funsec mailing list archives

Re: Where's Waldo? (challenge)

From: sam stover <sam.stover () gmail com>
Date: Tue, 05 Jun 2007 15:39:25 -0400

Valdis.Kletnieks () vt edu wrote:

On Tue, 05 Jun 2007 14:32:35 EDT, sam stover said:

But again, this is dependent upon some degree of trust, unlike the
kidnapper scenario.  But based on the "Where's Waldo"ishness of the
thread, I figure my answer works among friends.


Right.  The problem as stated was finding a method that works between
non-friends as well.


Hm, but no.  The problem as stated was:

This is an interesting excersize (sic) in security, to quote:

    "A friend of mine gave me a riddle this morning regarding "Where's
    Waldo?". The riddle is as follows:

    You and a *friend* play "Where's Waldo?". You solve the puzzle before
    your *friend*, and you want to prove to your *friend* you solved the
    puzzle, without giving him any hints. How do you do this?"

Zero knowledge? Geographic descriptions? Riddles? Hashes?
How do you let your *friend* know that you solved it, without helping out?

(*emphasis* is mine)

This to me is between friends, which I've tried to keep in focus for
each of my posts.  Now, that said, it does become exponentially more
difficult to accomplish this same thing between non-friends - no
argument there.


 It's *easy* for me to scribble something on a piece of

paper, seal it in an envelope, and *say* "There's where Waldo is" (which is
what encrypting the answer basically is).  Consider me singularly unimpressed,
as any good amateur magician knows how to get the *real* answer into the
envelope during the time between when the answer becomes known and when the
envelope is opened :)


I'd agree, but again, you are talking about non-friends.  In such a
case, I could build my own "gpg --decrypt" and make the answer whatever
I wanted (possibly the fake passphrase).  Not trivial, I would assert,
but definitely w/in the realm of possibility.

I think the "non-friend" situation will require me to think about this
harder than I did for the "friend" situation...  ;-)



-- 
S.f.Stover
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15FFC42A
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Where's Waldo? (challenge) ge (Jun 02)
- Re: Where's Waldo? (challenge) Dude VanWinkle (Jun 02)
- Re: Where's Waldo? (challenge) der Mouse (Jun 02)
  - Re: Where's Waldo? (challenge) sam stover (Jun 03)
    - Re: Where's Waldo? (challenge) Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 04)
    - Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 04)
    - Re: Where's Waldo? (challenge) sam stover (Jun 05)
    - Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
    - Re: Where's Waldo? (challenge) sam stover (Jun 05)
    - Re: Where's Waldo? (challenge) Brian Loe (Jun 05)
    - Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
    - Re: Where's Waldo? (challenge) sam stover (Jun 05)
    - Re: Where's Waldo? (challenge) Dr. Neal Krawetz (Jun 05)
    - Re: Where's Waldo? (challenge) sam stover (Jun 06)
    - Re: Where's Waldo? (challenge) der Mouse (Jun 05)
    - Re: Where's Waldo? (challenge) sam stover (Jun 06)
    - Re: Where's Waldo? (challenge) der Mouse (Jun 06)
    - Re: Where's Waldo? (challenge) sam stover (Jun 06)
    - Re: Where's Waldo? (challenge) Brian Loe (Jun 06)

(Thread continues...)