Difference between revisions of "Talk:1286: Encryptic"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(Just in case.)
Line 275: Line 275:
  
 
I have no idea who first put the capital letters in "MASH" and "Purloined" in the transcript (and I don't want to check), but now that I've gotten rid of the second (after somebody else got rid of the first), I want to record them here for the record.  Possibly Randall put them in and was feeding us clues (so ''MASH'' the book or movie, and ''Purloined'' a title such as Poe's).  I consider this unlikely (after all, I removed one of these capitalizations), but the possibility should be recorded.  —[[User:TobyBartels|TobyBartels]] ([[User talk:TobyBartels|talk]]) 01:17, 6 November 2013 (UTC)
 
I have no idea who first put the capital letters in "MASH" and "Purloined" in the transcript (and I don't want to check), but now that I've gotten rid of the second (after somebody else got rid of the first), I want to record them here for the record.  Possibly Randall put them in and was feeding us clues (so ''MASH'' the book or movie, and ''Purloined'' a title such as Poe's).  I consider this unlikely (after all, I removed one of these capitalizations), but the possibility should be recorded.  —[[User:TobyBartels|TobyBartels]] ([[User talk:TobyBartels|talk]]) 01:17, 6 November 2013 (UTC)
 +
 +
I can't be a coincidence that this comes up as the top google news search for 'purloined:' http://www.theregister.co.uk/2013/11/05/adobe_users_purloined_passwords_were_pathetic/

Revision as of 01:42, 6 November 2013

The answer to the weathervane sword/ favorite apostle hint has got to be Matthias. It is 8 characters long, Matthias was the apostle chosen to replace Judas and in the Redwall series Matthias is one of the wielders of the Sword of Martin a sword that was hung on a weathervane.

It is unclear to me if these are actual hashes from Adobe file? That would be very cool... but actual file seems to have passwords in slightly different format. http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ 108.162.229.211 09:05, 4 November 2013 (UTC) pavel

I wouldn't call 3DES secure ... but yes, in this situation the real problem is not using per-user salt. Note that I would expect that at least some of those examples would be solvable ...any idea? Hmmm ... sword of weather vane and one of apostles might be Martin ([1]) ... -- Hkmaly (talk) 10:00, 4 November 2013 (UTC)
It's Jonathon (for John). Not sure what it has to do with weather vane swords though... 108.162.240.18 12:42, 4 November 2013 (UTC)
Umm. "Peter" does not seem to have 8 characters, does it? Encryption method suggests it should be 8 characters, as do 8 character boxes on the right... 108.162.229.211 10:43, 4 November 2013 (UTC) pavel
I'd say "weather vane sword", "name1" and "favorite of 12 apostles" is (Saint) Peter. "Weather vane" as symbol for the rooster in the denial, and the sword Peter used when Jesus was arrested. --108.162.254.177 10:25, 4 November 2013 (UTC)
... interesting that google search didn't mentioned it :-) Seems bible have too low pagerank. -- Hkmaly (talk) 10:32, 4 November 2013 (UTC)
The 'favourite' apostle was John the Evangelist though. http://en.wikipedia.org/wiki/Disciple_whom_Jesus_loved . The other biblical clue here is 'with your own hand you have done all this' - Judith 15:10. If that's Judith1510 then the 'name and shirt number' is 'Judith15'. The TOS/earlobes clue seems to be "Spock's brain" and "Spock's (ears?)". And the Michael Jackson one is (obviously) ABC123. 141.101.99.214 11:14, 4 November 2013 (UTC)
Perhaps "favorite" in this case refer's to the user's favorite, not Jesus's. Yomikoma (talk) 16:13, 4 November 2013 (UTC)
The Michael Jackson password should just be "ABC". (The other clue refers only to letters, and the proper song title also has only letters.) —TobyBartels (talk) 20:57, 4 November 2013 (UTC)
Given that name1 is two blocks long, I would guess that the apostle's name is going to be eight characters long, with the second hash block being 1+seven spaces (or nulls if Adobe pads it with nulls and not spaces). But then again, as the only disciple with a name eight letters long is Thaddeus maybe not 141.101.99.214 (talk) (please sign your comments with ~~~~)
"St.Peter" is 8 characters, and having a "special" character (the period) makes it a good choice for passwords that might require 1 non-alphanumeric character (and ban spaces). 141.101.99.223 11:47, 4 November 2013 (UTC)
I think it is obvious that Name1 refers to {The user's name} + 1. I wonder though if we should be referring to one of the other 12 apostles in a different context? https://en.wikipedia.org/wiki/Twelve_Apostles_%28disambiguation%29 - 108.162.242.11 18:02, 4 November 2013 (UTC)
Is the "weathervane sword" referring to Redwall? I haven't read the book myself, but would it be referring to the "Sword of Martin"? [2] --Jeff (talk) 19:17, 4 November 2013 (UTC)

