sen-material: comparison slides/slides01.tex

equal deleted inserted replaced

-:b37223b88ebd
+:8f2c3329c9b8
 \begin{center}
 \includegraphics[scale=0.6]{pics/cryptographic-small.png}
 \end{center}
-The NSA can probably not brute force magically better than the ``public''.
+The NSA can probably not brute-force magically better than the ``public''.
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\normalsize\color{darkgray}
 \begin{minipage}{10cm}\raggedright\small
-``Security engineers --- at least the good ones --- see the world dif$\!$ferently.
+``Security engineers --- at least the good ones --- see the world differently.
 They can't walk into a store without noticing how they might shoplift. They can't
 use a computer without wondering about the security vulnerabilities. They can't
 vote without trying to figure out how to vote twice. They just can't help it.''\\
 \hfill{}---Bruce Schneier
 \end{minipage}};
 \begin{minipage}{10cm}\raggedright\small
 Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip
 \noindent
 \begin{tabular}{@ {}l}
-Write the first 100 digits of pi:\\
+Write the first 100 digits of $\pi$:\\
 3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_
 \end{tabular}
 \end{minipage}};
 \end{tikzpicture}
 \end{center}
-How do you ``break'' this and how to defend against it?
+How can you cheat in this exam and how can you defend against such cheating?
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{textblock}{1}(1,4)
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\normalsize\color{darkgray}
 \begin{minipage}{11cm}\raggedright\footnotesize
-``The Annonymous Hacker from earlier:\medskip\\
+The Annonymous Hacker from earlier:\medskip\\
-Try to use `Verified-By-Visa' and `Mastercard-Securecode' as rarely as possible. If only your CVV2 code is getting sniffed, you are not liable for any damage, because the code is physically printed and could have been stolen while you payed with your card at a store. Same applies if someone cloned your CC reading the magnetic stripe or sniffing RFID. Only losing your VBV or MCSC password can cause serious trouble.''\\
+``Try to use `Verified-By-Visa' and `Mastercard-Securecode' as rarely as possible. If only your CVV2 code is getting sniffed, you are not liable for any damage, because the code is physically printed and could have been stolen while you payed with your card at a store. Same applies if someone cloned your CC reading the magnetic stripe or sniffing RFID. Only losing your VBV or MCSC password can cause serious trouble.''\\
 \hfill{}\textcolor{blue}{\url{goo.gl/UWluh0}}
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
 \begin{itemize}
 \item SHA-1 is a cryptographic hash function\\
 (MD5, SHA-256, SHA-512, \ldots)
 \item message $\rightarrow$ digest
-\item attack exists $2^{80} \rightarrow 2^{61}$ \bigskip\pause
+\item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause
-\item but dictionary attacks are very ef$\!$fective for extracting passwords (later)
+\item but dictionary attacks are much more effective for extracting passwords (later)
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}
+\frametitle{This Course is about  Satan's Computer}
-\begin{itemize}
-\item Never store passwords in plain text.\medskip
-\item Always salt your hashes!\medskip
-\item Use an existing algorithm; do not write your own!
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Security Mindset\end{tabular}}
-\begin{itemize}
-\item How things can go wrong?
-\item Think outside the box.
-\end{itemize}\bigskip
-The difference between being criminal is to only \alert{\bf think} about how things can go
-wrong, or be very careful with attacks.
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Satan's Computer}
 Ross Anderson and Roger Needham wrote:\bigskip
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 \end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}
+\begin{itemize}
+\item Never store passwords in plain text.\medskip
+\item Always salt your hashes!\medskip
+\item Use an existing crypto algorithm; do not write your own!\medskip
+\item Make the party responsible for losses, who is in the position to improve things.
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}
 %%% Local Variables:

changeset 102	8f2c3329c9b8
parent 101	b37223b88ebd
child 104	729b86eae005