1 00:00:00,000 --> 00:00:00,030 2 00:00:00,030 --> 00:00:01,696 DAVID J. MALAN: All right, welcome back. 3 00:00:01,696 --> 00:00:04,470 This is day two of two, Computer Science for Business Leaders. 4 00:00:04,470 --> 00:00:06,320 So a little pop quiz perhaps. 5 00:00:06,320 --> 00:00:07,780 What did we do yesterday? 6 00:00:07,780 --> 00:00:09,360 So the answer is on the board. 7 00:00:09,360 --> 00:00:10,620 The goal is to explain. 8 00:00:10,620 --> 00:00:14,630 So what was computational thinking all about? 9 00:00:14,630 --> 00:00:16,696 Whoever makes eye contact first. 10 00:00:16,696 --> 00:00:17,879 AUDIENCE: Input, output. 11 00:00:17,879 --> 00:00:18,920 DAVID J. MALAN: OK, good. 12 00:00:18,920 --> 00:00:21,750 So inputs into algorithms gives us outputs, 13 00:00:21,750 --> 00:00:25,060 and it's a way of framing your thought processes and problem solving 14 00:00:25,060 --> 00:00:27,430 techniques more methodically and generally 15 00:00:27,430 --> 00:00:31,090 bringing to bear to problems ideas that have been inspired by and embraced 16 00:00:31,090 --> 00:00:32,180 by computer science. 17 00:00:32,180 --> 00:00:34,580 And we looked at some mechanical examples 18 00:00:34,580 --> 00:00:38,730 like drawing pictures to reinforce the precision with which instructions 19 00:00:38,730 --> 00:00:42,530 are necessary, as well as to actually solve problems like a phone book 20 00:00:42,530 --> 00:00:44,000 more generally. 21 00:00:44,000 --> 00:00:45,210 Internet technology. 22 00:00:45,210 --> 00:00:49,060 So this was a loaded discussion with a whole alphabet soup of topics. 23 00:00:49,060 --> 00:00:54,792 But any questions or confusions that remain from those various acronyms 24 00:00:54,792 --> 00:00:55,500 and technologies? 25 00:00:55,500 --> 00:00:59,832 26 00:00:59,832 --> 00:01:04,845 If no, it sounds like I could ask a question like, what does GHCP do 27 00:01:04,845 --> 00:01:08,180 and everyone should have an answer. 28 00:01:08,180 --> 00:01:10,060 AUDIENCE: It configures Macs and PCs. 29 00:01:10,060 --> 00:01:12,550 DAVID J. MALAN: It configures Macs and PCs to do what? 30 00:01:12,550 --> 00:01:14,095 AUDIENCE: [INAUDIBLE] 31 00:01:14,095 --> 00:01:14,970 DAVID J. MALAN: Yeah. 32 00:01:14,970 --> 00:01:18,320 So to get the DNS server IP addresses as well as their own IP 33 00:01:18,320 --> 00:01:21,510 address, their so-called subnet mask-- which we didn't talk too much about-- 34 00:01:21,510 --> 00:01:23,300 as well as their own default router. 35 00:01:23,300 --> 00:01:26,460 And then that was intermingled with any number of other technologies, 36 00:01:26,460 --> 00:01:28,520 but there too there was this theme of layering. 37 00:01:28,520 --> 00:01:34,130 So HTTP and HDPS we claimed were built, like, on top of the Internet. 38 00:01:34,130 --> 00:01:37,080 These are applications or services, so to speak, 39 00:01:37,080 --> 00:01:41,250 that we know more casually as the web or the formerly the world wide web, 40 00:01:41,250 --> 00:01:43,000 though no one really says that anymore. 41 00:01:43,000 --> 00:01:47,930 And so what do HTTP and HDPS actually do? 42 00:01:47,930 --> 00:01:50,040 You were to define them, what is it? 43 00:01:50,040 --> 00:01:53,810 What is HTTP, the protocol? 44 00:01:53,810 --> 00:01:54,310 Katy? 45 00:01:54,310 --> 00:01:59,820 46 00:01:59,820 --> 00:02:03,935 AUDIENCE: It's protocol that knows to go to that IP address. 47 00:02:03,935 --> 00:02:06,810 DAVID J. MALAN: OK, the protocol that knows to go to that IP address. 48 00:02:06,810 --> 00:02:09,949 Technically not quite insofar as HTTP actually 49 00:02:09,949 --> 00:02:13,370 doesn't know anything about the destination IP address. 50 00:02:13,370 --> 00:02:14,770 That's the lower level. 51 00:02:14,770 --> 00:02:19,620 So the operating system and the browser know, but not necessarily HTTP itself. 52 00:02:19,620 --> 00:02:24,570 What was the extent of the message that we had to send in accordance with HTTP? 53 00:02:24,570 --> 00:02:25,070 Yeah? 54 00:02:25,070 --> 00:02:25,945 AUDIENCE: [INAUDIBLE] 55 00:02:25,945 --> 00:02:29,350 56 00:02:29,350 --> 00:02:30,350 DAVID J. MALAN: Exactly. 57 00:02:30,350 --> 00:02:32,720 We sent a message And just really a one, maybe 58 00:02:32,720 --> 00:02:36,060 a two-line message that just said get slash where slash means give me 59 00:02:36,060 --> 00:02:39,200 the default page from some website. 60 00:02:39,200 --> 00:02:41,621 And then HTTP slash 1.1, which is just the version number. 61 00:02:41,621 --> 00:02:43,870 And then I also typed in the host to remind the server 62 00:02:43,870 --> 00:02:46,800 what host name we wanted, not IP per se, and that 63 00:02:46,800 --> 00:02:49,060 was enough to get the server to send me a cat 64 00:02:49,060 --> 00:02:51,655 or to send me Google search results or the like. 65 00:02:51,655 --> 00:02:53,780 All right, we then transitioned to cloud computing. 66 00:02:53,780 --> 00:02:56,490 So now you all had probably heard about cloud computing 67 00:02:56,490 --> 00:02:58,950 before yesterday, but now going back home 68 00:02:58,950 --> 00:03:02,190 or to work you can perhaps explain it a little better to someone. 69 00:03:02,190 --> 00:03:05,350 So if someone asks you tomorrow back at home or work, oh, 70 00:03:05,350 --> 00:03:09,816 what is cloud computing by the way, what is your well-formulated answer to that 71 00:03:09,816 --> 00:03:10,316 now? 72 00:03:10,316 --> 00:03:14,439 73 00:03:14,439 --> 00:03:15,605 Everyone's very preoccupied. 74 00:03:15,605 --> 00:03:18,150 75 00:03:18,150 --> 00:03:19,600 What is cloud computing? 76 00:03:19,600 --> 00:03:20,350 What is the cloud? 77 00:03:20,350 --> 00:03:23,975 78 00:03:23,975 --> 00:03:24,850 AUDIENCE: [INAUDIBLE] 79 00:03:24,850 --> 00:03:36,959 80 00:03:36,959 --> 00:03:37,750 DAVID J. MALAN: OK. 81 00:03:37,750 --> 00:03:38,625 AUDIENCE: [INAUDIBLE] 82 00:03:38,625 --> 00:03:41,710 83 00:03:41,710 --> 00:03:42,511 DAVID J. MALAN: OK. 84 00:03:42,511 --> 00:03:44,639 AUDIENCE: [INAUDIBLE] 85 00:03:44,639 --> 00:03:45,430 DAVID J. MALAN: OK. 86 00:03:45,430 --> 00:03:46,305 AUDIENCE: [INAUDIBLE] 87 00:03:46,305 --> 00:03:49,150 88 00:03:49,150 --> 00:03:50,290 DAVID J. MALAN: OK. 89 00:03:50,290 --> 00:03:54,450 Cons might be complexity, reliance on third parties 90 00:03:54,450 --> 00:03:57,290 to keep your own website or workflows alive. 91 00:03:57,290 --> 00:04:00,910 And you described it as a framework, and that's-- I think that works. 92 00:04:00,910 --> 00:04:04,470 I would be careful not to define it too precisely as a framework insofar 93 00:04:04,470 --> 00:04:06,830 as it's really just a collection of technologies, 94 00:04:06,830 --> 00:04:09,000 a collection of Internet-based technologies 95 00:04:09,000 --> 00:04:11,710 that people are leveraging to store their data, 96 00:04:11,710 --> 00:04:15,189 to do their computation, and any number of other processes. 97 00:04:15,189 --> 00:04:17,730 And if you had a moment last night to read the New York Times 98 00:04:17,730 --> 00:04:21,519 article, for instance, that was a wonderful use-- years ago now-- of how 99 00:04:21,519 --> 00:04:23,950 you might spin up, so to speak, turn on a whole bunch 100 00:04:23,950 --> 00:04:25,980 of servers or virtual machines all at once, 101 00:04:25,980 --> 00:04:28,410 do some interesting computation like generating PDFs, 102 00:04:28,410 --> 00:04:29,560 and just turn them off. 103 00:04:29,560 --> 00:04:32,190 And so for just a few dollars or a few hundred dollars later, 104 00:04:32,190 --> 00:04:34,460 you've converted millions of articles, in that case, 105 00:04:34,460 --> 00:04:38,360 to PDF without having to invest a single dollar in your own physical hardware, 106 00:04:38,360 --> 00:04:41,250 let alone the configuration and installation of all of that. 107 00:04:41,250 --> 00:04:45,740 We talk more generally about some silly acronyms like IAAS and PAAS, 108 00:04:45,740 --> 00:04:49,017 which generally refer to infrastructure as a service. 109 00:04:49,017 --> 00:04:51,600 Something like Amazon, which we described as pretty low level. 110 00:04:51,600 --> 00:04:54,141 You have to know a little something about your load balancers 111 00:04:54,141 --> 00:04:57,320 and where you're storing the data and where your servers are living, 112 00:04:57,320 --> 00:04:59,685 and that's all fine and good but it's fairly low level. 113 00:04:59,685 --> 00:05:02,810 And we then transitioned more to platform as a service 114 00:05:02,810 --> 00:05:05,240 as a topic, which was something like Heroku. 115 00:05:05,240 --> 00:05:07,380 Amazon has something called Elastic Beanstalk, 116 00:05:07,380 --> 00:05:10,540 Google's long had Google App Engine and similar, 117 00:05:10,540 --> 00:05:13,926 which are higher-level services built on top of these lower-level details. 118 00:05:13,926 --> 00:05:15,800 And then there are still things like software 119 00:05:15,800 --> 00:05:19,780 as a service, which is an even fancier term for really just describing a web 120 00:05:19,780 --> 00:05:21,331 application that does useful stuff. 121 00:05:21,331 --> 00:05:24,330 And you really don't care about the language it's written in and in turn 122 00:05:24,330 --> 00:05:27,040 you really don't care about the infrastructure it's running on. 123 00:05:27,040 --> 00:05:29,710 So, again, this theme of layering or abstraction 124 00:05:29,710 --> 00:05:32,280 has kind of hit us in any number of ways. 125 00:05:32,280 --> 00:05:35,330 Then lastly we looked at web development. 126 00:05:35,330 --> 00:05:38,380 CSS and HTML, little bit of time on the mechanics of that. 127 00:05:38,380 --> 00:05:39,770 It's not a programming language. 128 00:05:39,770 --> 00:05:43,190 It's a markup language, and more on the distinction there later today. 129 00:05:43,190 --> 00:05:46,560 And then we looked at Cloud 9 as just an example of a software 130 00:05:46,560 --> 00:05:49,326 as a service, web-based programming environment that's somewhere 131 00:05:49,326 --> 00:05:51,200 in the cloud but we don't really know or need 132 00:05:51,200 --> 00:05:54,230 to care where that is at the end of the day. 133 00:05:54,230 --> 00:05:57,490 And talked ultimately about what you can actually do 134 00:05:57,490 --> 00:06:01,030 and how a web server and browser inter-communicate. 135 00:06:01,030 --> 00:06:05,170 So just so that we cross off everyone's to do lists while we're still here 136 00:06:05,170 --> 00:06:07,400 in Cambridge today, is there anything you'd 137 00:06:07,400 --> 00:06:10,460 like to add to today's list, which includes the following? 138 00:06:10,460 --> 00:06:13,070 So we'll start today with a focus on privacy and security 139 00:06:13,070 --> 00:06:14,975 motivated by a couple of specific examples, 140 00:06:14,975 --> 00:06:17,350 followed by any number of directions in which folks might 141 00:06:17,350 --> 00:06:19,620 want to go related to those two topics. 142 00:06:19,620 --> 00:06:22,020 Two, looking at programming and some basic 143 00:06:22,020 --> 00:06:25,471 constructs in certain algorithms and data structures. 