks are scared to do what they normally do. It is a war of ideas, a protracted war of attrition between ideologies and willpower, to see who in the end will prevail. Rational voice gets drowned out by the cacophony of the terrorists who are using our systems against us in the propogation of terror. In the past, we fear folks who are adamant of bombing us, but now, we fear the very folks whom we entrust with the mandate to protect us. By that regard, the terrorists have the slight advantage over us now; we are self-propogating our own fear and terror of the terrorists.
Should we allow them the luxury of gaining something out of nothing then? No. We should never let them sucker us into their scheme. Vigilance and public-spiritedness does not equate to yet more control by a central authority; it is really the cooperative effort of the masses and trained personnel to work together to flush out these sociopaths who choose to present their dissenting ideas using covert rather than overt means. We should strengthen our social institutions to allow the different voices to be heard in public and without prejudice, to be subjected to the critical eye of rationality to decide as a whole by ourselves, what exactly it is we want.
The government serves the people; they are not our lords, and neither are they superior to us. We put the government to power with the trust that they will act in our interests, and not for them to form yet another corporation which takes away the liberties and freedoms that the citizens intrinsically have in the various democratic constitutions. Sadly, this is starting to not be the case anymore; democracy as we know it has evolved to the point where money and not the public good has dominated the landscape. While there might never have been a moral politician, it is even harder to find a politician now whose interest is in the people and not of the money.
We live in trying times, and I fear for the future.
——
On a wholly unrelated note, life's getting rather good now. Spring break is just about half-done, and soon I'd be lamenting about the fast passage of time and the need to hit the grindstone once more. But that aside, things should be a little more uplifting, I guess.
Until next time.
No comments:
Post a Comment