Security

XKCD is an online comic about math, science, and nerd issues in general, that, this previous monday, made an interesting commentary on security in general.

In the strip, he compares what most cryptology fans assume would happen with strong encryption, that their secrets are safe because it is mathematically difficult to retrieve the information, verses the actual ugly truth.

Anyone willing to spend a million dollars to decode the contents of your hard drive by force is also willing to savagely beat you with a rubber hose, (or in Mr. Monroe's strip, a $5 wrench) until you reveal the password needed to access the information. For you see, all security has some point of failure. By installing this extensive cryptography system, the point of failure has been moved from the seizing of the hard drive, to the unfortunate sensitive flesh of the owner.

Let us say that I have an irrational (or even justified) fear of home invasion, so I spend a million dollars hardening my door. My front door is now able to endure blasts of dynamite without structural damage, is essentially impossible to pick, and repels abrupt force. Let us also say that you wish to break in and steal something of mine. Maybe my stereo happens to be more awesome than yours and you want it. Maybe I have state secrets that you wish to give to a rival state. Maybe you want to arrest me because I've committed a crime. It doesn't matter why you want in, how will you do it?

Probably, you'll either bust down a side or back door, or break one of my windows and hop through it. I didn't think to reinforce those, so you make it in easily. And then my awesome stereo / state secrets / stack of money / body/ whatever it is that you wanted is yours to grab.

Perhaps you think that it is pessimistic to assert that perfect security is impossible. It doesn't need to be, though. I don't need to make my front door impossible to pick if my neighbors tend to call the police if they see someone strange fiddling at my door for more than five minutes. The safe I keep my money in need only hold off any safe cracker until I can show up with a weapon to threaten him for trying to steal from me. And if I ever need a bulletproof car, it need not resist an infinite barrage, merely keep me un-shot enough to get to the airport and get the hell out of that city.

Security is about making your point of failure impractical, not impossible. A burglar will prefer to rob that other house up the street, the one that the door never closes properly and the neighbors all hate him for blaring music at 4am. Don't be that guy and your things are reasonably safe.