144 00:06:25,471 --> 00:06:27,220 We'll tease apart what those are and these 145 00:06:27,220 --> 00:06:28,750 are sort of ingredients that you might bring 146 00:06:28,750 --> 00:06:31,710 when designing a piece of software at a white board or in a computer 147 00:06:31,710 --> 00:06:32,570 ultimately. 148 00:06:32,570 --> 00:06:35,510 Then technology stacks, which is a general term describing any number 149 00:06:35,510 --> 00:06:37,000 of these kinds of things here. 150 00:06:37,000 --> 00:06:42,150 Sort of additional ingredients, higher-level ingredients 151 00:06:42,150 --> 00:06:44,960 like actual tools and software and technologies 152 00:06:44,960 --> 00:06:48,360 that you might use to solve problems in software. 153 00:06:48,360 --> 00:06:50,799 And then finally a look at web programming in particular 154 00:06:50,799 --> 00:06:53,340 and some of the technologies related there too, some of which 155 00:06:53,340 --> 00:06:56,010 we scratched the surface of yesterday like databases, which 156 00:06:56,010 --> 00:06:58,425 we'll look at in a bit more detail. 157 00:06:58,425 --> 00:06:59,550 But is there anything else? 158 00:06:59,550 --> 00:07:00,050 Yeah? 159 00:07:00,050 --> 00:07:00,640 JP? 160 00:07:00,640 --> 00:07:01,557 AUDIENCE: Block chain. 161 00:07:01,557 --> 00:07:02,723 DAVID J. MALAN: Block chain. 162 00:07:02,723 --> 00:07:03,362 OK. 163 00:07:03,362 --> 00:07:04,237 AUDIENCE: [INAUDIBLE] 164 00:07:04,237 --> 00:07:06,269 165 00:07:06,269 --> 00:07:07,060 DAVID J. MALAN: OK. 166 00:07:07,060 --> 00:07:10,347 Block chain in the context of Bitcoin and such or a different context? 167 00:07:10,347 --> 00:07:11,430 AUDIENCE: The logic of it. 168 00:07:11,430 --> 00:07:12,270 DAVID J. MALAN: The logic of it. 169 00:07:12,270 --> 00:07:12,840 OK. 170 00:07:12,840 --> 00:07:13,340 All right. 171 00:07:13,340 --> 00:07:16,367 AUDIENCE: What we're trying to do is to [INAUDIBLE]. 172 00:07:16,367 --> 00:07:17,200 DAVID J. MALAN: Yep. 173 00:07:17,200 --> 00:07:18,011 OK. 174 00:07:18,011 --> 00:07:20,019 AUDIENCE: [INAUDIBLE] 175 00:07:20,019 --> 00:07:20,810 DAVID J. MALAN: OK. 176 00:07:20,810 --> 00:07:22,592 Other topics to add to today's list? 177 00:07:22,592 --> 00:07:23,300 Yeah? [INAUDIBLE] 178 00:07:23,300 --> 00:07:24,280 AUDIENCE: Microservices. 179 00:07:24,280 --> 00:07:24,640 DAVID J. MALAN: What's that? 180 00:07:24,640 --> 00:07:25,640 AUDIENCE: Microservices. 181 00:07:25,640 --> 00:07:27,020 DAVID J. MALAN: Microservices. 182 00:07:27,020 --> 00:07:27,980 OK. 183 00:07:27,980 --> 00:07:31,041 So microservices. 184 00:07:31,041 --> 00:07:34,023 AUDIENCE: Just, like, the notion of splitting up monolithic apps 185 00:07:34,023 --> 00:07:36,985 into independent microservices. 186 00:07:36,985 --> 00:07:37,860 DAVID J. MALAN: Sure. 187 00:07:37,860 --> 00:07:40,010 And this relates nicely to our brief discussion yesterday 188 00:07:40,010 --> 00:07:42,630 of containerization, which is the sort of infrastructure that 189 00:07:42,630 --> 00:07:44,140 tends to support stuff like this. 190 00:07:44,140 --> 00:07:44,682 Other topics? 191 00:07:44,682 --> 00:07:45,181 Victor? 192 00:07:45,181 --> 00:07:47,430 AUDIENCE: You touched upon content delivery networks 193 00:07:47,430 --> 00:07:53,527 but I'd like to know how it works in the context of the different [INAUDIBLE]. 194 00:07:53,527 --> 00:07:54,860 DAVID J. MALAN: OK, sounds good. 195 00:07:54,860 --> 00:07:58,123 Content delivery networks or CDNs, like Akamai was one such example. 196 00:07:58,123 --> 00:07:58,622 Sean? 197 00:07:58,622 --> 00:08:01,845 AUDIENCE: It was an article last night too in Hadoop. 198 00:08:01,845 --> 00:08:02,970 DAVID J. MALAN: Oh, Hadoop? 199 00:08:02,970 --> 00:08:03,420 Oh, yes. 200 00:08:03,420 --> 00:08:03,940 The tech-- 201 00:08:03,940 --> 00:08:04,815 AUDIENCE: [INAUDIBLE] 202 00:08:04,815 --> 00:08:06,950 203 00:08:06,950 --> 00:08:08,560 DAVID J. MALAN: OK, sure. 204 00:08:08,560 --> 00:08:09,470 Yes, [INAUDIBLE]? 205 00:08:09,470 --> 00:08:10,595 AUDIENCE: Maybe [INAUDIBLE] 206 00:08:10,595 --> 00:08:12,750 207 00:08:12,750 --> 00:08:13,807 DAVID J. MALAN: OK. 208 00:08:13,807 --> 00:08:15,640 Well, maybe we'll end with that cliffhanger. 209 00:08:15,640 --> 00:08:16,877 OK. 210 00:08:16,877 --> 00:08:18,460 AUDIENCE: Take some inspiration there. 211 00:08:18,460 --> 00:08:20,760 DAVID J. MALAN: Stay till the end today and you'll find out about the future. 212 00:08:20,760 --> 00:08:21,070 Alicia? 213 00:08:21,070 --> 00:08:22,903 AUDIENCE: You had talked about programming-- 214 00:08:22,903 --> 00:08:26,525 I see these articles about who we need to program, [INAUDIBLE] 215 00:08:26,525 --> 00:08:29,192 to know how to program, but what's behind that [INAUDIBLE]? 216 00:08:29,192 --> 00:08:30,150 DAVID J. MALAN: Oh, OK. 217 00:08:30,150 --> 00:08:33,740 So CS for All, for instance, which is one of the hashtags going around. 218 00:08:33,740 --> 00:08:39,370 OK, so-- OK. 219 00:08:39,370 --> 00:08:41,220 Other topics? 220 00:08:41,220 --> 00:08:41,720 Yeah? 221 00:08:41,720 --> 00:08:42,595 AUDIENCE: [INAUDIBLE] 222 00:08:42,595 --> 00:08:47,927 223 00:08:47,927 --> 00:08:49,260 DAVID J. MALAN: Oh, interesting. 224 00:08:49,260 --> 00:08:52,071 I'm sure we're not going to do it well is the short answer. 225 00:08:52,071 --> 00:08:52,570 But-- 226 00:08:52,570 --> 00:08:53,775 AUDIENCE: [INAUDIBLE] 227 00:08:53,775 --> 00:08:54,650 DAVID J. MALAN: Sure. 228 00:08:54,650 --> 00:08:57,274 We can weave that into this morning's discussion in particular. 229 00:08:57,274 --> 00:08:59,350 Other topics? 230 00:08:59,350 --> 00:08:59,850 Yeah? 231 00:08:59,850 --> 00:09:00,349 Alicia? 232 00:09:00,349 --> 00:09:04,990 AUDIENCE: More a business topic but [INAUDIBLE] Google Docs or Microsoft 233 00:09:04,990 --> 00:09:11,600 [INAUDIBLE] talk about the risk of [INAUDIBLE] 234 00:09:11,600 --> 00:09:16,790 235 00:09:16,790 --> 00:09:18,700 DAVID J. MALAN: OK, so-- yeah, so-- 236 00:09:18,700 --> 00:09:21,505 AUDIENCE: [INAUDIBLE] in the cloud tool. 237 00:09:21,505 --> 00:09:22,630 DAVID J. MALAN: Cloud tool. 238 00:09:22,630 --> 00:09:27,580 Sure, let's weave that in, perhaps into the privacy and security discussion 239 00:09:27,580 --> 00:09:28,370 as well. 240 00:09:28,370 --> 00:09:30,510 Other topics? 241 00:09:30,510 --> 00:09:32,325 Anything at all? 242 00:09:32,325 --> 00:09:32,825 Yeah? 243 00:09:32,825 --> 00:09:35,145 AUDIENCE: [INAUDIBLE] about machine learning maybe. 244 00:09:35,145 --> 00:09:36,520 DAVID J. MALAN: Machine learning. 245 00:09:36,520 --> 00:09:37,020 OK. 246 00:09:37,020 --> 00:09:38,640 I'll put an abbreviated ML. 247 00:09:38,640 --> 00:09:40,230 Sure. 248 00:09:40,230 --> 00:09:42,460 Other topics? 249 00:09:42,460 --> 00:09:45,920 Sort of creating a problem for myself with this very long list today. 250 00:09:45,920 --> 00:09:47,340 Let me propose this. 251 00:09:47,340 --> 00:09:50,030 I'll do my best to weave these into today's framework, 252 00:09:50,030 --> 00:09:52,660 but let me also encourage you to remind me or come up 253 00:09:52,660 --> 00:09:55,140 during any of the breaks or lunch time or after today 254 00:09:55,140 --> 00:09:59,690 too if we don't quite hit on everything lest touch on something of interest. 255 00:09:59,690 --> 00:10:02,710 And worst case I can follow up via email with some references 256 00:10:02,710 --> 00:10:05,610 if we don't get through everything today. 257 00:10:05,610 --> 00:10:10,042 All right, so you might have enjoyed if you hadn't in previous months 258 00:10:10,042 --> 00:10:13,730 the John Oliver segment on Last Week Tonight, 259 00:10:13,730 --> 00:10:15,670 which is a fun excuse for homework to watch 260 00:10:15,670 --> 00:10:17,920 an 18-minute segment about encryption, but he actually 261 00:10:17,920 --> 00:10:20,890 does a wonderful job in general at peeling back 262 00:10:20,890 --> 00:10:24,350 the layers of some interesting societal trends, some of them technological. 263 00:10:24,350 --> 00:10:26,700 Among them, for instance, has been encryption. 264 00:10:26,700 --> 00:10:31,230 So some months ago the FBI really wanted to get into someone's iPhone 265 00:10:31,230 --> 00:10:33,330 and Apple said no. 266 00:10:33,330 --> 00:10:36,750 They weren't willing to help with this request. 267 00:10:36,750 --> 00:10:39,886 But does anyone want to explain a bit more of the context 268 00:10:39,886 --> 00:10:41,510 and perhaps some of the technicalities? 269 00:10:41,510 --> 00:10:46,690 Like, what was it the FBI wanted Apple to do for them? 270 00:10:46,690 --> 00:10:49,860 Either high-level answer or low level is fine. 271 00:10:49,860 --> 00:10:50,690 Yeah? 272 00:10:50,690 --> 00:10:51,348 Griff? 273 00:10:51,348 --> 00:10:54,834 AUDIENCE: Wanted Apple to write a small program 274 00:10:54,834 --> 00:10:56,668 to bypass the security feature of the phone. 275 00:10:56,668 --> 00:10:57,750 DAVID J. MALAN: OK, they-- 276 00:10:57,750 --> 00:10:59,640 AUDIENCE: [INAUDIBLE] the password reset. 277 00:10:59,640 --> 00:11:00,431 DAVID J. MALAN: OK. 278 00:11:00,431 --> 00:11:02,430 So they wanted Apple to write some software 279 00:11:02,430 --> 00:11:05,569 to bypass a security mechanism of the phone related to password reset. 280 00:11:05,569 --> 00:11:07,110 And can someone dive in deeper there? 281 00:11:07,110 --> 00:11:10,530 What exactly is the security feature in question that some of us 282 00:11:10,530 --> 00:11:11,280 are perhaps using? 283 00:11:11,280 --> 00:11:11,779 Sean? 284 00:11:11,779 --> 00:11:14,992 AUDIENCE: An iPhone [INAUDIBLE] so many times, you get one more time 285 00:11:14,992 --> 00:11:16,230 or it'll erase the phone. 286 00:11:16,230 --> 00:11:17,230 DAVID J. MALAN: Exactly. 287 00:11:17,230 --> 00:11:17,450 Yeah. 288 00:11:17,450 --> 00:11:18,290 So this is optional. 289 00:11:18,290 --> 00:11:20,410 So by default your phone should not do this, 290 00:11:20,410 --> 00:11:23,900 since I'm sure there are people who will enter their own password wrong 10 or 11 291 00:11:23,900 --> 00:11:27,369 times maybe late at night sometimes too or after a night on the town 292 00:11:27,369 --> 00:11:29,660 and that's bad if it just deletes itself automatically. 293 00:11:29,660 --> 00:11:31,080 But this is also a good feature. 294 00:11:31,080 --> 00:11:31,580 Why? 295 00:11:31,580 --> 00:11:35,350 Why might you want your phone to sort of figuratively self-destruct? 296 00:11:35,350 --> 00:11:38,650 AUDIENCE: If someone's tampering with it and it automatically 297 00:11:38,650 --> 00:11:41,231 wipes the information [INAUDIBLE]. 298 00:11:41,231 --> 00:11:42,230 DAVID J. MALAN: Exactly. 299 00:11:42,230 --> 00:11:45,280 If it's someone malicious or your phone's been lost or stolen 300 00:11:45,280 --> 00:11:49,590 or it's a nosy roommate or such you might want the data to self-destruct, 301 00:11:49,590 --> 00:11:52,480 provided it's hopefully backed up somewhere either on iTunes 302 00:11:52,480 --> 00:11:56,410 or in iCloud, in the cloud where it's completely safe, I'm sure. 303 00:11:56,410 --> 00:11:59,100 So you at least assume that it's backed up 304 00:11:59,100 --> 00:12:01,670 or that you don't care about the data at that point. 