funsec mailing list archives
Re: Where's Waldo? (challenge)
From: sam stover <sam.stover () gmail com>
Date: Tue, 05 Jun 2007 15:39:25 -0400
Valdis.Kletnieks () vt edu wrote:
On Tue, 05 Jun 2007 14:32:35 EDT, sam stover said:But again, this is dependent upon some degree of trust, unlike the kidnapper scenario. But based on the "Where's Waldo"ishness of the thread, I figure my answer works among friends.Right. The problem as stated was finding a method that works between non-friends as well.
Hm, but no. The problem as stated was: This is an interesting excersize (sic) in security, to quote: "A friend of mine gave me a riddle this morning regarding "Where's Waldo?". The riddle is as follows: You and a *friend* play "Where's Waldo?". You solve the puzzle before your *friend*, and you want to prove to your *friend* you solved the puzzle, without giving him any hints. How do you do this?" Zero knowledge? Geographic descriptions? Riddles? Hashes? How do you let your *friend* know that you solved it, without helping out? (*emphasis* is mine) This to me is between friends, which I've tried to keep in focus for each of my posts. Now, that said, it does become exponentially more difficult to accomplish this same thing between non-friends - no argument there. It's *easy* for me to scribble something on a piece of
paper, seal it in an envelope, and *say* "There's where Waldo is" (which is what encrypting the answer basically is). Consider me singularly unimpressed, as any good amateur magician knows how to get the *real* answer into the envelope during the time between when the answer becomes known and when the envelope is opened :)
I'd agree, but again, you are talking about non-friends. In such a case, I could build my own "gpg --decrypt" and make the answer whatever I wanted (possibly the fake passphrase). Not trivial, I would assert, but definitely w/in the realm of possibility. I think the "non-friend" situation will require me to think about this harder than I did for the "friend" situation... ;-) -- S.f.Stover http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15FFC42A _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Where's Waldo? (challenge) ge (Jun 02)
- Re: Where's Waldo? (challenge) Dude VanWinkle (Jun 02)
- Re: Where's Waldo? (challenge) der Mouse (Jun 02)
- Re: Where's Waldo? (challenge) sam stover (Jun 03)
- Re: Where's Waldo? (challenge) Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 04)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 04)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 05)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Dr. Neal Krawetz (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) sam stover (Jun 03)
- Re: Where's Waldo? (challenge) der Mouse (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) der Mouse (Jun 06)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 06)