538: Security

Explain xkcd: It's 'cause you're dumb.
Revision as of 19:14, 29 January 2014 by (Talk)

Jump to: navigation, search
Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)
Title text: Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)


The "crypto nerd" would be concerned with strongly encrypting data on his personal machine. This would conceivably come in handy when villains attempt to steal information on his computer. He imagines that due to his advanced encryption, they will be ultimately defeated. Randall suggests that in the real world, people with the desire to access this information would simply torture the nerd to give them the password. Both panels also reference the amount of money used to access the data. In the first the villain is willing to use millions of dollars to construct a super computer, while in the second, he simply uses a $5 wrench. This humorously suggests that the weakest part of computer security is not the computer, but the user.

RSA is a commonly used, public key encryption method. Current standards typically use 1024, 2048, and (more recently) 4096 bit keys. These encryption methods are not yet (feasibly) breakable. A 4096-bit key will remain unbreakable for the foreseeable future.

The title text pokes fun at typical users, who do not have data that would be worth anything to anyone but themselves. Therefore, it is unlikely that the above situation would ever occur. Additionally, the wrench used in the second panel is large, and presumably more than the $5 referenced by the thug.


A Crypto nerd's imagination:
[Cueball is holding a laptop, and his friend is examining it.]
Cueball: His laptop's encrypted. Let's build a million-dollar cluster to crack it.
Friend: No good! It's 4096-bit RSA!
Cueball: Blast! Our evil plan is foiled!
What would actually happen:
[Cueball is holding a piece of paper and giving his friend a wrench.]
Cueball: His laptop's encrypted. Drug him and hit him with this $5 wrench until he tells us the password.
Friend : Got it.

comment.png add a comment! ⋅ Icons-mini-action refresh blue.gif refresh comments!


I was in a flea market one time when I saw a booth who sold wrenches. They were priced starting at $2. There were even $5 wrenches! Yes; I did this in response to this comic strip. No; I did not buy one. (I have no need to "crack" a computer. I just wanted to prove that there is a $5 wrench.) Greyson (talk) 02:15, 3 November 2012 (UTC) (Oops... I forgot to log on... I feel... scared.) Greyson (talk) 02:15, 3 November 2012 (UTC)

Remember the other comic, talking about how much does your time spent to pick up a penny cost? This applies here too! It's not just $5 for the wrench, there is also the time of the guy who will be hitting with it! Although of course the wrench is amortizable over multiple secret extraction sessions, unless it gets bent too much out of shape. 20:57, 31 January 2014 (UTC)

I went to the flea market and bought a $5 wrench, then used it to beat the password out of 2^5 nerds. I just wanted to prove that there is a $5 wrench and that it's reasonable to amortize it over multiple extraction sessions. The wrench is still in good shape, even to use as a wrench. 18:26, 28 January 2015 (UTC)

Why does everyone imagine that the "crypto nerd" will be a "him"? This gendered language is simply reinforcing the sexist stereotypes that serve as the cultural foundation for rape and other symptoms of this sexist worldview. I'm changing this to "him or her"... -- Vctr (talk) (please sign your comments with ~~~~) The text of the comic refers to the cryptonerd being a him. Please check yourself before you wreck yourself. 18:07, 1 May 2015 (UTC)

Same concept as 416: Zealous Autoconfig. Shanek (talk) 12:31, 1 May 2015 (UTC)

What would happen if the owner of the computer used deniable cryptography with some decoy message? -- 08:35, 15 July 2015 (UTC)

As pointed out by the wikipedia article, deniable cryptography might either fool the attackers, or make them keep beating you even after you give them the real password. 22:48, 13 October 2015 (UTC)
Surely if he's encrypting his PC, he should be using something like 256-bit AES/Rijndael, as it's more secure? Walale12 (talk) 10:11, 24 July 2015 (UTC)
Personal tools


It seems you are using noscript, which is stopping our project wonderful ads from working. Explain xkcd uses ads to pay for bandwidth, and we manually approve all our advertisers, and our ads are restricted to unobtrusive images and slow animated GIFs. If you found this site helpful, please consider whitelisting us.

Want to advertise with us, or donate to us with Paypal?