305 00:12:01,670 --> 00:12:05,570 And the worry in this particular case was that the phone in question 306 00:12:05,570 --> 00:12:08,940 might have had this feature enabled because there was apparently 307 00:12:08,940 --> 00:12:12,690 some evidence in like the iCloud server logs that in the past 308 00:12:12,690 --> 00:12:14,520 he had enabled this particular feature. 309 00:12:14,520 --> 00:12:16,990 But it was unclear and the FBI, as I understand it, 310 00:12:16,990 --> 00:12:21,830 didn't really want to take the risk of trying to guess the person's password 311 00:12:21,830 --> 00:12:24,480 and have the phone self-destruct, so to speak, 312 00:12:24,480 --> 00:12:26,634 whereby it deletes all of the data on the phone. 313 00:12:26,634 --> 00:12:28,050 Now let's pause for just a moment. 314 00:12:28,050 --> 00:12:30,320 What would it mean to delete data on the phone, 315 00:12:30,320 --> 00:12:32,198 especially in the light of yesterday's chat? 316 00:12:32,198 --> 00:12:32,697 Grace? 317 00:12:32,697 --> 00:12:34,488 AUDIENCE: It's just deleting the directory? 318 00:12:34,488 --> 00:12:35,109 [INAUDIBLE] 319 00:12:35,109 --> 00:12:36,650 DAVID J. MALAN: It's a good question. 320 00:12:36,650 --> 00:12:42,550 So hopefully Apple's not so unsophisticated 321 00:12:42,550 --> 00:12:45,500 as to just forget where the data is and market this 322 00:12:45,500 --> 00:12:48,370 as a self-destruct feature, though it wasn't all that 323 00:12:48,370 --> 00:12:51,950 long ago that even industry miscommunicated these kinds of things. 324 00:12:51,950 --> 00:12:56,390 If I can find a screenshot-- DOS delete all data erased. 325 00:12:56,390 --> 00:13:02,120 I'm trying to remember an error mess-- or a warning message from yesteryear. 326 00:13:02,120 --> 00:13:08,970 Delete secure erase-- don't run DOS anymore 327 00:13:08,970 --> 00:13:12,143 so I can't just run the command for you. 328 00:13:12,143 --> 00:13:12,643 Let's see. 329 00:13:12,643 --> 00:13:15,890 DOS format command. 330 00:13:15,890 --> 00:13:22,400 So DOS, Disk Operating System, is what we all had before Windows 331 00:13:22,400 --> 00:13:24,645 and newer versions of Mac OS came about. 332 00:13:24,645 --> 00:13:27,270 And this, for instance, was the message you would get years ago 333 00:13:27,270 --> 00:13:31,630 if you tried to format your hard drive, where formatting is in most people's 334 00:13:31,630 --> 00:13:33,610 minds equivalent to erasing it. 335 00:13:33,610 --> 00:13:37,940 And it surely seems to be the case that all data on non-removable disk 336 00:13:37,940 --> 00:13:41,020 drive C, which is your default hard drive, will be lost. 337 00:13:41,020 --> 00:13:43,450 So that sounds really, really bad, and it is. 338 00:13:43,450 --> 00:13:46,780 You're certainly creating a problem for yourself if you regret this decision. 339 00:13:46,780 --> 00:13:50,070 But what do they really mean by lost? 340 00:13:50,070 --> 00:13:51,300 AUDIENCE: [INAUDIBLE] 341 00:13:51,300 --> 00:13:52,175 DAVID J. MALAN: Yeah. 342 00:13:52,175 --> 00:13:54,520 It's just-- and it's not that you can't find it. 343 00:13:54,520 --> 00:13:55,740 It's just harder to find it. 344 00:13:55,740 --> 00:13:58,530 Your data gets lost in the sense that it's still there. 345 00:13:58,530 --> 00:14:01,360 The zeros and ones, the little magnetic particles back in the day 346 00:14:01,360 --> 00:14:04,570 were still oriented north-south, south-north representing ones and zeros 347 00:14:04,570 --> 00:14:10,120 as you had left them, but the directory entries were simply forgotten. 348 00:14:10,120 --> 00:14:13,700 So the data's still there but the recollection thereof is no longer. 349 00:14:13,700 --> 00:14:17,190 And as an aside if you've ever wondered why in the Windows world or Mac world 350 00:14:17,190 --> 00:14:20,880 some people say folders and directories interchangeably-- like, 351 00:14:20,880 --> 00:14:22,750 a directory really is just that table. 352 00:14:22,750 --> 00:14:27,140 It's like a directory in a building looking up someone's name and office 353 00:14:27,140 --> 00:14:28,110 number. 354 00:14:28,110 --> 00:14:31,612 That they're equivalent, we just represent them 355 00:14:31,612 --> 00:14:34,480 iconographically with folder icons. 356 00:14:34,480 --> 00:14:36,460 This just forgets where the data is. 357 00:14:36,460 --> 00:14:39,990 All right, so hopefully Apple's not just doing that and forgetting the data. 358 00:14:39,990 --> 00:14:41,100 And they're not. 359 00:14:41,100 --> 00:14:42,427 What are they doing instead? 360 00:14:42,427 --> 00:14:45,510 Or what should you do instead if you really want to delete someone's data? 361 00:14:45,510 --> 00:14:48,330 362 00:14:48,330 --> 00:14:49,740 AUDIENCE: Write it over. 363 00:14:49,740 --> 00:14:50,990 DAVID J. MALAN: Write it over? 364 00:14:50,990 --> 00:14:51,676 In what sense? 365 00:14:51,676 --> 00:14:52,670 AUDIENCE: Jibberish. 366 00:14:52,670 --> 00:14:53,060 DAVID J. MALAN: Jibberish. 367 00:14:53,060 --> 00:14:55,437 So you only have zeros and ones at your disposal, 368 00:14:55,437 --> 00:14:57,270 so what does gibberish mean in that context? 369 00:14:57,270 --> 00:14:58,170 AUDIENCE: Random. 370 00:14:58,170 --> 00:14:58,880 DAVID J. MALAN: So random. 371 00:14:58,880 --> 00:15:02,070 So if you have the ability to generate random numbers, which to some extent 372 00:15:02,070 --> 00:15:06,120 computers indeed do, you can just change all of the zeros and ones 373 00:15:06,120 --> 00:15:09,620 to just random zeros and ones so that it looks like random noise. 374 00:15:09,620 --> 00:15:11,880 It is noise and with very low probability can 375 00:15:11,880 --> 00:15:13,470 you actually resurrect that data. 376 00:15:13,470 --> 00:15:15,300 Now, as a technical aside, back in the day, 377 00:15:15,300 --> 00:15:19,410 especially in the days of magnetic storage, it's long been-- well, 378 00:15:19,410 --> 00:15:22,020 I think it's been the case in super old hardware 379 00:15:22,020 --> 00:15:26,850 that when you reorient like a 1 to a 0 it doesn't necessarily 380 00:15:26,850 --> 00:15:28,730 go, like, 180 degrees. 381 00:15:28,730 --> 00:15:32,210 There might be cases where it goes, like, 179 degrees, for instance, 382 00:15:32,210 --> 00:15:36,270 thereby leaving a little bit of a hint that that bit wasn't necessarily 383 00:15:36,270 --> 00:15:38,467 what it appears to be right now. 384 00:15:38,467 --> 00:15:40,550 But modern hard drives, there's just so much data, 385 00:15:40,550 --> 00:15:43,220 everything is so packed, this really isn't a concern these days. 386 00:15:43,220 --> 00:15:46,379 And so simply randomizing the data in this way would work well. 387 00:15:46,379 --> 00:15:49,420 Overwriting everything with zeros, which is very common, would work well. 388 00:15:49,420 --> 00:15:52,239 Or ones, equivalently, would work well. 389 00:15:52,239 --> 00:15:55,030 But that's not actually what Apple does because that would actually 390 00:15:55,030 --> 00:15:57,970 take a decent number of seconds or minutes, 391 00:15:57,970 --> 00:16:02,171 especially now that you have gigabytes and gigabytes of space in your phone. 392 00:16:02,171 --> 00:16:04,420 They instead do something that's actually pretty fast. 393 00:16:04,420 --> 00:16:06,320 If you've ever securely erased your iPhone, 394 00:16:06,320 --> 00:16:09,510 it's mostly the boot up process that's the slow part not so much the wiping. 395 00:16:09,510 --> 00:16:13,289 AUDIENCE: [INAUDIBLE] they just reinstall the iOS [INAUDIBLE] 396 00:16:13,289 --> 00:16:14,330 DAVID J. MALAN: Yeah, OK. 397 00:16:14,330 --> 00:16:16,450 So maybe they're reinstalling the software. 398 00:16:16,450 --> 00:16:18,575 And to be honest, they're probably not reinstalling 399 00:16:18,575 --> 00:16:21,426 all the apps because those are probably stored 400 00:16:21,426 --> 00:16:22,800 in a different portion of memory. 401 00:16:22,800 --> 00:16:24,060 AUDIENCE: It's the same when you reset your iPhone. 402 00:16:24,060 --> 00:16:24,851 DAVID J. MALAN: OK. 403 00:16:24,851 --> 00:16:28,219 AUDIENCE: You can do that wherever you are [INAUDIBLE] 404 00:16:28,219 --> 00:16:29,010 DAVID J. MALAN: Oh. 405 00:16:29,010 --> 00:16:33,320 So, yes, it does redownload applications that you had previously installed. 406 00:16:33,320 --> 00:16:33,820 Absolutely. 407 00:16:33,820 --> 00:16:35,140 But that's separate from the data. 408 00:16:35,140 --> 00:16:37,473 So what is it actually doing with respective user data-- 409 00:16:37,473 --> 00:16:41,020 your emails, your text messages, and other things you had on there? 410 00:16:41,020 --> 00:16:46,130 When Apple shows that progress bar or Android equivalent, what's it doing? 411 00:16:46,130 --> 00:16:47,860 It's not overwriting the zeros and ones. 412 00:16:47,860 --> 00:16:48,360 That-- 413 00:16:48,360 --> 00:16:49,279 AUDIENCE: [INAUDIBLE] 414 00:16:49,279 --> 00:16:50,320 DAVID J. MALAN: Not even. 415 00:16:50,320 --> 00:16:54,160 It actually doesn't go and touch all of the bits. 416 00:16:54,160 --> 00:16:56,055 AUDIENCE: [INAUDIBLE] 417 00:16:56,055 --> 00:16:56,930 DAVID J. MALAN: Yeah. 418 00:16:56,930 --> 00:16:58,895 It's more sophisticated than that. 419 00:16:58,895 --> 00:17:01,520 So we'll talk about this in a little more detail in just a bit. 420 00:17:01,520 --> 00:17:04,060 But encryption, again, is the art of scrambling information 421 00:17:04,060 --> 00:17:06,680 and most encryption assumes that you have some secret key. 422 00:17:06,680 --> 00:17:15,440 In particular, suppose I were to write, let's say, this. 423 00:17:15,440 --> 00:17:18,740 That's an encrypted message for you all this morning. 424 00:17:18,740 --> 00:17:19,937 What does it say? 425 00:17:19,937 --> 00:17:20,989 AUDIENCE: Hi? 426 00:17:20,989 --> 00:17:21,780 DAVID J. MALAN: Hi. 427 00:17:21,780 --> 00:17:22,780 OK, who said hi? 428 00:17:22,780 --> 00:17:25,012 OK, why do you say hi? 429 00:17:25,012 --> 00:17:26,960 AUDIENCE: It's the alphabet plus 1. 430 00:17:26,960 --> 00:17:28,119 DAVID J. MALAN: It's the alphabet plus 1. 431 00:17:28,119 --> 00:17:30,780 And fortunately I chose a short word so we could sort of brute force 432 00:17:30,780 --> 00:17:33,830 this by just figuring out what's a two-letter word we can think of which 433 00:17:33,830 --> 00:17:35,940 is not unreasonable strategy either. 434 00:17:35,940 --> 00:17:37,240 This indeed means hi. 435 00:17:37,240 --> 00:17:40,900 But what was the cipher, the algorithm with which this is encrypted? 436 00:17:40,900 --> 00:17:44,320 Well, as you glean, Dan, it looks like I took the original word 437 00:17:44,320 --> 00:17:45,550 and just added one to it. 438 00:17:45,550 --> 00:17:49,260 So H plus one letter of the alphabet gives me I and I plus 1 439 00:17:49,260 --> 00:17:52,580 gives me J and thus is born my ciphertext. 