Our buddy Dan Kaminsky gave an interesting talk at Toorcon. This is just one part where he talks about a novel way to help the user remember SSH keys by converting them to couples names. You can get it in high quality here. 17 minutes long. Thanks to Fabienne for shooting the video.
15 thoughts on “Dan Kaminsky’s Cryptomnemonics”
Leave a Reply
Please be kind and respectful to help make the comments section excellent. (Comment Policy)
I really don’t like these speeches. They are not really hacks. Bring back lazy days.
I relly like those speeches. I installed Wicrawl after the last one, this one is downloading now (to get fullscreen, web-embedded google video has fullscreen ;) )
thanks
I didn’t follow all of it, but I did understand some of it. One of my questions though is, what happened to that last beer?
Actually, I was wondering about that last beer too. Anyone here who can shed some light on what happened to it?
This is just one part of Dan’s talk. I’m sure he gave away the last one later. (Fabienne gave me hers :-) This video also doesn’t have Dan drinking a mixture of Mickey’s and Cinnamon Toast Crunch which was his self-inflicted punishment for tunneling DNS over DNS.
Where do you get the tips for these conferences?
Pretty brilliant reasoning. I think this guy is on to something, I just hope that he is not all theory and not code, otherwise all it is(and-ever-will-be is) a really nice idea. I hope he takes it from concept to prototype. I only wish I lived closer to Nevada so I could have gone.
As with Figgy, I too was wondering where one can find info of where this type of Hacker conventions are taking place as google usually reveals some convention that happend back in the 90s. Any tips, or links would seriously be appreciated, specially for the south region(Tx, Al, Ms, LA, MX, NM). Thanx.
And Crash – While the speaches them selfs are not “Technically” a hack or talking about one, It does fit into the relm of out of the norm technology rearrangement, thus giving it a hack status. Just my opinion. ..X..
well as long as it does not involve some huge-ass shiny blade and some poor sap screaming for mercy and something about collecting his intestines it is technically not a hack…
interesting. still, i feel the urge to kill this wannabe comedian.
Awesome video! Thanks for sharing :-)
I totally agree with him, though I think there could have been better name selection criteria. In particular, we remember people we know much better than those we don’t, so a list of famous people or characters is probably a better source than the census. John and James and Jim and Jason and Joe and Joseph and Jack are to my mind more disparate than uncommon names like Dezzutti and Doornbos.
“Sting and Mary Einstein”
“Dante and Cher Bush”
“Pinocchio and Marge Hitler”
…and so on.
Though I think very few women are known for their first names… I may be wrong.
Actually, there are three directions to go in in terms of name selection:
1) Generic — hard, because there’s not enough generic names to go around
2) Famous — an idea I hadn’t thought of, but yes, pinocchio and marge hitler is pretty funny. Somehow I suspect it might lead to collisions though (hitler is a stronger signal than marge)
3) Constructed — “ponno and jib quona” or some other ridiculous combination of name-y words.
I may try all three.
There is code. Mail if ya want it.
So, if you need special software to either show a face or convert it to a set of names anyway, you could as well encrypt the fingerprint with some user entered key and it will be more difficult to fake the fingerprint if you do not know that key.
Can I have that 4th beer please?
Oh. perhaps they are already doing that with the client fingerprint. so nevermind that idea
Take nothing but ancestors, leave nothing but records.