Another article about using passwords hints from multiple users to find the passwords from the breach. http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html Bugefun (talk) 11:06, 4 November 2013 (UTC)

"Sexy earlobes" makes me think of "The ABC of Aerobics", but that would make that Shirley Clarke, and nothing in Star Trek has anything to do with Shirley that I am aware of, except possible Shirley Bonne as Ruth. I skimmed a list of episode titles, but nothing jumps out at me as particularly earlobish. 108.162.219.187 11:20, 4 November 2013 (UTC)

Sexy earlobes might have something to do with Ferengi, but they didn't appeared in TOS. 141.101.99.214's idea is better. -- Hkmaly (talk) 11:42, 4 November 2013 (UTC)
OK, we know that "sexy earlobes" and "best TOS Episode" are the same for the first eight character, but differ after that, while "best TOS" and "sugarland" are the same after the first 8 characters. So, my guesses are : Best TOS episode: "Charlie X"; "Sexy Earlobes": Someone with the first name of "Charlie"; "Sugarland": some city in Texas (perhaps "HoustonTX") JamesCurran (talk) 16:51, 4 November 2013 (UTC)

Note that you should not ever use cipher in ECB (electronic codebook) mode, i.e. encrypt each block separately and independently, but use chaining. --JakubNarebski (talk) 12:15, 4 November 2013 (UTC)

And for passwords you shouldn't be using a cipher at all, but rather a hash function. (Or a cipher in one of the approved hash constructions, if you must.) And really you shouldn't be using a standard hash function, but be following best practices for passwords instead: salting the hash, using a *slow* hash function, etc. Cscott (talk) 20:22, 4 November 2013 (UTC)

Hmm, i'm rather confused about the last few on the list though. Assumedly the password for "he did the mash, he did the" would be "monster mash", but that would leave "purloined" with a password of either "monsterm" or "monster ". which doesn't make much sense. 108.162.240.18 13:47, 4 November 2013 (UTC)

(charlie sheen) a1f9b2b6299e7a2b eadec1e6ab797397 sexy earlobes - He did a 2 and a half men episode on sexy earlobes

(charlie x) a1f9b2b6299e7a2b 617ab0277727ad85 best tos episode - Star Trek has so many good episodes...
(houstontx) 39738b7adb0b8af7 617ab0277727ad85 sugarland - Sugarland is in Houston, TX

I don't know about anyone else, but the "hints" column incidentally reminded me of Darwinian Poetry... Not intentionally, I'm sure. 141.101.98.214 14:46, 4 November 2013 (UTC)

Somehow I've missed out on this issue until this comic alerted me to it, but: once a few passwords are correctly guessed, does that make it straightforward to recover the encryption key, and then be able to decrypt all of them? —scs (talk) 14:50, 4 November 2013 (UTC)

Answering my own question: not really straightforward, no. 3DES is still pretty strong, and what knowing a few passwords gives you is a known-plaintext attack, which helps a little, but is by no means a giveaway. —scs (talk) 15:00, 4 November 2013 (UTC)
Note that if blackhat used this service, he would know at least one plaintext - his own password--JakubNarebski (talk) 15:05, 4 November 2013 (UTC)
No, for calculating the encryption key of Triple DES, there is no real benefit in knowing million passwords, you would still need to brute force it. You would need to know at least 232 different passwords to make it easier but you can't do that with the leaked file (there are about 30 times less of them and moreover many of them are not unique). STEN (talk) 16:08, 4 November 2013 (UTC)

Okay, so the first column is the encrypted password, the second one is the hint chosen by user. What do rectangles mean? 173.245.53.151 15:28, 4 November 2013 (UTC)