440 00:17:52,580 --> 00:17:55,680 So this might be called plaintext by convention 441 00:17:55,680 --> 00:18:01,220 and this would be called ciphertext, which is the resulting encrypted text. 442 00:18:01,220 --> 00:18:04,960 Now, of course, this is not a very secure cipher because my choice of key 443 00:18:04,960 --> 00:18:06,150 was not very good. 444 00:18:06,150 --> 00:18:08,560 So what if I choose a different key? 445 00:18:08,560 --> 00:18:13,710 How about if I write this message to you, which not 446 00:18:13,710 --> 00:18:16,820 meant to be an acronym or text speak. 447 00:18:16,820 --> 00:18:17,560 What's this say? 448 00:18:17,560 --> 00:18:21,709 449 00:18:21,709 --> 00:18:22,640 AUDIENCE: Same thing. 450 00:18:22,640 --> 00:18:25,300 DAVID J. MALAN: Same thing, but what's different? 451 00:18:25,300 --> 00:18:26,260 AUDIENCE: Algorithm. 452 00:18:26,260 --> 00:18:29,810 DAVID J. MALAN: Yeah, well the algorithm is the same I'd argue. 453 00:18:29,810 --> 00:18:32,330 The input is slightly different. 454 00:18:32,330 --> 00:18:34,580 There's two inputs, indeed, in this case, 455 00:18:34,580 --> 00:18:37,020 not only the plaintext but also the number. 456 00:18:37,020 --> 00:18:40,750 So if this previously was 1, now I've gone and done 457 00:18:40,750 --> 00:18:47,120 hi plus 2, which is what's ultimately given me J and K. So 458 00:18:47,120 --> 00:18:52,251 how many possible keys are there for this algorithm, for this cipher? 459 00:18:52,251 --> 00:18:56,500 460 00:18:56,500 --> 00:18:58,280 The key, again, is the number I added. 461 00:18:58,280 --> 00:19:01,889 What would you argue is the total number of possible keys? 462 00:19:01,889 --> 00:19:02,680 AUDIENCE: Infinite. 463 00:19:02,680 --> 00:19:06,090 DAVID J. MALAN: Infinite's true, but practically speaking not really 464 00:19:06,090 --> 00:19:08,570 because many of them are equivalent to each other. 465 00:19:08,570 --> 00:19:10,069 AUDIENCE: 25, 26. 466 00:19:10,069 --> 00:19:11,360 DAVID J. MALAN: Yeah, 25 or 26. 467 00:19:11,360 --> 00:19:13,821 Why do you say that, Katy? 468 00:19:13,821 --> 00:19:20,816 AUDIENCE: You start adding-- one is the same if I have 26 or 27, right? 469 00:19:20,816 --> 00:19:21,940 DAVID J. MALAN: There's 27. 470 00:19:21,940 --> 00:19:22,920 Yep, exactly. 471 00:19:22,920 --> 00:19:26,410 Yeah, so if you're assuming we're confining this cipher 472 00:19:26,410 --> 00:19:29,369 to only operate on letters, to only take letters as input 473 00:19:29,369 --> 00:19:31,160 and only produce letters as output, there's 474 00:19:31,160 --> 00:19:34,490 going to be a corner case so to speak, a sort of extreme scenario 475 00:19:34,490 --> 00:19:37,580 that you better anticipate lest your algorithm be buggy. 476 00:19:37,580 --> 00:19:40,850 And the scenario I'm thinking of is what if the letter is Z, like you're 477 00:19:40,850 --> 00:19:43,000 encrypting the word "zoo" for instance? 478 00:19:43,000 --> 00:19:45,310 Well, suppose the key is 1. 479 00:19:45,310 --> 00:19:47,020 What the o is easy. 480 00:19:47,020 --> 00:19:48,840 It just becomes "PP." 481 00:19:48,840 --> 00:19:50,960 But what's Z become? 482 00:19:50,960 --> 00:19:54,422 It's like A feels like a nice, clean solution where you just 483 00:19:54,422 --> 00:19:57,380 wrap back around otherwise it's going to be like some funky punctuation 484 00:19:57,380 --> 00:19:59,210 symbol or something like that, which is fine, 485 00:19:59,210 --> 00:20:01,210 but you have to decide in advance what you're going 486 00:20:01,210 --> 00:20:02,710 to allow as your inputs and outputs. 487 00:20:02,710 --> 00:20:05,440 So in this case, if we're just adding numbers 488 00:20:05,440 --> 00:20:08,730 and we're comfortable with the idea of wrapping around from Z to A 489 00:20:08,730 --> 00:20:14,930 and so forth, well then we only have 25, maybe 26 possible keys. 490 00:20:14,930 --> 00:20:18,590 But 26 is kind of silly because by the time 491 00:20:18,590 --> 00:20:22,370 you add 26 letters it just wraps back around to A. 492 00:20:22,370 --> 00:20:27,080 So there's this old joke on the Internet which geeky people find funny. 493 00:20:27,080 --> 00:20:30,110 So there's this algorithm called rot13 which 494 00:20:30,110 --> 00:20:33,010 back in the day on message boards, bulletin board systems, 495 00:20:33,010 --> 00:20:37,000 used to be this sort of low impact way of encrypting information 496 00:20:37,000 --> 00:20:38,440 like movie spoilers and the like. 497 00:20:38,440 --> 00:20:40,440 So it would look like nonsense but if you really 498 00:20:40,440 --> 00:20:44,300 wanted to see the movie spoiler you could rotate everything by 13 places. 499 00:20:44,300 --> 00:20:46,830 So the joke on the Internet is, well, you 500 00:20:46,830 --> 00:20:51,790 can-- if you want your data to be twice as secure, you should use rot26. 501 00:20:51,790 --> 00:20:53,800 OK, one person finds this funny. 502 00:20:53,800 --> 00:20:57,700 rot26 of course would be stupid because you're just rotating from A to A, B 503 00:20:57,700 --> 00:20:58,700 to B, and so forth. 504 00:20:58,700 --> 00:21:03,172 And to your point earlier, Avi, about infinite, true but infinitely many 505 00:21:03,172 --> 00:21:04,880 of those numbers are equivalent to others 506 00:21:04,880 --> 00:21:08,180 so it all boils down to still just 25 useful values. 507 00:21:08,180 --> 00:21:10,850 But even then, these values aren't all that useful 508 00:21:10,850 --> 00:21:15,950 because Dan cracked this cipher in just a couple of seconds. 509 00:21:15,950 --> 00:21:18,880 So what might be a better way of encrypting information? 510 00:21:18,880 --> 00:21:22,260 And, again, the goal here is to come back to Siobhan's conjecture 511 00:21:22,260 --> 00:21:25,400 that maybe Apple is just forgetting an encryption key, whatever that means. 512 00:21:25,400 --> 00:21:26,950 But we'll come back to that. 513 00:21:26,950 --> 00:21:31,520 What might be more secure than this rotational cipher otherwise known 514 00:21:31,520 --> 00:21:34,906 as a Caesar cipher where you just add some fixed number to each letter? 515 00:21:34,906 --> 00:21:38,290 516 00:21:38,290 --> 00:21:39,616 What else might you do? 517 00:21:39,616 --> 00:21:45,035 AUDIENCE: [INAUDIBLE] have each letter could correspond to a different letter 518 00:21:45,035 --> 00:21:48,500 but it's not the same [INAUDIBLE]. 519 00:21:48,500 --> 00:21:49,640 DAVID J. MALAN: Yeah. 520 00:21:49,640 --> 00:21:53,916 AUDIENCE: You create a key where each letter and other letter can randomize 521 00:21:53,916 --> 00:21:55,339 [INAUDIBLE]. 522 00:21:55,339 --> 00:21:56,380 DAVID J. MALAN: OK, good. 523 00:21:56,380 --> 00:21:57,630 Let's take those both in turn. 524 00:21:57,630 --> 00:22:00,600 So instead of using just one key, let's say-- 525 00:22:00,600 --> 00:22:04,860 let me try to simplify the definition as just we'll use one key per letter. 526 00:22:04,860 --> 00:22:09,840 So for instance let's just so we have a longer word, if we had the word "hello" 527 00:22:09,840 --> 00:22:15,540 and we were just using a key of 1, this would become I, this would become F, 528 00:22:15,540 --> 00:22:18,030 this would be M, M, and P. 529 00:22:18,030 --> 00:22:21,200 But of course this could be very quickly cracked in a couple of ways. 530 00:22:21,200 --> 00:22:23,470 One, you could just kind of noodle on it for a moment and see, oh, this 531 00:22:23,470 --> 00:22:25,100 has just been rotated one place. 532 00:22:25,100 --> 00:22:30,837 There's another piece of information that's leaked by nature of this cipher. 533 00:22:30,837 --> 00:22:31,920 There's a hint, a pattern. 534 00:22:31,920 --> 00:22:34,539 What kind of pattern, Grace? 535 00:22:34,539 --> 00:22:36,910 AUDIENCE: It's a double letter. 536 00:22:36,910 --> 00:22:38,487 DAVID J. MALAN: Yeah. 537 00:22:38,487 --> 00:22:41,320 And double letters are kind of interesting because it's probably not 538 00:22:41,320 --> 00:22:43,430 going to be, like, two Q's in a row. 539 00:22:43,430 --> 00:22:48,390 It's probably not going to be, you know, "cc" isn't that common. 540 00:22:48,390 --> 00:22:48,900 "ll." 541 00:22:48,900 --> 00:22:50,200 I feel like I see "ll" a lot. 542 00:22:50,200 --> 00:22:52,660 And that kind of intuition or those kinds of statistics 543 00:22:52,660 --> 00:22:55,140 ultimately can help you crack whatever is going on. 544 00:22:55,140 --> 00:22:58,390 So that is a bad property of this rotational cipher. 545 00:22:58,390 --> 00:23:03,020 But what if we refine it somehow so that instead of adding 1 546 00:23:03,020 --> 00:23:06,740 to each of the letters, why don't we choose maybe 547 00:23:06,740 --> 00:23:08,460 a number-- and this is overly simplistic, 548 00:23:08,460 --> 00:23:10,570 but maybe we should add a different value 549 00:23:10,570 --> 00:23:14,690 to each thereby obfuscating the fact that there is indeed 550 00:23:14,690 --> 00:23:15,990 a repetition of letters. 551 00:23:15,990 --> 00:23:19,370 Because if you add 3 to one L and 4 to the other, 552 00:23:19,370 --> 00:23:22,910 it's going to be two different letters as a result. 553 00:23:22,910 --> 00:23:28,010 And so this is more generally known as Vigenere's cipher, 554 00:23:28,010 --> 00:23:31,430 a French gentleman years ago, which was an improvement upon the Caesar cipher, 555 00:23:31,430 --> 00:23:33,221 or the rotational cipher we just discussed. 556 00:23:33,221 --> 00:23:36,020 Instead of using one key, you use one key per letter, 557 00:23:36,020 --> 00:23:40,380 although technically you would still use a finite number of keys. 558 00:23:40,380 --> 00:23:42,570 And if you need to reuse them-- for instance, 559 00:23:42,570 --> 00:23:46,330 if the message you're trying to encrypt is "hello world," 560 00:23:46,330 --> 00:23:50,000 you would just reuse those same keys again. 561 00:23:50,000 --> 00:23:54,010 So it just helps you remember so you don't need a super, super long key. 562 00:23:54,010 --> 00:23:56,880 But in reality this is not what most modern computers do. 563 00:23:56,880 --> 00:24:00,090 What most modern computers use are different algorithms 564 00:24:00,090 --> 00:24:05,019 like DES or RSA or AES. 565 00:24:05,019 --> 00:24:06,810 These are a number of the acronyms that you 566 00:24:06,810 --> 00:24:09,920 might see if you poke around security software even on your own computer. 567 00:24:09,920 --> 00:24:12,980 But at the end of the day, all of these algorithms 568 00:24:12,980 --> 00:24:14,990 have some notion of secrecy involved. 569 00:24:14,990 --> 00:24:17,240 And we'll tease this apart in more detail for this one 570 00:24:17,240 --> 00:24:19,890 and come back to yesterday's topic of browser-based encryption. 571 00:24:19,890 --> 00:24:22,600 But for now, all of them have some secret, like the number 1 572 00:24:22,600 --> 00:24:25,600 or the number 2 or the number 12345 or such, 573 00:24:25,600 --> 00:24:29,230 and the whole security of your system is predicated 574 00:24:29,230 --> 00:24:32,460 on that secret remaining a secret. 