funsec mailing list archives
Re: Where's Waldo? (challenge)
From: sam stover <sam.stover () gmail com>
Date: Wed, 06 Jun 2007 09:17:12 -0400
Dr. Neal Krawetz wrote:
On Tue Jun 5 14:37:49 2007, sam stover wrote:And again I will say: If this is a "friendly" competition between (adult) "friendly" competitors, then I say my method, and TBH Loe's also, holds water. In that this is the context of the original post, I feel that these are valid solutions to the problem as presented.I see a distinction between "friendly" and "competition". I can be very competitive with my friends, and not be "friendly". But I digress... So far, I have only read two different types of solutions: (1) The envelope. Whether it is a real envelope, a trusted third-party, or an encrypted dataset, it is still "something holding proof of discovery". (2) Hash. This could be a cryptographic hash, or a set of directions, but it is still a summary of the findings. Allow me to provide a third type of solution: a description. (I've been trying to follow this thread and haven't seen this mentioned. Forgive me if someone already brought this up.) In the Waldo books, it's never the same picture of Waldo. Instead, he's doing things or looking in a particular direction. To prove you found him, you can describe him: - He's only got one eye showing and his left arm. or - He's looking at the brunette. or - He's holding a yo-yo. Alternately, you can describe two people equal distance from Waldo. (1) Blond with both arms visible. (2) Man with hat looking right. NOTE: I didn't say where they are in relation to him -- they could be vertical, horizontal, L-shaped, etc. The only requirements are a known distance and vague descriptions. For more proof and less ambiguity, have them be anywhere-adjacent to Waldo, or anywhere-adjacent to anyone adjacent to Waldo. The whole idea is that these details are not accurate enough to find Waldo on the page, but are detailed enough to make randomly spouting out a description unlikely to be correct. Viewing this as an authentication problem, this is a spot-check checksum. Given a long sequence of data, you say "the important data is after the number 27 and before the 9" or "I'm validating the important part of the sequence: the 8th byte of the important part is 00100110". If you're wrong, then it's provably wrong. If you're right, then you might be guessing, but it is very unlikely.
Definitely a better solution to the problem than anything I've come up with - but it still doesn't address the issue that der Mouse brought up. You've presented information that, at a later date, can be used to verify that you did know the answer when you provided the details, but it doesn't prove to the other party that you did find him when you relay the information. Maybe this is what Valdis was referring to when he used the kidnapper/newspaper analogy? While I don't think that strictly applies (kidnappers aren't in a competition with the victims' family to solve a problem - at least not in the way I'm thinking of this one :-), but I do see how it relates to proving that you know something without giving it away. So it took me a couple of days to get the point - what can I say? I'm an idiot at heart... -- S.f.Stover http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15FFC42A _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Where's Waldo? (challenge), (continued)
- Re: Where's Waldo? (challenge) sam stover (Jun 03)
- Re: Where's Waldo? (challenge) Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 04)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 04)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 05)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 05)
- Re: Where's Waldo? (challenge) Dr. Neal Krawetz (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) sam stover (Jun 03)
- Re: Where's Waldo? (challenge) der Mouse (Jun 05)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) der Mouse (Jun 06)
- Re: Where's Waldo? (challenge) sam stover (Jun 06)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 06)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 06)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 06)
- Re: Where's Waldo? (challenge) Dude VanWinkle (Jun 06)
- Re: Where's Waldo? (challenge) Brian Loe (Jun 06)
- Re: Where's Waldo? (challenge) Valdis . Kletnieks (Jun 06)