That are the fields to fill the characters in just as you do in a crossword puzzle. There are small fields at the beginning that take one character each and one large field at the end that takes one to eight characters. STEN (talk) 15:32, 4 November 2013 (UTC)

Water 3 is an egg group: http://bulbapedia.bulbagarden.net/wiki/Water_3_(Egg_Group) . Given the length of the key, it will probably be 9-16 characters. (Crawdaunt, tentacool, and tentacruel are most likely) 199.27.128.139 15:43, 4 November 2013 (UTC)

-- which means 9dca1d79d4dec6d5 is either L, EL, or T, but I can't find a way for that to match up with any variation of "monster mash." 173.245.55.209 16:15, 4 November 2013 (UTC)
Same problem here... Monster mash must not be correct, but it is one of the easier ones, I can't give up on it. --Jeff (talk) 17:35, 4 November 2013 (UTC)
Maybe, he did the MASH is about the book, movie or TV Show M*A*S*H instead? --Jeff (talk) 17:49, 4 November 2013 (UTC)
Monster Mash was written by Bobby Pickett, maybe it has something to do with him? STEN (talk) 18:38, 4 November 2013 (UTC)
Maybe it's not "monster mash" but just "monster". This would allow the Water-3 Pokemon to be "Cloyster". 108.162.237.5 19:17, 4 November 2013 (UTC)
You are having trouble counting to eight. Cscott (talk) 20:22, 4 November 2013 (UTC)
You are forgetting the space. Assuming space is stored as a null character, this might actually work.173.245.54.29 01:43, 5 November 2013 (UTC)
Nobody in their right mind would encode spaces as nulls. For us to suppose that they did, we'd need to have some specific clue to that effect. 108.162.238.5 09:08, 5 November 2013 (UTC)

It seems to me there are two puzzles here, if folks are right that this is not actual data from the hack. 1) Figure out Adobe's master 3DES encryption password, for the big prize. 2) figure out Randall's 3DES encryption password for this puzzle based on these hints, and knowing it will be something clever. Nealmcb (talk) 16:12, 4 November 2013 (UTC)

Trying to decode the passwords (As Randall obviously wants us to) "with your own hand you have done all this" is from the book of Judith. Working on decoding the others. --Jeff (talk) 17:13, 4 November 2013 (UTC)

8babb6299e06eb6d = password a0a2876eb1ea1fea = 1 85e9da81a8a78adc = 57 --Jeff (talk) 18:10, 4 November 2013 (UTC)

Weather Vane Sword may be a reference to Game of Thrones Ascent. The "Sworn Sword", I believe is "Rona" which is also a name. 173.245.55.216 18:27, 4 November 2013 (UTC)

It needs to be a name of an apostle (as per line 7) and have 7 or 8 characters (as line 3 needs a continuation) so this leaves Matthew, Thaddeus and (Judas) Iscariot. STEN (talk) 18:57, 4 November 2013 (UTC)


If a password(or 8 character segment) is guessed can it be confirmed? Somebody should take this leaked list and create a website that presents it like in the comment and lets people guess. It can fill in the guessed ones. 108.162.246.117 19:17, 4 November 2013 (UTC)

I'm putting in Mattias for the sword, name1 and disciple because of Saint Matthias [3] and Redwall Matthias [4] who held the Weathervane Sword (Also known as the sword of Martin [5] ) --Jeff (talk) 19:27, 4 November 2013 (UTC)

I've also removed "monster mash" from the list as it can't be right. Doesn't match the pokemon or the purloined clues. --Jeff (talk) 19:27, 4 November 2013 (UTC)

Based on the Water-3 Pokemon hint, the only possibilities of more than 8 characters are tentacool, tentacruel, barbaracle, crawdaunt, carracosta, clauncher, and clawitzer. This would mean "9dca1d79d4dec6d5" would be l, el, le, t, ta, or r. --Dvorakmd (talk) 19:51, 4 November 2013 (UTC)

This is assuming there are no characters before the actual name of the pokemon. 173.245.55.209 20:30, 4 November 2013 (UTC)
Assuming Randall has constructed this comic to have a unique answer, it can't end in r because then the clue would be ambiguous (could be clauncher or clawitzer). Cscott (talk) 21:53, 4 November 2013 (UTC)
Some of these can be ruled out; it's very unlikely to be a Generation VI Pokémon (Barbaracle, Clauncher and Clawitzer) as this has only just come out and someone would have had to set up their pasword within the last few weeks. And the Pokémon that are also in the Water-1 group are probably more likely to be thought of as Water-1 than Water-3 (Crawdaunt and Carracosta). This only leaves Tentacool and Tentacruel as longer than 8 letter Water-3 only Pokémon that have been known of for a reasonable length of time; and Tentacool is no one's favourite, as the annoying multitude of them that show up whenever you try to Surf anyway makes them as reviled as Zubats in caves, if not moreso. :P Of course, the password need not be simply the Pokémon's name alone. "SexyShellder" "Cloyster1987" "Misty'sStarmie"... Who knows? 141.101.99.252 01:03, 5 November 2013 (UTC)

I don't know the answer to the end either, but here's a list of people who did the Monster Mash, from Wikipedia:

  • Bobby Picket (as Boris Picket)
  • Garpax Records (Gary S. Paxton)
  • The Misfits
  • far, far too many other covers to list

And here's some synonyms for "purloined", from thesaurus.com:

  • stole
  • pilfered
  • filched
  • misappropriated
  • embezzled
  • burglarized
  • shoplifted
  • poached
  • pillaged
  • cheated
  • pinched
  • heisted
  • thieved
  • plundered
  • appropriated
  • lifted
  • took
  • snitched
  • defrauded
  • swindled
  • ripped off
  • made off with

Good luck with these! —TobyBartels (talk) 20:31, 4 November 2013 (UTC)

What about Purloined referring to "The Purloined Letter?" When choosing hints, people, at least in my experience, tend to use word association rather than synonyms. 173.245.55.209

Purloined could also be a reference to the Monster.com hack (http://www.symantec.com/connect/blogs/monster-trojan). 108.162.237.11 21:00, 4 November 2013 (UTC)

Words meaning purloined that can have the listed suffixes could be embezzle/embezzler or scrounge/scrounger. Not sure if it fits to the mash clue. There was a loan shark character who would acquire things on MASH called Rizzo, it is a stretch though. 108.162.246.117 21:01, 4 November 2013 (UTC)

I'm still trying to figure out how the solutions go into the spaces on the right -- it may be more obvious once the last couple clues are figured out. I suspect the ordering and numbers of clues have some sort of meaning. Why are there 5 of the 877... passwords, 2 with no clues? Why is one of the 4e18.... passwords separated from the rest? 108.162.221.28 21:07, 4 November 2013 (UTC)

Could Purloined be a reference to the "Purloined Shadows" book in Elder Scrolls? --Dvorakmd (talk) 21:09, 4 November 2013 (UTC)

Or 'The Purloined Payroll', a WoW quest? "Purloined in Petrograd" is also a lyric to a Decemberists song (The Bagman's Gambit). Google n-grams suggests that "Purloined Image", and "purloined documents" are a Thing. Cscott (talk) 21:58, 4 November 2013 (UTC)

Purloined could be a reference to something that is known as have been stolen like a work of art, or it could be something that was stolen in an XKCD comic. 108.162.246.117 21:18, 4 November 2013 (UTC)

EdgarPoe(author of The Purloined Letter)/EdgarPoet fits, but again not really anything to do with MASH. 108.162.246.117 21:27, 4 November 2013 (UTC)

Water-3 pokemon (egg group) are given here: http://bulbapedia.bulbagarden.net/wiki/Water_3_(Egg_Group) ...if I split off the letters of their names after the 8th letter, we see l, el, le, t, ta, and r. So the MASH item ends with one of those suffixes. 199.27.128.167 21:31, 4 November 2013 (UTC)

Can't end in 'r', because then that clue would be ambiguous. Cscott (talk) 21:53, 4 November 2013 (UTC)
Speaking of pokemon, could the clue to purloined have something to do with the pokemon Purrloin? http://bulbapedia.bulbagarden.net/wiki/Purrloin_(Pok%C3%A9mon) 108.162.221.43 23:51, 4 November 2013 (UTC)

Is there a reason "MASH" is capitalized in the above sections? Given the context, it shouldn't be, and I still haven't given up on the password being a reference to the monster mash. That said, we can't ignore the movie/show MASH. Also, now that I think about it: pokeMONstermash? I don't know, just throwing ideas out :P 173.245.55.209 22:08, 4 November 2013 (UTC)

On reddit they suggest "Letterman" (which is wrong, too many letters) based on the M*A*S*H episode, "Letters". Cscott (talk) 22:11, 4 November 2013 (UTC)

...on the other hand, I wonder if an answer like "ALANALDA" would work? As in, someone who "did the M*A*S*H"... Cscott (talk) 22:13, 4 November 2013 (UTC)
Sadly, no. Because it needs to be more than 8 characters. --Jeff (talk) 22:17, 4 November 2013 (UTC)
No, I mean, "an answer of this form", not ALANALDA exactly. The Edgar Allan / Alan Alda congruence is tasty, but I can't make it work. ALLANPOE works as an answer for "Purloined" but that makes something like ALLANPOET the answer to "he did the MASH" (CRAWDAUNT is then the pokemon). But that's misspelling Alda's name for the MASH clue, doesn't quite work. There's also JAMIEFARR (Cpl Klinger) as a better answer to "he did the MASH" but then that makes JAMIEFAR the answer to "purloined" and I can't plausibly make that work. ALLANARBUS is another M*A*S*H actor, but that doesn't work at all. Can anyone come up with other/better ideas in this vein? Cscott (talk) 22:31, 4 November 2013 (UTC)
Don't misspell Alda's name; misspell Poe's! —TobyBartels (talk) 02:07, 5 November 2013 (UTC)

In crossword puzzles, a clue ending in -ed (like 'purloined') is most commonly a hint that the answer ends in 'ed'. Cross referencing that with the Pokemon clue, the solution for "he did the MASH" becomes a nine or ten letter answer ending in: -edl, -edel, -edle, -edt, or -edta (excluding -edr due to non-uniqueness), with ......edle looking the most "English-y" to me. My hunch would be something else Robert Altman or Alan Alda "did"... but nothing seems to end in 'edle.' --Willowy burrito (talk) 23:07, 4 November 2013 (UTC)

There is no indication that this is a standard crossword. Most users don't respect crossword conventions when writing password hints. Cscott (talk) 23:59, 4 November 2013 (UTC)
Aside from the title. And the text. And the fact these didn't come from users, but were just chosen for a puzzle designed by Randall, who would include just this sort of puzzler hint/in-joke in a comic about puzzles. It's moot, because no synonyms for 'stolen' make any sense with a couple other letters tacked on the end. But still, there've been worse hunches. --Willowy burrito (talk) 00:45, 5 November 2013 (UTC)

For all we know, his favourite Water-3 Pokémon could be Shell Smash Cloyster or Shell Smash Omastar - "OmastarSmash" as a password would fit in with "Monster mash". 141.101.99.252 23:16, 4 November 2013 (UTC)

I like that idea, although it leaves "Monster " (with a trailing space) as the answer to "Purloined", which makes no sense. But interesting idea. Cscott (talk) 00:00, 5 November 2013 (UTC)

MonsterMash MonsterM TheWiscash -- Jcupcake (talk) (please sign your comments with ~~~~)

It's "Whiscash", and it's Water 2 (not 3) and "MonsterM" makes no sense as an answer for the hint "Purloined". But I like the idea of adding "The" in front of the pokemon answer; perhaps we're being too restrictive by looking only at pokemon with length > 8. Cscott (talk) 23:59, 4 November 2013 (UTC)
Yeah, sorry about the typo - last one would be TheWhiscash. MonsterM absolutely makes sense. http://www.hoax-slayer.com/monster-666.shtml The purloined letter here IS M Jcupcake (talk) 02:40, 5 November 2013 (UTC)

So somewhere above this someone pointed out that purloined could refer to a monster.com hack...in which case, could the first two passwords be "monster mash" and "monster"? That would allow for another previous suggestion of "OmastarSmash" Also, here's my IP Address and a remarkably not-random timestamp: 108.162.219.195 01:31, 5 November 2013 (UTC)

It could also be that there are modifiers to the base. I always thought of Monster Mash as MonstaMash. This would line up closely with My Corphish written as "mycorphish" My favorite pokemon is my pikachu not just any pikachu, but mine, sort of logic. Bitassassin (talk) 01:43, 5 November 2013 (UTC)

Could "he did the mash" be referring to brewing and/or the Maillard reaction? Cscott (talk) 05:32, 5 November 2013 (UTC)

I was just thinking that "MonsterM Ash", "MonsterM", both seem to make sense, and Ash had a few water pokemon in the water 3 egg group, so could it potentially be something along the lines of "Corphish Ash"? That was the only 8 letter water 3 pokemon he had and it fits with the other clues NewToThis (talk) 07:25, 5 November 2013 (UTC)

Has the idea of pokemon fusion been considered? http://pokemon.alexonsager.net/ referenced by http://kotaku.com/how-the-website-that-lets-you-create-frankenstein-pokem-510517336 --Oukansz (talk) 19:25, 5 November 2013 (UTC)

Fanservice

Randall must know about this site. This comic doesn't work without people to crack the code. Should we have a fanservice category? :-) --SurturZ (talk) 23:32, 4 November 2013 (UTC)

I'm beginning to suspect that the wide boxes will have the key in it. Assuming he used regular DES (or DES3, for that matter, but using the same 8-byte key 3 times), it could be plausible. The 5 in the middle could be 'abcde', a lot of the other 'second halves' are numbers, and the likely known one that's not seems to be an 'x' -- which could certainly be involved in writing a hex number... problem is there's 11 of those boxes. Trying to guess what signficance the positioning of those boxes have. 108.162.221.28 00:00, 5 November 2013 (UTC)

Actually, it looks like the boxes line up perfectly such that the wide bits (for second-half) will only touch the words they apply to. Order will be more or less what they are (I see the wide boxes as, in order, 1, 57, 10, Sheen, and X, with the 8 char boxes as Matthias, Password, Judith15, Charlie, and HoustonT). The next 5 are odd -- I'm not sure if we repeat the alpha/obvious password 5 times, or it's 5 chars long (abcde) and one per box. The last set is still under discussion, of course. 108.162.221.28 00:20, 5 November 2013 (UTC)

MASH capitalized

I'm currently chasing down the idea that MASH refers to Wikipedia:MASH-1. Haven't seen any name yet that looks like it might satisfy "Purloined". - BozoTheScary (talk) 01:56, 5 November 2013 (UTC)

I think MASH is a transcribing error. The comic doesn't have any difference on those letters as far as I can tell. 173.245.50.222 03:18, 5 November 2013 (UTC)

The Purloined Letter is a Edgar Alan Poe story starring C. Auguste Dupin. Might help. 108.162.249.5 03:08, 5 November 2013 (UTC)

There is also a strong association between the Monster Mash and the Mashed Potato, just throwing another idea into the ring. Also try the name BobbyPickett. 108.162.249.5 03:22, 5 November 2013 (UTC)


Frankenstein did the Monster Mash in the cartoon for the song. That leads to a Pokemon card ending in 'tein' and 'frankens' for the hint Purloined. I could not find a Pokemon card that ended in 'tein' nor could I link 'frankens' with Purloined. I ran 'frankens' through Google Translate but found nothing. Also, it's the same password for the "monster mash" hint and the entry with no password hint so I think it's an obvious password (something someone can recall without a hint). Frankenstein fits that part but not the other ones. 173.245.50.222 03:35, 5 November 2013 (UTC)

My $0.02: "He did the mash..." might allude to the expression "doing the math" only (intentionally) misspelled and something like "numbert" or "numb" could be the answer. --RagnarDa (talk) 04:01, 5 November 2013 (UTC)

graveyard smash fits for the first clue (though lyrically incorrect). Gives smash as second block, but cannot find association between graveyard and purloined. 108.162.249.5 04:08, 5 November 2013 (UTC)

If we take The Monster Mash for the first answer, it could be written as TheMonsterMash or The Monster Mash, giving either TheMonst erMash or The Mons ter Mash as the two blocks. This gives either Themonst or The Mons as Purloined and either ermash or ter Mash for second block of pokemon answer. Suggestions? 108.162.249.5 04:15, 5 November 2013 (UTC)

Only problem is that the word "the" is the last word of the hint.108.162.237.117 04:51, 5 November 2013 (UTC)

I know that the water-3 group is not the same, but it seems like an odd coincidence that another pokemon group is the "monster" group. --Natnee (talk) 04:44, 5 November 2013 (UTC)

There is a Scooby Doo comic book story titled "[The Purloined Poe-M](http://scoobydoo.wikia.com/wiki/The_Purloined_Poe-M)", which has an odd similarity to the "MonsterM" possible password. This would leave the pokemon password ending "ash" who, of course, is a pokemon character ... which makes no sense in that place. 199.27.128.83 05:51, 5 November 2013 (UTC)

Here's one that fits:
facemash4077 (Combination of facemash by zuckerberg and M*A*S*H)
facemash (Site made by Zuck in The Social network.)

Maybe facmashklinger.. The eggklinger being a water-3 Pokemon? 108.162.215.39 06:14, 5 November 2013 (UTC)rbnm

Working Backwards

I'm attempting to take a different tact, by trying to find the key itself. I'm assuming its something easy to guess. I've tried the top 100 Adobe passwords (you can get them here) using the following bash script (testing the word "matthias", as this one seems pretty certain):

while read p; do echo -n $p\: && echo -n "matthias" | openssl enc -e -des-ede3 -nosalt -nopad -pass pass:$p | xxd -p; done < passwords.txt

For this to work, I pre-processed the top 100 passwords file with:

cat adobe-top100.txt | cut -c51- > passwords.txt

…and then trimmed the cruft with a text editor (leading text paragraph and table headers). So far no luck; perhaps someone with more time on their hands can try some obvious XKCD-related passwords (I've tried XKCD, xkcd, xkcd.com, randall, rmunroe, encryptic, and Encrytic) and see if the encrypted version(s) match up with what we have here. Yaztromo (talk) 09:27, 5 November 2013 (UTC)

I should mention that I've also tried OpenSSL's des-ede mode and des-ecb, as Im not sure if Randall used one, two, or three key mode. I'm also assuming the key has been generated from the password using OpenSSL's default key generation method, any of with I suppose could be incorrect. Yaztromo (talk) 09:39, 5 November 2013 (UTC)
Nice work. Note that the puzzle is very specific about using "block mode 3-DES" (usually called "ECB"). DES keys are actually 56 bits; each of the 8 bytes has odd parity (the number of 1 bits is odd). From wp, "Bits 8, 16,..., 64 are for use in ensuring that each byte is of odd parity." As a wild guess, I'd suggest that, if Randall chose a readable 8-ASCII-character passphrase, he also selected only characters that would make the parity bit zero (so that the result was ASCII). That is, [ #%&)*,/12478;=>@CEFIJLOQRTWX[]^abdghkmnpsuvyz|]. Cscott (talk) 16:34, 5 November 2013 (UTC)
Uh, hold one. Read the "Explanation" section above. It's clear that the hashes are not real, so brute-forcing the key isn't going to work. Cscott (talk) 16:48, 5 November 2013 (UTC)
Just to note, there are actually three options for keys in TripleDES: having three independent keys (K1, K2, K3), having two independent keys (K1, K2, K1), or using a single key (K1, K1, K1). When run in ECB mode, OpenSSL calls these des-ede3 and des-ede for options 1 and 2 (option 3 is for backwards compatibility with DES, and can be run using just des-ecb). See Triple DES - Keying Options for details. In addition, the password and the key are two different entities -- typically the password is run through a keying algorithm first (commonly PBKDF2 for 3DES), so there is no need to select password characters based on parity patterns. All of which is moot now that we know that the data isn't in fact TripleDES encrypted in the first place. I'm actually disappointed in Randall now :P. Yaztromo (talk) 19:01, 5 November 2013 (UTC)

I Hadn't seen it mentioned yet, but Monster Mash was written by Robert George Pickett (http://en.wikipedia.org/wiki/Bobby_Pickett), Whose last name goes closely with the second clue, Purloined, which means "stolen". I can't make it work, but I figured it was worth pointing out. (Nov 5th 1:26 pm utc ) 173.245.56.24 13:27, 5 November 2013 (UTC)

It's a good connection. Maybe we should reorganize the discussion and start a list of "interesting ideas we can't quite make work" in the hopes that someone else has an insight. Edgar Allan / Alan Alda, Pickett / "Pick it", Klinger / Kingler, etc. Most of these are just manifestation of the human brain's ability to find patterns even in random coincidence, of course, but one of them might be on the right track. Cscott (talk) 16:23, 5 November 2013 (UTC)

Just quick thoughts. I feel like Cpl klinger and the water type kingler is too solid a connection to ignore even though I can't really use it. Kingler was owned in the series by Ash. Ash is a three letter word and the last three letters of the phrase monstermash. Monsterm=8 letters so the first block ash=3 letters in the second block. Monsterm is about the monster.com thing, therefore purloined. It's a double reference, the .co has been purloined from the purloined website. Then blastoise -3, or rather blastois3 - 3 (mocking the common password meme of replacing letters with numbers) So the last password, which is super hard to guess and well chosen even with the clue is, blastoisash? It's a feasibly memorable password that would not be quickly forgotten by a pokemon fan while still being hard to guess. Can you think of a way to check it? Maybe go into the old command line xkcd and try it as a password? (From a contributor to my talk page) --Jeff (talk) 13:52, 5 November 2013 (UTC)

That's really a stretch. ".co is purloined from monster.com?" really? The answer will be far more obviously correct... once we figure it out. Look at the other answers, for example. Cscott (talk) 16:23, 5 November 2013 (UTC)
another quick idea for monster mash

It could be deflection. Maybe whoever put it in was paranoid. Or just dumb. Or who knows.

But, there is a pokemon that's in the monster/water(-1) hybrid group called Marshtomp.

Monster mash, mashed (ie anagrammed) can give us all but the P out of that... which is fine, as it's a 9-letter name.

Thus we have E, N and S left over (and indeed a further T, H, E), which could become overall, e.g, Marshtomens (...Marshtomethens? Or w/e), which you can split up as you like to represent something which has been stolen (personally). Possibly in german slang or something. It doesn't have to be a direct thesaurus link, it could well be complete misdirection (on Randall's behalf, or that of his notional Adobe user), same as for the pokemon.

And for the pokemon itself, it could well be "Marshtomp3" ;)

Also, don't forget about reversed words and so-on.

Heck, I've used very personal and/or random things (like, maybe two or three people in the world may recognise it in connection with me, and it's not online, at least not anywhere it can be found - basically it's just in my head and dies with me), reversed, with numbers substituting random characters, as passwords before. That covers each individual base in just one PW...

Now we just have to start feeding the guesses into a hash engine and try to figure out, maybe brute force, what the original key was. Knowing almost all of the other answers already makes this far, far easier for those who may have the facility to run the tests already. 141.101.99.213 14:54, 5 November 2013 (UTC)

This is not a real excerpt from the password file, this is a puzzle which Randall made up. Therefore, the answer to the last group will not be random, and it will not be a stretch. It will be obvious (as obvious as the previous ones)... once we figure out the catch. Cscott (talk) 16:23, 5 November 2013 (UTC)

FWIW, Eve Online also features a "Purloined Sansha Codebreaker". Cscott (talk) 17:16, 5 November 2013 (UTC)

I agree that the solution has to be obvious - especially after its revealed. If this were a crossword puzzle, then the clues like Purloined might be followed by a question mark. Purloined? a cat that is loined - a cat that is covered with cloths? Puss in boots? Or something along those lines... 108.162.215.34rbnm

purloined=phished (Corphish)? 108.162.216.227 (talk) (please sign your comments with ~~~~)

i wonder if the link between the last three clues is more like a cryptic crossword puzzle---for instance, --purloined= heisted; the other clues reading it as he/is/ted...?--Wwd (talk) 22:40, 5 November 2013 (UTC)

I wonder if the pokemon could be the name of an ubuntu release, per "Not Really Into Pokemon" at http://xkcd.com/178/ --Willowy burrito (talk) 22:45, 5 November 2013 (UTC)

You could also abbreviate Robert Pickett's name (the co-writer of Monster Mash) as "Rob Pickett" which goes even more with purloined (the first 8 letters are now "Rob Pick").

Capitalization hints?

I have no idea who first put the capital letters in "MASH" and "Purloined" in the transcript (and I don't want to check), but now that I've gotten rid of the second (after somebody else got rid of the first), I want to record them here for the record. Possibly Randall put them in and was feeding us clues (so MASH the book or movie, and Purloined a title such as Poe's). I consider this unlikely (after all, I removed one of these capitalizations), but the possibility should be recorded. —TobyBartels (talk) 01:17, 6 November 2013 (UTC)

I can't be a coincidence that this comes up as the top google news search for 'purloined:' http://www.theregister.co.uk/2013/11/05/adobe_users_purloined_passwords_were_pathetic/