575 00:24:32,460 --> 00:24:35,410 As soon as one of you knows that my key is 1 576 00:24:35,410 --> 00:24:39,400 you can now crack any messages I send throughout the room here, for instance, 577 00:24:39,400 --> 00:24:40,420 on a piece of paper. 578 00:24:40,420 --> 00:24:41,600 So that would be bad. 579 00:24:41,600 --> 00:24:47,660 So Siobhan proposed earlier that maybe Apple is deleting your data 580 00:24:47,660 --> 00:24:50,020 by forgetting an encryption key. 581 00:24:50,020 --> 00:24:53,950 And that's actually true, but can we infer now 582 00:24:53,950 --> 00:24:57,090 what he might mean from that given this definition? 583 00:24:57,090 --> 00:24:58,210 Anyone other than Siobhan? 584 00:24:58,210 --> 00:25:01,140 585 00:25:01,140 --> 00:25:06,980 How might forgetting an encryption key allow you to delete data? 586 00:25:06,980 --> 00:25:09,934 How could you leverage that primitive, so to speak? 587 00:25:09,934 --> 00:25:12,968 588 00:25:12,968 --> 00:25:16,134 AUDIENCE: [INAUDIBLE] treat the ciphertext like plaintext? 589 00:25:16,134 --> 00:25:18,300 DAVID J. MALAN: Treat the ciphertext like plaintext. 590 00:25:18,300 --> 00:25:19,460 In what sense? 591 00:25:19,460 --> 00:25:23,620 AUDIENCE: Like plaintext [INAUDIBLE] become encrypted 592 00:25:23,620 --> 00:25:24,960 and if you forget it [INAUDIBLE] 593 00:25:24,960 --> 00:25:29,679 594 00:25:29,679 --> 00:25:30,470 DAVID J. MALAN: Oh. 595 00:25:30,470 --> 00:25:33,010 Or maybe not what you input but what you intended 596 00:25:33,010 --> 00:25:36,010 to be random I think is where you're going with this? 597 00:25:36,010 --> 00:25:36,540 So, yeah. 598 00:25:36,540 --> 00:25:39,500 So, like, if we-- let's choose a little example. 599 00:25:39,500 --> 00:25:46,520 So suppose that I have encrypted some sentence or word 600 00:25:46,520 --> 00:25:57,120 and the result is GZYEAZYFQ-- I'm just making these up in succession. 601 00:25:57,120 --> 00:26:03,440 I suppose that this is what some secret key on my phone has encrypted. 602 00:26:03,440 --> 00:26:05,630 So this is what is currently on my phone. 603 00:26:05,630 --> 00:26:08,284 Now, that might be a text message I sent to someone, 604 00:26:08,284 --> 00:26:10,950 but it looks like nonsense if you're just looking at the letters 605 00:26:10,950 --> 00:26:14,730 or looking at the pattern of the bits because its Apple iOS, their software, 606 00:26:14,730 --> 00:26:18,535 has used an encryption key to turn it into something that looks like that. 607 00:26:18,535 --> 00:26:21,410 Now, when I, the human, am using my phone I of course don't see that. 608 00:26:21,410 --> 00:26:27,610 I see the actual English text message because I have logged into my phone, 609 00:26:27,610 --> 00:26:28,999 enabled the encryption key. 610 00:26:28,999 --> 00:26:31,040 This is all sort of built in automatically for us 611 00:26:31,040 --> 00:26:33,800 and it is automatically for me decrypting anything 612 00:26:33,800 --> 00:26:36,090 before I see it on the screen. 613 00:26:36,090 --> 00:26:41,570 So if it looks like this when it's actually stored in my phone's memory 614 00:26:41,570 --> 00:26:47,180 but it can be turned back into plaintext by using that supposedly secret key 615 00:26:47,180 --> 00:26:50,790 and iOS knows how to do this, it would seem 616 00:26:50,790 --> 00:26:54,290 that simply forgetting the key, whatever it is-- it's 617 00:26:54,290 --> 00:26:57,560 probably something fancier than the number 1 or the number 13. 618 00:26:57,560 --> 00:26:59,750 But whatever that key is, if you forget it, 619 00:26:59,750 --> 00:27:02,460 the side effect of forgetting your key means that what 620 00:27:02,460 --> 00:27:03,975 is left in your phone's memory? 621 00:27:03,975 --> 00:27:06,900 622 00:27:06,900 --> 00:27:11,380 Just nonsense like this, which, yes, represents encrypted data, 623 00:27:11,380 --> 00:27:15,730 but the definition of a good cipher is that the resulting ciphertext 624 00:27:15,730 --> 00:27:20,930 appears to be random and is indiscernible from truly random data. 625 00:27:20,930 --> 00:27:24,150 And so, as such, even though, yeah, all of your data is still on there, 626 00:27:24,150 --> 00:27:24,950 it's encrypted. 627 00:27:24,950 --> 00:27:27,889 And because you threw away the encryption key, the FBI and no one else 628 00:27:27,889 --> 00:27:29,680 is going to be able to decrypt it, at least 629 00:27:29,680 --> 00:27:31,870 not without a huge amount of luck. 630 00:27:31,870 --> 00:27:35,155 And so for all intents and purposes it is in fact deleted. 631 00:27:35,155 --> 00:27:37,780 It's equivalent to Avi's suggestion earlier of just overwriting 632 00:27:37,780 --> 00:27:38,920 your data with random bits. 633 00:27:38,920 --> 00:27:43,300 These are random if you just have no way of recovering what they once were. 634 00:27:43,300 --> 00:27:47,540 Now, what if Apple or a nosy roommate just 635 00:27:47,540 --> 00:27:50,850 tries to guess your password or, in turn, your key? 636 00:27:50,850 --> 00:27:54,260 And to be clear, we humans just have to remember a four-digit passcode 637 00:27:54,260 --> 00:27:57,120 or a six-digit passcode or a longer pass phrase 638 00:27:57,120 --> 00:28:01,310 and that is used to unlock, essentially, the encryption key, which 639 00:28:01,310 --> 00:28:03,920 is actually bigger inside of the phone. 640 00:28:03,920 --> 00:28:06,313 So how secure is this whole process? 641 00:28:06,313 --> 00:28:06,813 Yeah? 642 00:28:06,813 --> 00:28:08,930 AUDIENCE: So does each phone have its own encrypted key? 643 00:28:08,930 --> 00:28:09,763 DAVID J. MALAN: Yes. 644 00:28:09,763 --> 00:28:12,750 And every time you reset your phone it generates a new one. 645 00:28:12,750 --> 00:28:14,720 Exactly. 646 00:28:14,720 --> 00:28:16,790 So how secure is your own phone? 647 00:28:16,790 --> 00:28:18,870 So most of you probably-- well, some of you 648 00:28:18,870 --> 00:28:21,120 probably don't have any passcodes whatsoever, which 649 00:28:21,120 --> 00:28:23,850 means this whole conversation is moot. 650 00:28:23,850 --> 00:28:27,149 But if you have a four-digit passcode-- something, something, something, 651 00:28:27,149 --> 00:28:28,690 something-- how secure is your phone? 652 00:28:28,690 --> 00:28:32,400 And on iOS and I think Android by default those are typically numeric. 653 00:28:32,400 --> 00:28:36,245 So if you have a four decimal digit passcode how secure is your phone? 654 00:28:36,245 --> 00:28:37,870 How do you answer a question like that? 655 00:28:37,870 --> 00:28:38,667 AUDIENCE: Not. 656 00:28:38,667 --> 00:28:39,500 DAVID J. MALAN: Not. 657 00:28:39,500 --> 00:28:42,550 OK, let's probe a little deeper here. 658 00:28:42,550 --> 00:28:44,253 How not? 659 00:28:44,253 --> 00:28:45,128 AUDIENCE: [INAUDIBLE] 660 00:28:45,128 --> 00:28:49,449 661 00:28:49,449 --> 00:28:50,240 DAVID J. MALAN: OK. 662 00:28:50,240 --> 00:28:51,115 AUDIENCE: [INAUDIBLE] 663 00:28:51,115 --> 00:28:53,610 664 00:28:53,610 --> 00:28:54,610 DAVID J. MALAN: Exactly. 665 00:28:54,610 --> 00:28:55,110 And that's the way-- 666 00:28:55,110 --> 00:28:55,984 AUDIENCE: [INAUDIBLE] 667 00:28:55,984 --> 00:28:57,120 668 00:28:57,120 --> 00:28:58,120 DAVID J. MALAN: Perfect. 669 00:28:58,120 --> 00:29:00,661 And that's a good way of quantifying the security of a system 670 00:29:00,661 --> 00:29:03,002 is, well, how many possible keys are there? 671 00:29:03,002 --> 00:29:06,210 Because if it takes you some number of seconds or milliseconds or nanoseconds 672 00:29:06,210 --> 00:29:09,494 or whatever to try inputting one of those numbers, 673 00:29:09,494 --> 00:29:12,660 well then the security of your system is defined by the total amount of time 674 00:29:12,660 --> 00:29:15,564 it would take to input one of those times the total number of them. 675 00:29:15,564 --> 00:29:17,480 And then on average you'll get lucky and it'll 676 00:29:17,480 --> 00:29:20,563 be, like, you'll be halfway through the list when you guess someone's code 677 00:29:20,563 --> 00:29:23,370 and so it's going to be roughly equivalent to how many codes there 678 00:29:23,370 --> 00:29:24,369 were in the first place. 679 00:29:24,369 --> 00:29:26,700 So if 1, 2, 3, 4 is the length of your code 680 00:29:26,700 --> 00:29:29,890 and you have 10 possibilities-- 10, 10-- because you have 0's through 9, 681 00:29:29,890 --> 00:29:33,440 that of course is going to give you how many possibilities? 682 00:29:33,440 --> 00:29:37,818 10,000 of them, from 0 on up to 9,999. 683 00:29:37,818 --> 00:29:42,650 All right, so not very secure, but how insecure? 684 00:29:42,650 --> 00:29:44,160 Well, let's just do some quick math. 685 00:29:44,160 --> 00:29:48,290 And this would be what a computer scientist or engineer might just 686 00:29:48,290 --> 00:29:50,420 generally call a back-of-the-envelope calculation. 687 00:29:50,420 --> 00:29:53,950 Let's suppose for simplicity that just typing in a passcode that's four digits 688 00:29:53,950 --> 00:29:55,510 takes one second. 689 00:29:55,510 --> 00:29:59,870 So that means we have 10,000 seconds if I want to try all possible codes. 690 00:29:59,870 --> 00:30:02,530 And there are 60 seconds in a minute and 60 minutes 691 00:30:02,530 --> 00:30:06,700 in an hour, which means in 2.7 hours I can figure out your passcode. 692 00:30:06,700 --> 00:30:09,970 It's a little tedious and it's a boring three hours, 693 00:30:09,970 --> 00:30:13,620 but your phone is not at all secure unless what feature could we enable, 694 00:30:13,620 --> 00:30:16,510 just to be clear, as Sean proposed? 695 00:30:16,510 --> 00:30:18,940 David? 696 00:30:18,940 --> 00:30:20,680 Oh, I was thinking even simpler. 697 00:30:20,680 --> 00:30:23,420 The feature with which we started today's chat, the one 698 00:30:23,420 --> 00:30:25,940 the FBI was worried was enabled. 699 00:30:25,940 --> 00:30:26,900 AUDIENCE: The resets. 700 00:30:26,900 --> 00:30:27,820 DAVID J. MALAN: The resets, right. 701 00:30:27,820 --> 00:30:29,590 So the self-destruct after 10 attempts. 702 00:30:29,590 --> 00:30:32,550 Now, this doesn't make your phone fundamentally secure 703 00:30:32,550 --> 00:30:35,720 because the FBI or your nosy roommate could just 704 00:30:35,720 --> 00:30:40,540 get lucky and out of the 10,000 possibilities your password was 0, 0, 705 00:30:40,540 --> 00:30:41,139 0, 0. 706 00:30:41,139 --> 00:30:43,180 Or if he or she is just typing in random numbers, 707 00:30:43,180 --> 00:30:47,700 they get lucky one out of 10,000 times, or really 10 out of 10,000. 708 00:30:47,700 --> 00:30:52,360 So one out of 1,000 chances will they just guess it right 709 00:30:52,360 --> 00:30:53,670 and crack into your phone. 710 00:30:53,670 --> 00:30:56,970 So that helps us, but it really just narrows the scope of the threat 711 00:30:56,970 --> 00:30:58,762 by having 10 attempts. 712 00:30:58,762 --> 00:31:00,470 All right, so we could push back on that. 713 00:31:00,470 --> 00:31:02,303 Why don't we give the user just one attempt? 714 00:31:02,303 --> 00:31:05,630 That makes it even less likely, 10 times less likely, 715 00:31:05,630 --> 00:31:08,850 that you're going to be compromised by someone trying to guess your password. 