this post was submitted on 29 Mar 2024
365 points (99.5% liked)

Programmer Humor

19557 readers
618 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 7 months ago (1 children)

The purpose is to access the data. This is a bypass attack, rather than a mathematical one. It helps to remember that encryption is rarely used in the abstract. It is used as part of real world security.

There are actually methods to defend against it. The most effective is a "duress key". This is the key you give up under duress. It will decrypt an alternative version of the file/drive, as well as potentially triggering additional safeguards. The key point is the attacker won't know if they have the real files, and there is nothing of interest, or dummy ones.

[–] [email protected] -2 points 7 months ago (1 children)

I appreciate the explaination, that's a cool scheme, but what I saying is the human leaking the key is not the fault of the algorithm.

Everyone and everything is, on a very pedantic level, weak to getting their ass beat lol

That doesn't make it crypt analysis

[–] [email protected] 5 points 7 months ago (1 children)

An encryption scheme is only as strong as its weakest link. In academic terms, only the algorithm really matters. In the real world however, implementation is as important.

The human element is an element that has to be considered. Rubber hose cryptanalysis is a tongue and cheek way of acknowledging that. It also matters since some algorithms are better at assisting here. E.g. 1 time key Vs passwords.

[–] [email protected] 1 points 7 months ago

Very informative, I think people will learn from what you're saying, but it doesn't really matter to what I'm saying.

Yes, absolutely, consider the human element in your data encryption and protection schemes and implementations.

Beating someone with a pipe is a joke, but not really defeating an algorithm.