Wednesday, 24 February 2016

How did Kang get the last Cerberus code?

I'm more inclined to believe that Cereberus required all three codes to authenticate and that Kang getting the last code was just a plot hole. If I recall correctly, one of the men in the conference room said it would take at least three days for all three codes to be cracked - obviously assuming a brute force attack. My memory is not too clear, but I think each code had 7 characters. This means 36^7 ~ 7.8x10^10 candidates, assuming all possible combinations of the (uppercase) Latin alphabet and the numbers 0-9 were possible. Assuming only permutations were possible, we'd still have 36!/29! ~ 4.2x10^10. Taking out codes consisting only of a string of a single character (e.g., AAAAAAA, BBBBBBB...), (36!/29!)-36 = negligible decrease = still a shitload of candidate codes to try. Unless the attack lucked out and generated the correct code within ~12 hours (give or take), making the above, assumption, it's unlikely that the system only required 2 codes - let alone 2 codes excluding the presidents. But hold on. We're talking about an extremely powerful government security system here that has the potential to leave the United States vulnerable to nuclear attacks. Why the hell would it be possible to brute force the system? Even moderately secure authentication systems limit the number of failed authentication attempts possible within a given time frame. Why would the American government make it possible to brute force their system? They wouldn't. Well, then maybe they were brute forcing the file containing the encrypted passwords? Maybe the encryption algorithm used to encrypt the passwords before storage was leaked to the Koreans? Maybe, m-maybe... maybe GOD gave them the passwords!



I just don't see the US government designing an security system with such major vulnerabilities. Just as a precaution, I'd design the encryption code so that all three codes are combined, encrypted, and verified together, thereby increasing the number of possible codes (possible codes = k^n, where k = number of characters to choose from, n = number of characters in the code).



It was a tense movie. That's all it was good for. The technical aspects of it were merely vehicles by which the writers carried the story. The only good things about this movie were the fact that it made me think about encryption, and seeing Gerard Butler's character follow through on his promise to stick his knife in Kang's face.



Adios.

No comments:

Post a Comment