716 00:31:08,850 --> 00:31:09,735 But-- 717 00:31:09,735 --> 00:31:11,010 AUDIENCE: Not user friendly. 718 00:31:11,010 --> 00:31:11,900 DAVID J. MALAN: What's that? 719 00:31:11,900 --> 00:31:12,640 AUDIENCE: Not user friendly. 720 00:31:12,640 --> 00:31:13,550 DAVID J. MALAN: Not user friendly. 721 00:31:13,550 --> 00:31:14,277 And, Alicia? 722 00:31:14,277 --> 00:31:15,470 AUDIENCE: You could make a mistake. 723 00:31:15,470 --> 00:31:18,010 DAVID J. MALAN: If you make the mistake, which most of us surely do, 724 00:31:18,010 --> 00:31:19,400 now you're screwed because you just deleted 725 00:31:19,400 --> 00:31:22,040 your data with even higher probability because you occasionally 726 00:31:22,040 --> 00:31:22,700 make those mistakes. 727 00:31:22,700 --> 00:31:24,510 So, again, this theme of tradeoffs here. 728 00:31:24,510 --> 00:31:26,301 All right, now realistically it's not going 729 00:31:26,301 --> 00:31:29,120 to take a second if you can automate this process, 730 00:31:29,120 --> 00:31:31,070 but about a second feels right if it's going 731 00:31:31,070 --> 00:31:32,650 to be a physical process like this. 732 00:31:32,650 --> 00:31:36,130 But suppose that you have instead a six-digit passcode. 733 00:31:36,130 --> 00:31:37,965 How many possibilities are there then? 734 00:31:37,965 --> 00:31:38,840 AUDIENCE: [INAUDIBLE] 735 00:31:38,840 --> 00:31:39,714 DAVID J. MALAN: Yeah. 736 00:31:39,714 --> 00:31:42,980 So now you're up to a million because you add two more zeros to this. 737 00:31:42,980 --> 00:31:47,760 So if we have a million and now that's one per second, for instance, 738 00:31:47,760 --> 00:31:53,290 and there's 60 seconds in a minute, 60 minutes in an hour, 739 00:31:53,290 --> 00:31:56,040 and 24 hours in a day, now it's going to take 740 00:31:56,040 --> 00:32:01,390 you 11.57 days of nonstop inputting in order to crack this password. 741 00:32:01,390 --> 00:32:03,510 So doable still, especially if you automate it 742 00:32:03,510 --> 00:32:09,630 or share the load with a friend, but also doesn't feel particularly secure. 743 00:32:09,630 --> 00:32:12,010 Feels like within 12 days your data could be compromised. 744 00:32:12,010 --> 00:32:12,870 So what's better? 745 00:32:12,870 --> 00:32:13,870 Yeah, Danny? 746 00:32:13,870 --> 00:32:16,370 AUDIENCE: I learned this the hard way, but with the iPad 747 00:32:16,370 --> 00:32:19,662 if you enter it in incorrectly a certain number of times 748 00:32:19,662 --> 00:32:21,445 it makes you wait five minutes. 749 00:32:21,445 --> 00:32:22,320 DAVID J. MALAN: Nice. 750 00:32:22,320 --> 00:32:23,653 AUDIENCE: So you can reenter it. 751 00:32:23,653 --> 00:32:27,136 And then if you screw it up again it'll say you have to wait a half an hour 752 00:32:27,136 --> 00:32:28,080 or an hour. 753 00:32:28,080 --> 00:32:29,980 And it keeps adding how long-- 754 00:32:29,980 --> 00:32:32,563 DAVID J. MALAN: How many times did you screw up your password? 755 00:32:32,563 --> 00:32:34,496 756 00:32:34,496 --> 00:32:35,620 AUDIENCE: I figured it out. 757 00:32:35,620 --> 00:32:38,310 DAVID J. MALAN: OK. 758 00:32:38,310 --> 00:32:41,860 So that's clever and that is true of a lot of systems, but why? 759 00:32:41,860 --> 00:32:44,224 That seems incredibly annoying of Apple to do that. 760 00:32:44,224 --> 00:32:45,722 AUDIENCE: Yeah. 761 00:32:45,722 --> 00:32:46,722 DAVID J. MALAN: But why? 762 00:32:46,722 --> 00:32:49,790 Why is that actually a brilliant idea, I would argue? 763 00:32:49,790 --> 00:32:50,290 Security-- 764 00:32:50,290 --> 00:32:53,290 765 00:32:53,290 --> 00:32:56,670 AUDIENCE: It increases the amount of time it requires [INAUDIBLE] 766 00:32:56,670 --> 00:33:01,901 767 00:33:01,901 --> 00:33:03,150 DAVID J. MALAN: Yeah, exactly. 768 00:33:03,150 --> 00:33:07,010 If this is like the best system you have for protecting a device, 769 00:33:07,010 --> 00:33:09,290 and a passcode isn't fundamentally horrible. 770 00:33:09,290 --> 00:33:11,620 It's just horrible if you can input them really fast 771 00:33:11,620 --> 00:33:13,090 or there's relatively few of them. 772 00:33:13,090 --> 00:33:15,980 So what if you do insert artificial delays such 773 00:33:15,980 --> 00:33:19,920 that the software after each attempt or each several attempts says, 774 00:33:19,920 --> 00:33:20,670 wait a minute. 775 00:33:20,670 --> 00:33:24,220 You seem like an adversary, not just someone who forgot his password. 776 00:33:24,220 --> 00:33:28,551 Let me let you keep doing this but only after a minute break or a five minute 777 00:33:28,551 --> 00:33:29,050 break. 778 00:33:29,050 --> 00:33:33,170 And so you generally just increase the cost to an adversary 779 00:33:33,170 --> 00:33:37,350 by delaying or slowing down his or her attempts to crack into your phone. 780 00:33:37,350 --> 00:33:39,480 Of course the price you pay, as you discovered, 781 00:33:39,480 --> 00:33:42,260 is that this too is a trade off in terms of user experience, 782 00:33:42,260 --> 00:33:45,180 in terms of the user having a scenario like you just 783 00:33:45,180 --> 00:33:46,800 forgot your passcode presumably. 784 00:33:46,800 --> 00:33:50,160 But this is a wonderful defense mechanism, this back off. 785 00:33:50,160 --> 00:33:56,040 What else could we do to increase the security of these phones? 786 00:33:56,040 --> 00:33:56,621 Yeah? 787 00:33:56,621 --> 00:33:57,120 Dan again. 788 00:33:57,120 --> 00:33:59,625 AUDIENCE: So you could allow both letters and numbers. 789 00:33:59,625 --> 00:34:00,500 DAVID J. MALAN: Yeah. 790 00:34:00,500 --> 00:34:00,999 So-- 791 00:34:00,999 --> 00:34:04,080 AUDIENCE: And that increases the number of possibilities for each. 792 00:34:04,080 --> 00:34:06,538 DAVID J. MALAN: All right, to how many do we have here now? 793 00:34:06,538 --> 00:34:08,596 AUDIENCE: Well, at 10 you'd have 37. 794 00:34:08,596 --> 00:34:09,720 DAVID J. MALAN: OK, so 30-- 795 00:34:09,720 --> 00:34:11,480 AUDIENCE: If you use just letters. 796 00:34:11,480 --> 00:34:11,860 DAVID J. MALAN: OK. 797 00:34:11,860 --> 00:34:12,409 So if we-- 798 00:34:12,409 --> 00:34:13,530 AUDIENCE: 36? 799 00:34:13,530 --> 00:34:14,405 DAVID J. MALAN: Yeah. 800 00:34:14,405 --> 00:34:17,610 So if we have letters and numbers, and we can actually ratchet this up 801 00:34:17,610 --> 00:34:19,587 even further-- 802 00:34:19,587 --> 00:34:21,420 AUDIENCE: Include, like, exclamation points. 803 00:34:21,420 --> 00:34:23,159 DAVID J. MALAN: OK, can definitely do that, but even simpler. 804 00:34:23,159 --> 00:34:24,565 You're forgetting sort of half-- 805 00:34:24,565 --> 00:34:25,440 AUDIENCE: [INAUDIBLE] 806 00:34:25,440 --> 00:34:26,314 DAVID J. MALAN: Yeah. 807 00:34:26,314 --> 00:34:28,679 If you take into account case sensitivity now 808 00:34:28,679 --> 00:34:33,790 we go from 26 plus 26 plus 10 so that's 62 possibilities for each. 809 00:34:33,790 --> 00:34:34,750 So that's more. 810 00:34:34,750 --> 00:34:41,580 So 62, 62, 62, 62, 62 possibilities for each of these characters. 811 00:34:41,580 --> 00:34:45,830 So now this is 62 to the sixth power-- 62 times 62, duh duh duh. 812 00:34:45,830 --> 00:34:49,010 And that gives us this many possible codes, 813 00:34:49,010 --> 00:34:50,510 which is definitely a bigger number. 814 00:34:50,510 --> 00:34:51,259 So let's try this. 815 00:34:51,259 --> 00:34:57,840 So 60 seconds in a minute, 60 minutes in an hour, 24 hours in a day. 816 00:34:57,840 --> 00:34:59,660 And now let's go further. 817 00:34:59,660 --> 00:35:03,450 There are 365 days in a year. 818 00:35:03,450 --> 00:35:09,340 So 1,800 years now we're up to, assuming it takes just one attempt per second. 819 00:35:09,340 --> 00:35:11,260 So now we're probably safe because we're going 820 00:35:11,260 --> 00:35:13,920 to be long dead by the time someone gets into our phone. 821 00:35:13,920 --> 00:35:15,760 So but we've raised the bar. 822 00:35:15,760 --> 00:35:19,360 And what's nice is that we haven't really changed the algorithm per se 823 00:35:19,360 --> 00:35:21,120 or the process for getting into the phone, 824 00:35:21,120 --> 00:35:23,260 we've just increased the search space, so 825 00:35:23,260 --> 00:35:26,500 to speak, by increasing the total number of possibilities here. 826 00:35:26,500 --> 00:35:30,830 All right, so then let's come back to I think Griff proposed. 827 00:35:30,830 --> 00:35:35,300 What was it then, to recap, the FBI wanted Apple to do? 828 00:35:35,300 --> 00:35:40,430 AUDIENCE: So the FBI wanted Apple to write them a software that's 829 00:35:40,430 --> 00:35:43,839 going to bypass [INAUDIBLE] 830 00:35:43,839 --> 00:35:44,880 DAVID J. MALAN: OK, good. 831 00:35:44,880 --> 00:35:48,530 So they wanted to bypass that self-destruct feature 832 00:35:48,530 --> 00:35:52,900 and they could only do this by changing the underlying operating system. 833 00:35:52,900 --> 00:35:55,794 Unfortunately-- OK, so they were hoping to do that. 834 00:35:55,794 --> 00:35:57,085 What else were they hoping for? 835 00:35:57,085 --> 00:35:59,970 836 00:35:59,970 --> 00:36:01,940 AUDIENCE: Unlimited assistance. 837 00:36:01,940 --> 00:36:02,330 DAVID J. MALAN: What's that? 838 00:36:02,330 --> 00:36:03,110 AUDIENCE: Unlimited assistance. 839 00:36:03,110 --> 00:36:04,080 DAVID J. MALAN: Unlimited assistance. 840 00:36:04,080 --> 00:36:06,246 So at the end of the day so they wanted that access. 841 00:36:06,246 --> 00:36:09,215 They also wanted the ability to electronically input the code 842 00:36:09,215 --> 00:36:11,090 so that they don't have to have an FBI agent, 843 00:36:11,090 --> 00:36:13,390 like, manually typing in all of these possible codes 844 00:36:13,390 --> 00:36:16,900 well past the previous limit potentially of 10. 845 00:36:16,900 --> 00:36:21,390 And they also wanted the ability for-- and this is more technical-- for Apple 846 00:36:21,390 --> 00:36:24,870 to side load the software into the phone so that it's only 847 00:36:24,870 --> 00:36:30,160 in RAM recall from yesterday, not on the solid state drive inside the phone. 848 00:36:30,160 --> 00:36:33,110 Because they didn't want to forensically alter 849 00:36:33,110 --> 00:36:35,247 any of the zeros and ones that were on the phone 850 00:36:35,247 --> 00:36:37,580 so that presumably in court no claim could be made that, 851 00:36:37,580 --> 00:36:40,940 well, the FBI injected this software or this evidence into the phone 852 00:36:40,940 --> 00:36:43,620 by putting it into RAM thereby not touching 853 00:36:43,620 --> 00:36:47,740 the persistent data that was apparently forensically of interest to them. 854 00:36:47,740 --> 00:36:50,620 So I forget-- let me see if I have this here. 855 00:36:50,620 --> 00:36:53,790 So just to be clear, this is more tongue in cheek than anything. 856 00:36:53,790 --> 00:36:56,160 But this is a little video on YouTube such 857 00:36:56,160 --> 00:36:58,480 that technically the FBI could also do something 858 00:36:58,480 --> 00:37:03,960 like this as opposed to inputting codes electronically as via a Thunderbolt 859 00:37:03,960 --> 00:37:04,687 cable. 860 00:37:04,687 --> 00:37:05,186 Whoops. 861 00:37:05,186 --> 00:37:07,960 862 00:37:07,960 --> 00:37:09,510 This apparently is a thing. 863 00:37:09,510 --> 00:37:12,182 864 00:37:12,182 --> 00:37:14,390 And you can actually see in the top right-hand corner 865 00:37:14,390 --> 00:37:15,980 looks like an Android phone. 866 00:37:15,980 --> 00:37:17,980 So that's how you might brute force an Android 867 00:37:17,980 --> 00:37:20,821 phone if you have at least a short code and 12 days 868 00:37:20,821 --> 00:37:22,570 to spare with a device like that, but they 869 00:37:22,570 --> 00:37:26,360 wanted to avoid that kind of silliness, for instance. 870 00:37:26,360 --> 00:37:32,840 So what did they-- OK, so all of this, at the end of the day 871 00:37:32,840 --> 00:37:35,730 Apple ended up not obliging and supposedly the FBI 872 00:37:35,730 --> 00:37:39,100 was able to have someone else, a security firm supposedly, get 873 00:37:39,100 --> 00:37:43,180 into the phone without going through this whole process. 874 00:37:43,180 --> 00:37:45,670 So at the end it was sort of an anticlimactic ending 875 00:37:45,670 --> 00:37:49,495 and it was about to be an incredibly frightening legal case potentially as 876 00:37:49,495 --> 00:37:52,370 to the degree to which companies could be coerced to actually helping 877 00:37:52,370 --> 00:37:53,890 the FBI in cases like this. 878 00:37:53,890 --> 00:37:56,590 But this whole fiasco was also in part the result 879 00:37:56,590 --> 00:37:58,830 of a lack of feature in the iPhone, which 880 00:37:58,830 --> 00:38:01,310 is that in theory they could have installed 881 00:38:01,310 --> 00:38:03,160 the software into the first place. 882 00:38:03,160 --> 00:38:06,190 This was arguably a bit of an Achilles heel in the design of the iPhone 883 00:38:06,190 --> 00:38:09,070 version 9.2 or whatever they were up to at that point 884 00:38:09,070 --> 00:38:12,270 whereby it seems to be completely beside the point 885 00:38:12,270 --> 00:38:15,520 if your adversary-- in this case, the FBI in some sense-- 886 00:38:15,520 --> 00:38:20,610 is able to just install new software onto your phone thereby circumventing 887 00:38:20,610 --> 00:38:23,010 the very protections built into the phone. 888 00:38:23,010 --> 00:38:25,990 So this was a flaw, arguably, from a security perspective, 889 00:38:25,990 --> 00:38:29,310 and I believe it's already been fixed-- "fixed"-- 890 00:38:29,310 --> 00:38:33,760 such that now to upgrade the software on your phone, on an iPhone, 891 00:38:33,760 --> 00:38:36,860 you have to-- guess what-- input your passcode now. 892 00:38:36,860 --> 00:38:38,310 And that was the catch before. 893 00:38:38,310 --> 00:38:42,480 Supposedly the upgrade process for updating the iOS software on a phone 894 00:38:42,480 --> 00:38:45,630 up until recently did not require you to input your password necessarily 895 00:38:45,630 --> 00:38:46,737 to update the software. 896 00:38:46,737 --> 00:38:49,820 And I do believe as of the last time I updated my own phone and I noticed, 897 00:38:49,820 --> 00:38:52,590 oh, I don't remember being asked for my passcode before, 898 00:38:52,590 --> 00:38:54,780 and that seems to be a side effect of this. 899 00:38:54,780 --> 00:38:57,940 So it's a fascinating sort of cat and mouse game where in this case, 900 00:38:57,940 --> 00:39:00,530 you know, the FBI were trying to do a good thing, 901 00:39:00,530 --> 00:39:03,530 but from a security perspective they were in this scenario the adversary 902 00:39:03,530 --> 00:39:06,850 in some sense insofar as they were trying to get into a phone and Apple 903 00:39:06,850 --> 00:39:12,020 either hadn't anticipated or hadn't worried about or just hadn't bothered 904 00:39:12,020 --> 00:39:16,640 to implement this particular additional defence mechanism. 905 00:39:16,640 --> 00:39:20,080 So questions about the scenario or what happened 906 00:39:20,080 --> 00:39:24,760 or how it ultimately played out? 907 00:39:24,760 --> 00:39:25,260 Yeah. 908 00:39:25,260 --> 00:39:28,288 AUDIENCE: Was there any way to see where people typically 909 00:39:28,288 --> 00:39:32,520 touch on their phone to see what their passcode is? [INAUDIBLE] 910 00:39:32,520 --> 00:39:34,520 DAVID J. MALAN: Oh, you know, I'm sure there is. 911 00:39:34,520 --> 00:39:37,725 I feel like I've seen movies certainly where this is-- you sort of go-- 912 00:39:37,725 --> 00:39:38,350 AUDIENCE: Yeah. 913 00:39:38,350 --> 00:39:40,360 DAVID J. MALAN: And then you see their passcode. 914 00:39:40,360 --> 00:39:42,770 I do think there's something to that. 915 00:39:42,770 --> 00:39:46,630 Certainly on physical devices you see wear on, like, old school alarm panels 916 00:39:46,630 --> 00:39:47,130 where you-- 917 00:39:47,130 --> 00:39:51,630 AUDIENCE: Even on laptops, like, they're touching the same [INAUDIBLE] some wear 918 00:39:51,630 --> 00:39:52,455 [INAUDIBLE]. 919 00:39:52,455 --> 00:39:53,330 DAVID J. MALAN: Yeah. 920 00:39:53,330 --> 00:39:57,310 I'd have to Google around to see the sort of tales that I've read. 921 00:39:57,310 --> 00:39:58,812 But I'm sure this is possible. 922 00:39:58,812 --> 00:40:02,020 I mean, even you can glean which keys are used the most, which is information 923 00:40:02,020 --> 00:40:03,670 because it narrows your search space. 924 00:40:03,670 --> 00:40:07,450 And I do think I've even seen some article where-- 925 00:40:07,450 --> 00:40:10,180 it was something more clever than just filming someone's hands. 926 00:40:10,180 --> 00:40:11,054 I'd have to remember. 927 00:40:11,054 --> 00:40:13,050 But, I mean, yes I'm sure this is possible. 928 00:40:13,050 --> 00:40:15,550 And even on glass you're going to leave some kind of oily residue 929 00:40:15,550 --> 00:40:17,883 presumably if you're touching the same place repeatedly. 930 00:40:17,883 --> 00:40:21,630 So these two are fairly sophisticated attacks that most typical adversaries 931 00:40:21,630 --> 00:40:23,550 aren't going to wage, but absolutely. 932 00:40:23,550 --> 00:40:27,590 There's such things as that I would imagine possible. 933 00:40:27,590 --> 00:40:31,480 All right, so let's transition for a moment to a slightly 934 00:40:31,480 --> 00:40:38,392 deeper dive into encryption itself and how it might otherwise be implemented. 935 00:40:38,392 --> 00:40:41,100 Because this whole Caesar cipher thing, or the rotational cipher, 936 00:40:41,100 --> 00:40:44,100 and this whole idea of a secret key seems fundamentally flawed. 937 00:40:44,100 --> 00:40:48,790 For instance, Felicia, if I wanted to send you a secret message in this room 938 00:40:48,790 --> 00:40:52,800 by passing you a note that, sort of like grade school style, 939 00:40:52,800 --> 00:41:00,480 that only you and I can read and write and understand, how could we do it? 940 00:41:00,480 --> 00:41:03,120 How can I write on a piece of paper a note 941 00:41:03,120 --> 00:41:06,440 and somehow encrypt it and send it to Felicia so that if any of you 942 00:41:06,440 --> 00:41:09,410 intercept it-- like I did for David's packet yesterday-- 943 00:41:09,410 --> 00:41:12,830 it's not at risk for being figured out? 944 00:41:12,830 --> 00:41:13,467 Avi. 945 00:41:13,467 --> 00:41:14,342 AUDIENCE: [INAUDIBLE] 946 00:41:14,342 --> 00:41:18,825 947 00:41:18,825 --> 00:41:19,700 DAVID J. MALAN: Yeah. 948 00:41:19,700 --> 00:41:21,900 Which is kind of a catch-22, right? 949 00:41:21,900 --> 00:41:26,280 Because in this context I could say, you know, walk over here, password is 13, 950 00:41:26,280 --> 00:41:26,780 right? 951 00:41:26,780 --> 00:41:29,719 And assuming only she could hear that, that would work. 952 00:41:29,719 --> 00:41:32,260 But this is also kind of stupid because if I have the ability 953 00:41:32,260 --> 00:41:34,360 to secretly communicate to her the password 954 00:41:34,360 --> 00:41:37,070 I might as well just hand her the note physically at that point. 955 00:41:37,070 --> 00:41:38,861 So there's this chicken and the egg problem 956 00:41:38,861 --> 00:41:42,720 whereby we can't communicate securely unless we can first communicate 957 00:41:42,720 --> 00:41:46,920 securely in order to exchange that one piece of secret information, 958 00:41:46,920 --> 00:41:51,550 whether it's the number 1, 13, 12345, or something even more sophisticated 959 00:41:51,550 --> 00:41:52,400 still. 960 00:41:52,400 --> 00:41:53,637 So how do we address this? 961 00:41:53,637 --> 00:41:55,970 Well, it turns out that this is an example in the middle 962 00:41:55,970 --> 00:41:59,570 here, RSA, of what's called a public key cryptosystem. 963 00:41:59,570 --> 00:42:03,020 The first two and the Caesar and Vigenere cipher we were just discussing 964 00:42:03,020 --> 00:42:05,430 are generally called secret key cryptosystems 965 00:42:05,430 --> 00:42:08,800 whereby there truly is one and only one secret and both parties, A and B, 966 00:42:08,800 --> 00:42:12,070 have to know it in advance in order for the whole system to work. 967 00:42:12,070 --> 00:42:15,040 But this of course is problematic, especially in the world of the web 968 00:42:15,040 --> 00:42:17,210 because, like, I don't know anyone personally 969 00:42:17,210 --> 00:42:21,380 at Amazon.com with whom I can exchange a secret so that I can buy something 970 00:42:21,380 --> 00:42:23,040 on their website and check out. 971 00:42:23,040 --> 00:42:25,500 I don't know anyone at Facebook necessarily 972 00:42:25,500 --> 00:42:29,500 that I can establish a secret with so that when I log into Facebook 973 00:42:29,500 --> 00:42:33,530 my password is encrypted between my laptop and their servers, right? 974 00:42:33,530 --> 00:42:37,160 Just the world wouldn't work if this were a prerequisite. 975 00:42:37,160 --> 00:42:42,340 So it turns out that in public key cryptosystems you have two keys, 976 00:42:42,340 --> 00:42:46,770 not a secret key per se, but a public and a private key, as it's called. 977 00:42:46,770 --> 00:42:49,124 And they're sort of semantically the same idea, 978 00:42:49,124 --> 00:42:51,040 but they're mathematically a little different. 979 00:42:51,040 --> 00:42:55,010 Turns out that with algorithms like RSA and Diffie Hellman 980 00:42:55,010 --> 00:42:59,030 and bunches of others you have two numbers that 981 00:42:59,030 --> 00:43:02,180 have some kind of mathematical relationship between them such 982 00:43:02,180 --> 00:43:05,010 that you can give out your public key. 983 00:43:05,010 --> 00:43:07,340 And Felicia should give me her public key. 984 00:43:07,340 --> 00:43:10,060 I could then use her public key to encrypt 985 00:43:10,060 --> 00:43:14,370 a message using some kind of system similar in spirit to what we've 986 00:43:14,370 --> 00:43:17,020 discussed then send her that message. 