passwords! (p2)

brian carroll electromagnetize at
Wed Nov 13 11:42:33 PST 2013

Alexey Zakhlestin wrote:

||  in other words; the password would not be:
||     [mordify][sunflower-icon][fort%20lauderdale][3.124]

> the problem is, that in your scenario entropy would still be limited to
> this string. everything else is a reproducible computation.

the concept of entropy as if a metaphysical device has me confused in
most cases. given that i do not have requisite skills or understanding
of technical implementations, there is a tremendous gap between how
such processes actually function as structures, what the exact device
interactions are. and thus my naive observations occur in a realm of
mostly unanswered questions and basic assumptions though it seems also
that what is known by others resolves what are probably fundamental
misunderstandings on my part, due to not knowing how these things
actually work. though in questioning without knowing, perhaps
scenarios can be retested and solidified in their correctness and
robustness, though for me it remains opaque and little understood and
beyond my capacity in most all crypto descriptions.

my relation with 'entropy' as a concept was from reading and thinking
about cybernetics (N.Weiner) and also understanding it as a concept in
nature. Guy Murchie, author of excellent books that conceptualize
nature, was one of these contexts for basic awareness and a sense of
understanding that appears to lose relevance in a crypto context and
becomes perhaps more mysterious than it actually is.

The Seven Mysteries of Life: An Exploration in Science & Philosophy
By Guy Murchie

Google book quotes on entropy and concept of 'negentropy' (pp.444)

// here is another enigmatic quote found perhaps of relevance...

     "What's in a name? In the case of Shannon's measure the naming
was not accidental. In 1961 one of us (Tribus) asked Shannon what he
had thought about when he had finally confirmed his famous measure.
Shannon replied: "My greatest concern was what to call it. I thought
of calling it 'information,' but the word was overly used, so I
decided to call it 'uncertainty.' When I discussed it with John von
Neumann, he had a better idea. Von Neumann told me, 'You should call
it entropy, for two reasons. In the first place your uncertainty
function has been used in statistical mechanics under that name, so it
already has a name. In the second place, and more important, no one
knows what entropy really is, so in a debate you will always have the
advantage.' "

-- M. Tribus and E. C. McIrvine, Energy and Information,
Sci. Am., 225, 3, 179-188, September, 1971.

i have some understanding of the concept of systems and of equilibrium
between them, given their dynamic connected or disconnected relations.
that there is influence (as in the thermodynamic model) where one
system effects another, or both eachother perhaps, within particular
dimensions or constraints. maybe this even goes into the
observer-observation scenario, such that any interaction is a
potential influence, though perhaps this goes both-ways, not just
one-way, in terms of "information".

it seems important how "information" is conceptualized likewise, if it
is outside of the matter/energy model or mapped onto/into it,
especially given a mathematical and computational context. what if,
for instance, this magic word entropy was functioning on another
'analog' level of informational processing, such that equations broken
down into bits instead could be worked out as an energy flow, and
thereby crunching numbers was instead occurring in another domain
(say, in mathematics involving 'zero' that models the world
differently), and in this way calculations that appear highly complex
could instead be trivial if worked out as an energetic relation. not
to propose this is what is occurring, yet in its *magic* the entropic
value seems to conjure such calcubility as a threshold condition, that
defines what can be believed legitimately secure, information-wise,
versus insecure by known limits that are exploitable.

what these limits are or how this functions is beyond me, yet entropy
is the magic concept that appears to allow all sorts of calculation to
occur in the realm of 'feasible attacks' against 'known weaknesses'
due to information that can be computed, or leaves loose strings that
will allow its security to be unraveled.

what this is, why and howso, as mentioned is unknown to me, and it
sounds like many others who are also not aware of or initiated into
the mysterious of crypto as a technical computational enterprise, yet
i still wonder to what extent assumptions are involved that could go
unchecked and perhaps need to be requestioned, considered again or
allow open questioning of what could become dogma otherwise, and a
basis for false security or false views or inaccurate concepts,
structuralized. believed secure or the basis for security yet not
thoroughly evaluated in the terms it exists.

such as, what if the model for "information" in its relation to energy
and matter. this has everything to do with a concept like entropy- so
what if the standard view on this. is information detached from
physical reality, is it separated from electrons that 'represent' it
when encoded in binary or carry the forms of encryption as a signal
layer. how might the entanglement of information with physical, energy
bits in some way change the ~metaphysics of crypto, such that perhaps
brute-force calculations by massively parallel supercomputers may not
be required if entropy were calculated otherwise, as energy flows or
could be evaluated say by thermal imaging or other techniques or
approaches, beyond parsing bits and guessing at equations and
mathematical structures.

in other words: what if the cosmology and cosmography that is the
foundation for cryptographic beliefs, and how does the structure and
story of the world relate to the concept of entropy.

for instance, if the view of crypto has developed in a
non-electromagnetic understanding and the basis for evaluation of
equations and encryption - in terms of entropy - references
thermodynamics yet does not include 'the electromagnetic component' of
"information", computer processing (electrons, photons, charge), and
other variables, then perhaps the use of entropy is a distortion or
malmodeling of events, or an EXPLOIT itself, due to inaccuracies or
false views or relations establishing a gap between what exists and
how it is mediated by observers, those involved in creating and
breaking crypto, etc.

so if there is a non-electromagnetic view of information as the
/context/ for crypto, a view of [entropy] can be limited or bounded to
a false threshold or misleading parameters, while other effects could
exist and be exploited by other 'non-documented' physics, in
particular as information relates to energy, and how mathematics could
be interacted with in other forms, such as energy flows versus in
terms of signage and numbers. and algorithm or encryption equation
perhaps breakable in other patterning, potentially, if knowing the
secrets that could remain hidden as part of its mystery or esoteric

so what if cryptography involves an 'energy calculation' in place of
an 'information calculation', and this could occur at the level of
material stuff or within the nature of electronics, prior to or
underneath the encoding scheme, and divulge patterns or structures
likewise via these other technical means.

perhaps corollary to neuroscience trying to reverse-engineer
consciousness via 'reading the brain', and that a gap could exist
between what patterns are accessible and how they are interpreted, in
what frameworks, etc. such that the potential for phrenology is high
at the outset, though could be reduced through successive attempts and
investigations, building up a model and more accurate description yet
this could still remain bounded, held within a particular set of
parameters, distant from what is sought.

contrary to this, from the outside-in approach, an inside-out version,
knowing materiality and energetic patterns prior to its encoding could
potentially help unravel a simple constructed system, even if knotted
and bunched and folded together by various equations, wherein an
energy analysis within this condition could unknot, unbunch, unfold
the various sequences in terms of their entangled arrangement, perhaps
moving from an artificial decoherence back into a natural coherence,
prior to encoding, as energy flows.

(consider the maypole as a model for computation, where any
interleaving patterns of equation could be unwoven by, say,
entanglement with hierarchical structuring of fundamental forces
beyond the electron, as this relates to information encoding and thus
organization/disorganization and entropy, whereby it is through an
energy state that such unraveling could occur versus by manipulating
unknowns of signage)

while perhaps impossible to imagine in the framework of MIPs and bytes
- as information - in terms of electrons as carries and an
infrastructural conduit with its own nature, prior to encoding with
signal, it is not unimaginable or inconceivable that 'energy as the
foundation for this secondary layer of information' would also map
into an expanded, electromagnetic context for entropy, as systems
interrelate, intermix.

is it likely? i have no idea. does it reference in some way the
mysteriousness of entropy as a magic word? to me, yes. thus fools like
myself must wonder what kind of sorcery is involved in the secretive
toolkits used, especially in a realm of quantum information, where
entanglement could proceed any secondary flows of information, within
its structure and context if so devised, yet remain unaccounted for,
especially in terms of a mainstream view, which could be
misinformation about the true nature in which this equipment and ideas
of cryptography operate. thus basic communication could be delusional
if trying to reason within a false or inaccurate rationalization,
structural distortion presented as if fact, leading to nonsense, or
further obfuscation by discussions outside the protected (insider)

this much is understood and understandable. yet then what is the
purpose of language or attempting to communicate about such things
unless entropy itself is involved between inside/outside systems that
require relation, yet must remain protected to have functional
security. a portal or wormhole or whatever then potentially being
constructed across or between worldviews, channeled through strange
parameters that may remain unknown to the uninitiated and yet active,
to some extent determining and requiring a particular process be
observed to influence or limit known calculability or computation,
inside a given threshold, that functions as protection or shield
against chaos if not revealed hidden ordering, openings that could
lead to exploits, given the conditions that exist as context for
information, matter, energy that may not be summed up or solved just
as a linear string in terms of its evaluation and instead something
else, 'other' that remains undocumented or unaccounted for in the
realm beyond, a wilderness territory.

     [machine 1]   <===>   [machine 2]

this is a model of a password scenario as i imagine it. 'machine 1'
would be a user and 'machine 2' would be the machine accessed, that
receives a password.  my assumption is that 'entropy' when referenced
in terms of information could instead relate to any 'machine 1' that
could interact with 'machine 2' to interrogate its structure...

     [machine N]   <===>   [machine 2]

what seems to be an issue is that the password-verifying machine (2)
could be overwhelmed by another machine that mimics 'machine 1',
though sends millions or trillions of passwords, over a period of

not being a programmer, hacker, cryptographer or otherwise, it is not
understood how this situation is the default scenario, having such
access granted, unless an exploit has already occurred or a security
barrier has already been defeated, thus providing such unimpeded
access. why is this the assumption, to have such access, in other
words. why would 'machine 2' allow a false user to run endless
password attempts and provide the processing power to do this. would
it not make more sense to put the parsing of the 'machine 2' password
on a limited or highly-constrained processing venue, such that
password computation is happening in a few transistors at most, for
the pattern match, than of peak processing. that is, why not use an
integrated circuit or dumbed-down circuit for that gateway than allow
massive resources for its evaluation, that can be exploited by an
attacker. hell, why not use a few transistors arranged into logic
gates that fail or blow fuses as a physical security measure, even.

in terms of ~equilibrium it would appear to correspond to patterning
within both machines, as to whether the pattern in 'machine 2' can be
correctly matched by the user machine (1) or its mimic, 'machine N'
which could generate this pattern via guesswork and sleuthing.

     [machine N]  patterns   <===>   patterns  [machine 2]

and perhaps it is a numbers game, if there are 10 trillion patterns
accessible to the false or deceptive user in 'machine N' that are run
against the less ~complex structuring of 'machine 2' holding secrets,
then perhaps via some mysterious law of averages (if entropy)
eventually equilibrium will flip the odds in favor of the attack (N)
revealing the hidden order, the structure of the password, given

though this would depend on what the parameters of the password are.
'length' of a highly constrained character set could lead to 512 bits
(naive variable) that retains a simple patterning, easy to compute or
calculate in these terms, say especially if it is binary or bounded
and these boundaries are known. whereas 10 bits of unknown boundaries
may remain unsolvable, though given enough time, could potentially be
resolved (the 'age of universe' conceit, etc).

     [machine N]  patterns   == (time) ==>   patterns  [machine 2]

so in some approximated sense, modeling of a brute force attack on a
machine for cracking passwords appears to the initiated and unknowing,
such as myself, to involve: a) access to make the attack, b) more
patterns or complexity than the machine attacked, c) time to match the

and that this in some way relates to 'entropy' yet in the above
scenario, notice the one-wayness of the situation, as if 'machine 2'
is only dumb and allows this attack to occur within its unprotected
boundary versus, say, reducing computational resources to not allow
high-volume processing for password input, or likewise, reverses the
entropy situation and gains 'information' from the attacker by
providing a spoof or false-positive password to reroute the attack
into a sandbox and a false-interior-perspective that can become a
countermeasure for getting inside the attacking machine via this
'information balancing'...

     [machine N]  <===  [machine 2]         such that:

     (machine N (machine 2))  <===>  (machine 2 (machine N))

in this scenario the real attack could be 'machine 2' that via a fake
pattern match, draws in the attacker yet this allows the machine to
gain internal access within that framework, and to become part of its
information ecosystem, while what is perceived or related to could be
false data: here, machine 2 prime or 2', that then is the actual
exploit, via a form of reverse-engineering or counterattack...

     (machine N (machine 2))  <===>  (machine 2' (machine N))

in other words, the actual 'machine 2' could gain surveillance
capabilities over the attacking machine via allowing or making such
equalization across boundaries easy instead of difficult, and thus
establish an accurate information relation between machines N and 2,
which could be exploited or used for attacks, while the attacking
machine may gain access yet its relation could be a false perspective,
inaccurate or a distortion, between machine 2' and itself, which
exposes it to exploitation beyond what it grant, and potentially
involving N-more patterns to interact with, or bury itself within, the
attacking machine perhaps insecure likewise, and yet not aware of its
vulnerabilities even given 'known' safeguards or disconnection from
fingerprinting or whatnot. there could still be mystery involved, and
the hashtables could be turned and yet it would not appear or be able
to be evaluated this way, especially if beyond the boundary, or
specific threshold, or given parameters that structure and provide the
framework for these relations. something else could always be
occurring and likely is, given the larger cosmic context for

in this way entropy as a security issue may exist within certain
parameters while functioning in others that may be unaccounted for.
say, allowing a system to be easily hacked to map or track the
attackers, though also, allowing encryption scenarios to exist and
appear secure in one context, yet within another they are insecure by
design of different physics or information modeling. i.e. what appears
closed may instead be open and vice-versa and thus back into auditing
and accounting of the models involved, used to conceptualize the most
basic relations, interactions, assumptions, ultimately: beliefs,

how can any concept as a concept, such as [entropy], exist and not be
empirically evaluated yet viewed in absolute terms as to its meaning,
especially in a relativistic multiple, parallel interpretation where
the 'information value' does not itself have coherence, situation to
situation, context 1a to context b3000. perhaps it is a problem and
function of language, than of cryptography as a concept and idea, its

in other words, biased computation and biased calculation could exist
that presupposes or seeks to determine what this 'truth' of
cryptography is, yet itself may not be accurate as an empirical
perspective and instead may involve misinformation, warped or skewed
beliefs that are the basis for exploits and attacks, due to the
variances or gaps or incongruities introduced, involved, or relied
upon as structure that is actually weakened or false by these
unaccountable aspects, left ambiguous, necessarily so.

it gets to the idea of corruption of perception and action based upon
inaccurate modeling of existence, and how false views can be in
service to another agenda, at another layer or in another level.

what if the NSA and its prominence with code-breaking was actually
reliant on a cheat-sheet approach where the parameters must be rigged
for the calculations and computations to take place efficiently, and
thus "security" is reliant upon the corruption of technology, rather
than the robustness of codebreakers and high-creativity of
mathematicians to challenge those constraints, which instead become
normalized into a standardized approach, where previous approaches are
incrementally extended as a deterministic rationalization of what
cryptography is, and in this way codebreaking and making ability is
dumbed-down such that encryption is designed which can be broken,
within particular technological parameters and this extends into
mathematics and computerized solutions geared towards a particular
limited approach that allows this constrained ecosystem to function-
versus challenging its parameters, forcing it to grow or even
defeating its equipment.

what if the NSA is corrupted from the inside out, what if it was made
'too easy' or a false perspective was established within the
organization, and what exists is an NSA', and that is the context for
crypto development and state' security and mass surveillance, and that
is part of the ongoing campaign of deception, that events are
occurring within a limited set of parameters when actually functioning
outside and beyond these constraints, though "information" occurring
in that domain itself appears unreal, as if of the wrong physics or
detached from recognizable truth or whatever. thus, the threshold
limit in this way can establish patterning (N) that is beyond the
computability of what is within a protected boundary and this is
established also within technology, within code, language,
communication, consciousness, ideas and concepts themselves as
interpreted and most importantly - grounded, though which appear to
those without the circuitry, to be ungrounded, unreal, without value
or truth, only distortion, lies, errors, ignorance, and so on. in this
way, the true nature of crypto may not be revealed for the unititiated
yet believed known and realized within tangible tools and techniques
that map into a given world view, belief system, and shared
perspective-- essentially representing, standing-in for the 'sign of
security' even, while this could be ungrounded, insecure, in
dimensions that are beyond perception, belief, knowing.

and is this not a issue of entropy also, as people exist and interact
in differing systems, the opening of minds to information itself that
may compromise their own circuitry, its patterning, if dealing with
higher ordering when instead viewed as lower, and that this is the
basis for exploits and take-downs occurring also within a realm of
metaphysical encryption, as ideas and concepts and people exist in
pseudo and actual truth. perhaps the context is not inclusive enough
to account for these real-world scenarios (even to extend into virtual
and AI environments, circuitry of a continuum spanning the entirety of
programming) here and there, in that what exists as it exists may be
bounded in interpretation even while interrelations default to such
scenarios, and as informational-energy flows, provide openings for
pattern evaluation. in this way, the very interaction is the entropic
exchange, truth inherent at every level, beyond particular
interpretations, and again the claim that truth is the ultimate
security, natural, artificial, and virtual. (this as it corresponds
with empirical truth not just ungrounded belief, ergo, which tends
towards mimicry)

☏ <---> ☎

More information about the cypherpunks mailing list