funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where's Waldo? (challenge)

From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Tue, 5 Jun 2007 15:27:32 -0600 (MDT)
On Tue Jun  5 14:37:49 2007, sam stover wrote:


And again I will say:  If this is a "friendly" competition between
(adult) "friendly" competitors, then I say my method, and TBH Loe's
also, holds water.  In that this is the context of the original post, I
feel that these are valid solutions to the problem as presented.


I see a distinction between "friendly" and "competition".
I can be very competitive with my friends, and not be "friendly".

But I digress...

So far, I have only read two different types of solutions:

(1) The envelope.
  Whether it is a real envelope, a trusted third-party, or an encrypted
  dataset, it is still "something holding proof of discovery".

(2) Hash.
  This could be a cryptographic hash, or a set of directions, but it is
  still a summary of the findings.

Allow me to provide a third type of solution: a description.
(I've been trying to follow this thread and haven't seen this mentioned.
Forgive me if someone already brought this up.)

In the Waldo books, it's never the same picture of Waldo.
Instead, he's doing things or looking in a particular direction.
To prove you found him, you can describe him:
  - He's only got one eye showing and his left arm.
or
  - He's looking at the brunette.
or
  - He's holding a yo-yo.

Alternately, you can describe two people equal distance from Waldo.
  (1) Blond with both arms visible.
  (2) Man with hat looking right.
NOTE: I didn't say where they are in relation to him -- they could be
vertical, horizontal, L-shaped, etc.  The only requirements are a known
distance and vague descriptions.  For more proof and less ambiguity, have
them be anywhere-adjacent to Waldo, or anywhere-adjacent to anyone adjacent
to Waldo.

The whole idea is that these details are not accurate enough to find Waldo
on the page, but are detailed enough to make randomly spouting out a
description unlikely to be correct.

Viewing this as an authentication problem, this is a spot-check checksum.
Given a long sequence of data, you say "the important data is after
the number 27 and before the 9" or "I'm validating the important part of
the sequence: the 8th byte of the important part is 00100110".
If you're wrong, then it's provably wrong.  If you're right, then you
might be guessing, but it is very unlikely.

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: