Talk:1286: Encryptic

Explain xkcd: It's 'cause you're dumb.
Revision as of 15:47, 4 November 2013 by 199.27.128.139 (talk)
Jump to: navigation, search

It is unclear to me if these are actual hashes from Adobe file? That would be very cool... but actual file seems to have passwords in slightly different format. http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ 108.162.229.211 09:05, 4 November 2013 (UTC) pavel

I wouldn't call 3DES secure ... but yes, in this situation the real problem is not using per-user salt. Note that I would expect that at least some of those examples would be solvable ...any idea? Hmmm ... sword of weather vane and one of apostles might be Martin ([1]) ... -- Hkmaly (talk) 10:00, 4 November 2013 (UTC)
It's Jonathon (for John). Not sure what it has to do with weather vane swords though... 108.162.240.18 12:42, 4 November 2013 (UTC)
Umm. "Peter" does not seem to have 8 characters, does it? Encryption method suggests it should be 8 characters, as do 8 character boxes on the right... 108.162.229.211 10:43, 4 November 2013 (UTC) pavel
I'd say "weather vane sword", "name1" and "favorite of 12 apostles" is (Saint) Peter. "Weather vane" as symbol for the rooster in the denial, and the sword Peter used when Jesus was arrested. --108.162.254.177 10:25, 4 November 2013 (UTC)
... interesting that google search didn't mentioned it :-) Seems bible have too low pagerank. -- Hkmaly (talk) 10:32, 4 November 2013 (UTC)
The 'favourite' apostle was John the Evangelist though. http://en.wikipedia.org/wiki/Disciple_whom_Jesus_loved . The other biblical clue here is 'with your own hand you have done all this' - Judith 15:10. If that's Judith1510 then the 'name and shirt number' is 'Judith15'. The TOS/earlobes clue seems to be "Spock's brain" and "Spock's (ears?)". And the Michael Jackson one is (obviously) ABC123. 141.101.99.214 11:14, 4 November 2013 (UTC)
Given that name1 is two blocks long, I would guess that the apostle's name is going to be eight characters long, with the second hash block being 1+seven spaces (or nulls if Adobe pads it with nulls and not spaces). But then again, as the only disciple with a name eight letters long is Thaddeus maybe not 141.101.99.214 (talk) (please sign your comments with ~~~~)
"St.Peter" is 8 characters, and having a "special" character (the period) makes it a good choice for passwords that might require 1 non-alphanumeric character (and ban spaces). 141.101.99.223 11:47, 4 November 2013 (UTC)


Another article about using passwords hints from multiple users to find the passwords from the breach. http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html Bugefun (talk) 11:06, 4 November 2013 (UTC)

"Sexy earlobes" makes me think of "The ABC of Aerobics", but that would make that Shirley Clarke, and nothing in Star Trek has anything to do with Shirley that I am aware of, except possible Shirley Bonne as Ruth. I skimmed a list of episode titles, but nothing jumps out at me as particularly earlobish. 108.162.219.187 11:20, 4 November 2013 (UTC)

Sexy earlobes might have something to do with Ferengi, but they didn't appeared in TOS. 141.101.99.214's idea is better. -- Hkmaly (talk) 11:42, 4 November 2013 (UTC)

Note that you should not ever use cipher in ECB (electronic codebook) mode, i.e. encrypt each block separately and independently, but use chaining. --JakubNarebski (talk) 12:15, 4 November 2013 (UTC)

Hmm, i'm rather confused about the last few on the list though. Assumedly the password for "he did the mash, he did the" would be "monster mash", but that would leave "purloined" with a password of either "monsterm" or "monster ". which doesn't make much sense. 108.162.240.18 13:47, 4 November 2013 (UTC)

(charlie sheen) a1f9b2b6299e7a2b eadec1e6ab797397 sexy earlobes - He did a 2 and a half men episode on sexy earlobes

(charlie x) a1f9b2b6299e7a2b 617ab0277727ad85 best tos episode - Star Trek has so many good episodes...
(houstontx) 39738b7adb0b8af7 617ab0277727ad85 sugarland - Sugarland is in Houston, TX

I don't know about anyone else, but the "hints" column incidentally reminded me of Darwinian Poetry... Not intentionally, I'm sure. 141.101.98.214 14:46, 4 November 2013 (UTC)

Somehow I've missed out on this issue until this comic alerted me to it, but: once a few passwords are correctly guessed, does that make it straightforward to recover the encryption key, and then be able to decrypt all of them? —scs (talk) 14:50, 4 November 2013 (UTC)

Answering my own question: not really straightforward, no. 3DES is still pretty strong, and what knowing a few passwords gives you is a known-plaintext attack, which helps a little, but is by no means a giveaway. —scs (talk) 15:00, 4 November 2013 (UTC)
Note that if blackhat used this service, he would know at least one plaintext - his own password--JakubNarebski (talk) 15:05, 4 November 2013 (UTC)

Okay, so the first column is the encrypted password, the second one is the hint chosen by user. What do rectangles mean? 173.245.53.151 15:28, 4 November 2013 (UTC)

That are the fields to fill the characters in just as you do in a crossword puzzle. There are small fields at the beginning that take one character each and one large field at the end that takes one to eight characters. STEN (talk) 15:32, 4 November 2013 (UTC)

Water 3 is an egg group: http://bulbapedia.bulbagarden.net/wiki/Water_3_(Egg_Group) . Given the length of the key, it will probably be 9-16 characters. (Crawdaunt, tentacool, and tentacruel are most likely) 199.27.128.139 15:43, 4 November 2013 (UTC)