Dan Kaminsky’s Cryptomnemonics

Our buddy Dan Kaminsky gave an interesting talk at Toorcon. This is just one part where he talks about a novel way to help the user remember SSH keys by converting them to couples names. You can get it in high quality here. 17 minutes long. Thanks to Fabienne for shooting the video.


  1. Crash says:

    I really don’t like these speeches. They are not really hacks. Bring back lazy days.

  2. Tech^CF says:

    I relly like those speeches. I installed Wicrawl after the last one, this one is downloading now (to get fullscreen, web-embedded google video has fullscreen ;) )


  3. Figgy says:

    I didn’t follow all of it, but I did understand some of it. One of my questions though is, what happened to that last beer?

  4. Arochone says:

    Actually, I was wondering about that last beer too. Anyone here who can shed some light on what happened to it?

  5. This is just one part of Dan’s talk. I’m sure he gave away the last one later. (Fabienne gave me hers :-) This video also doesn’t have Dan drinking a mixture of Mickey’s and Cinnamon Toast Crunch which was his self-inflicted punishment for tunneling DNS over DNS.

  6. Figgy says:

    Where do you get the tips for these conferences?

  7. Xone God says:

    Pretty brilliant reasoning. I think this guy is on to something, I just hope that he is not all theory and not code, otherwise all it is(and-ever-will-be is) a really nice idea. I hope he takes it from concept to prototype. I only wish I lived closer to Nevada so I could have gone.

    As with Figgy, I too was wondering where one can find info of where this type of Hacker conventions are taking place as google usually reveals some convention that happend back in the 90s. Any tips, or links would seriously be appreciated, specially for the south region(Tx, Al, Ms, LA, MX, NM). Thanx.

    And Crash – While the speaches them selfs are not “Technically” a hack or talking about one, It does fit into the relm of out of the norm technology rearrangement, thus giving it a hack status. Just my opinion. ..X..

  8. Jake says:

    well as long as it does not involve some huge-ass shiny blade and some poor sap screaming for mercy and something about collecting his intestines it is technically not a hack…

  9. steve (the good one) says:

    interesting. still, i feel the urge to kill this wannabe comedian.

  10. johan says:

    Awesome video! Thanks for sharing :-)

  11. Dewi Morgan says:

    I totally agree with him, though I think there could have been better name selection criteria. In particular, we remember people we know much better than those we don’t, so a list of famous people or characters is probably a better source than the census. John and James and Jim and Jason and Joe and Joseph and Jack are to my mind more disparate than uncommon names like Dezzutti and Doornbos.

    “Sting and Mary Einstein”
    “Dante and Cher Bush”
    “Pinocchio and Marge Hitler”
    …and so on.

    Though I think very few women are known for their first names… I may be wrong.

  12. Dan Kaminsky says:

    Actually, there are three directions to go in in terms of name selection:

    1) Generic — hard, because there’s not enough generic names to go around
    2) Famous — an idea I hadn’t thought of, but yes, pinocchio and marge hitler is pretty funny. Somehow I suspect it might lead to collisions though (hitler is a stronger signal than marge)
    3) Constructed — “ponno and jib quona” or some other ridiculous combination of name-y words.

    I may try all three.

    There is code. Mail if ya want it.

  13. DarkFader says:

    So, if you need special software to either show a face or convert it to a set of names anyway, you could as well encrypt the fingerprint with some user entered key and it will be more difficult to fake the fingerprint if you do not know that key.
    Can I have that 4th beer please?

  14. DarkFader says:

    Oh. perhaps they are already doing that with the client fingerprint. so nevermind that idea

  15. Rueben says:

    Take nothing but ancestors, leave nothing but records.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,369 other followers