987 00:43:17,020 --> 00:43:19,372 Even if David or someone else in the room intercepts it, 988 00:43:19,372 --> 00:43:21,580 presumably he's not going to be able to understand it 989 00:43:21,580 --> 00:43:25,080 because what he doesn't have is Felicia's private key, 990 00:43:25,080 --> 00:43:29,340 presumably, with which there's this reversible relationship 991 00:43:29,340 --> 00:43:30,590 to the public key. 992 00:43:30,590 --> 00:43:35,710 So only Felicia's private key can undo the effects of her public key, 993 00:43:35,710 --> 00:43:40,190 and so long as she keeps her private key private and tells no one, including me, 994 00:43:40,190 --> 00:43:42,950 the whole system rather works. 995 00:43:42,950 --> 00:43:44,920 And so technically it's not a public key, 996 00:43:44,920 --> 00:43:46,640 private key she and I would usually use. 997 00:43:46,640 --> 00:43:48,720 Those tend to be fairly computationally expensive 998 00:43:48,720 --> 00:43:51,990 relative to the secret key encryption techniques we discussed earlier. 999 00:43:51,990 --> 00:43:54,960 So instead what we would do is use our public keys 1000 00:43:54,960 --> 00:43:57,770 to establish a shared secret key. 1001 00:43:57,770 --> 00:44:01,340 So I would use her public key and I would encrypt the message 13, 1002 00:44:01,340 --> 00:44:03,590 for instance, if that's the secret key we want to use. 1003 00:44:03,590 --> 00:44:06,490 She uses her private key to decrypt that message. 1004 00:44:06,490 --> 00:44:09,570 She says, oh, David wants to talk to me using the secret key 13, 1005 00:44:09,570 --> 00:44:12,850 and then we can use something simpler like the Caesar cipher or something 1006 00:44:12,850 --> 00:44:16,860 else but hopefully with a bigger key or fancier algorithm than that. 1007 00:44:16,860 --> 00:44:19,720 So this allows us to address the chicken and the egg problem 1008 00:44:19,720 --> 00:44:23,680 but you want to know whom you're talking to. 1009 00:44:23,680 --> 00:44:27,150 So I want to be confident that I'm talking to, like, Felcia.com, 1010 00:44:27,150 --> 00:44:29,150 so to speak, and she wants to be confident she's 1011 00:44:29,150 --> 00:44:31,810 talking to David.com or whatnot. 1012 00:44:31,810 --> 00:44:36,270 And so to do this, this is where those whole SSL certificates come into play 1013 00:44:36,270 --> 00:44:37,640 that we discussed yesterday. 1014 00:44:37,640 --> 00:44:43,510 She can pay someone else, you know, $50 a year or $300 a year, 1015 00:44:43,510 --> 00:44:48,040 give that certificate authority, so to speak-- her name and mailing 1016 00:44:48,040 --> 00:44:49,040 address and all of this. 1017 00:44:49,040 --> 00:44:53,270 And they will then give her a stamp of approval, a digital signature, 1018 00:44:53,270 --> 00:44:56,420 so to speak, on her public key essentially 1019 00:44:56,420 --> 00:45:00,480 that allows me to trust that if I trust this third party called Verisign 1020 00:45:00,480 --> 00:45:04,300 or Namecheap or GoDaddy or any number of third party companies, 1021 00:45:04,300 --> 00:45:07,370 I, by transitivity, should be able to trust Felicia 1022 00:45:07,370 --> 00:45:09,231 as well because they vouched for folks. 1023 00:45:09,231 --> 00:45:12,230 And actually we were into an interesting corner case with David's laptop 1024 00:45:12,230 --> 00:45:14,800 yesterday where as best we could tell he wasn't 1025 00:45:14,800 --> 00:45:19,700 able to use Cloud 9 which uses HDPS and CS50 IDE because presumably 1026 00:45:19,700 --> 00:45:22,810 this government laptop didn't necessarily-- as best I can tell-- 1027 00:45:22,810 --> 00:45:29,750 trust the certificate authority who signed the keys that are being used 1028 00:45:29,750 --> 00:45:34,090 by Cloud 9 and also by Harvard's site I think and probably several others. 1029 00:45:34,090 --> 00:45:37,380 And that's probably because the sysadmins, the system administrators, 1030 00:45:37,380 --> 00:45:39,747 remove certain keys to limits the access. 1031 00:45:39,747 --> 00:45:42,330 Because, indeed, there have been cases out there where there's 1032 00:45:42,330 --> 00:45:47,086 sort of fly by night operations that are verified certificate authorities 1033 00:45:47,086 --> 00:45:49,460 but they're really not doing any due diligence whatsoever 1034 00:45:49,460 --> 00:45:53,110 and so illicit or, rather, untrustworthy websites 1035 00:45:53,110 --> 00:45:55,630 have also been able to enable this kind of feature. 1036 00:45:55,630 --> 00:45:56,130 Felicia? 1037 00:45:56,130 --> 00:46:00,304 AUDIENCE: [INAUDIBLE] RSA SecurID [INAUDIBLE] 1038 00:46:00,304 --> 00:46:02,220 DAVID J. MALAN: No, that's a little different. 1039 00:46:02,220 --> 00:46:06,520 So RSA is also the name of the company and it's also the initials 1040 00:46:06,520 --> 00:46:08,390 of the founders of the company. 1041 00:46:08,390 --> 00:46:11,400 So it has a lot of different meanings and different contexts. 1042 00:46:11,400 --> 00:46:14,690 RSA SecurID, which is increasingly common, 1043 00:46:14,690 --> 00:46:20,840 is an example of something called two-factor authentication, which 1044 00:46:20,840 --> 00:46:25,010 is actually a good transition to a more general topic of security 1045 00:46:25,010 --> 00:46:28,110 of your own data, from which we can now transition into Dropbox as well. 1046 00:46:28,110 --> 00:46:31,310 So most of us for most services use one-factor authentication. 1047 00:46:31,310 --> 00:46:34,090 When you log into a website with a username and password, 1048 00:46:34,090 --> 00:46:35,390 the username is uninteresting. 1049 00:46:35,390 --> 00:46:37,930 It might as well be public by definition. 1050 00:46:37,930 --> 00:46:41,760 But the password is meant to be secret and that is your one factor 1051 00:46:41,760 --> 00:46:44,380 that only you, hopefully, know. 1052 00:46:44,380 --> 00:46:48,530 Unfortunately, passwords are not all that great of a defense mechanism. 1053 00:46:48,530 --> 00:46:51,100 Why? 1054 00:46:51,100 --> 00:46:53,749 They're not all that secure. 1055 00:46:53,749 --> 00:46:55,200 AUDIENCE: Get stolen? 1056 00:46:55,200 --> 00:46:56,884 DAVID J. MALAN: Get stolen how? 1057 00:46:56,884 --> 00:46:57,800 AUDIENCE: Phishing 1058 00:46:57,800 --> 00:46:59,450 DAVID J. MALAN: Phishing attacks like we discussed yesterday. 1059 00:46:59,450 --> 00:47:01,360 Copying Bank of America's site and duping me 1060 00:47:01,360 --> 00:47:03,410 into typing it into some bad guy's website. 1061 00:47:03,410 --> 00:47:03,910 Sure. 1062 00:47:03,910 --> 00:47:04,530 How else? 1063 00:47:04,530 --> 00:47:05,700 AUDIENCE: [INAUDIBLE] 1064 00:47:05,700 --> 00:47:07,300 DAVID J. MALAN: Looking at someone's keyboard, I would argue, 1065 00:47:07,300 --> 00:47:09,290 or whatever sort of sticky residue they've left 1066 00:47:09,290 --> 00:47:10,790 on their-- the oils from their fingers. 1067 00:47:10,790 --> 00:47:13,498 We could figure out with some probability what their password is. 1068 00:47:13,498 --> 00:47:15,012 Not secure for that reason. 1069 00:47:15,012 --> 00:47:17,855 AUDIENCE: [INAUDIBLE] hard to remember a long password. 1070 00:47:17,855 --> 00:47:18,730 DAVID J. MALAN: Yeah. 1071 00:47:18,730 --> 00:47:20,938 Most of us probably have pretty bad passwords, right, 1072 00:47:20,938 --> 00:47:24,480 because they're hard to remember so we choose easier passwords. 1073 00:47:24,480 --> 00:47:28,070 And even if-- this is often kind of a scary revelation. 1074 00:47:28,070 --> 00:47:33,440 Even if you think you're being clever by let's say you're-- the first "i" 1075 00:47:33,440 --> 00:47:35,060 word that came to mind was "igloo." 1076 00:47:35,060 --> 00:47:39,890 Suppose you're being clever by using a 1 for the i 1077 00:47:39,890 --> 00:47:46,040 and maybe you're being triply clever by using zeros for the o's, well, 1078 00:47:46,040 --> 00:47:48,900 guess who else knows those heuristics? 1079 00:47:48,900 --> 00:47:50,690 Like all of the bad guys, right? 1080 00:47:50,690 --> 00:47:52,980 So even if you're being clever like this, 1081 00:47:52,980 --> 00:47:57,050 you are increasing the cost to that bad guy to figuring out your password 1082 00:47:57,050 --> 00:48:00,820 because now instead of checking all the letters of the alphabet-- all 26 or 52 1083 00:48:00,820 --> 00:48:04,610 of them, uppercase and lowercase-- now he or she has to try numbers as well, 1084 00:48:04,610 --> 00:48:06,720 increasing by a factor of 10 the total number 1085 00:48:06,720 --> 00:48:08,920 of possibilities here for each of these characters. 1086 00:48:08,920 --> 00:48:13,354 But even still, with enough savvy and computational cycles, computing cycles, 1087 00:48:13,354 --> 00:48:15,270 he or she could certainly figure this out too. 1088 00:48:15,270 --> 00:48:16,360 So not clever. 1089 00:48:16,360 --> 00:48:20,430 Better would be to use a password that doesn't look like this but is 1090 00:48:20,430 --> 00:48:31,690 gol17$_'a-- that's not an a-- gAB. 1091 00:48:31,690 --> 00:48:35,150 And I'm just truly making this up randomly somehow, 1092 00:48:35,150 --> 00:48:37,340 but I will never remember what this password is. 1093 00:48:37,340 --> 00:48:40,460 Or if I do and then I go on, like, holiday for a week or two 1094 00:48:40,460 --> 00:48:43,640 and come home perhaps as in Danny's scenario with the iPad, like, 1095 00:48:43,640 --> 00:48:46,180 I'm not going to remember within some amount of time 1096 00:48:46,180 --> 00:48:48,220 what that very clever password was. 1097 00:48:48,220 --> 00:48:51,580 So there's this tension then between keeping your system secure 1098 00:48:51,580 --> 00:48:54,587 but keeping them accessible because the more secure you make it, 1099 00:48:54,587 --> 00:48:56,420 the higher the probability it is that you're 1100 00:48:56,420 --> 00:49:00,530 going to lose access to the very data or services that you're trying to protect. 1101 00:49:00,530 --> 00:49:05,070 So in this case, passwords aren't all that great 1102 00:49:05,070 --> 00:49:08,300 and they can also be stolen, which is sort of like salt in the wound. 1103 00:49:08,300 --> 00:49:12,012 So this is if you have one factor, a password that only you know. 1104 00:49:12,012 --> 00:49:14,380 And, Felicia, can you then hypothesize what 1105 00:49:14,380 --> 00:49:18,580 the formal definition of two-factor authentication must be 1106 00:49:18,580 --> 00:49:20,516 and why it's better? 1107 00:49:20,516 --> 00:49:23,137 AUDIENCE: Does it verify on the other side who that person is? 1108 00:49:23,137 --> 00:49:25,970 DAVID J. MALAN: Does it verify on the other side who that person is? 1109 00:49:25,970 --> 00:49:26,740 In some sense. 1110 00:49:26,740 --> 00:49:28,600 AUDIENCE: [INAUDIBLE] that information. 1111 00:49:28,600 --> 00:49:29,850 DAVID J. MALAN: In some sense. 1112 00:49:29,850 --> 00:49:33,430 Can you elaborate for those unfamiliar, what is this RSA SecurID? 1113 00:49:33,430 --> 00:49:35,167 AUDIENCE: So I log into my [INAUDIBLE] 1114 00:49:35,167 --> 00:49:36,000 DAVID J. MALAN: Yep. 1115 00:49:36,000 --> 00:49:38,840 AUDIENCE: [INAUDIBLE] gives me a key. 1116 00:49:38,840 --> 00:49:42,664 So when I log in it not only verifies my username, password [INAUDIBLE] 1117 00:49:42,664 --> 00:49:45,150 but it's another security. 1118 00:49:45,150 --> 00:49:46,150 DAVID J. MALAN: Exactly. 1119 00:49:46,150 --> 00:49:49,780 So you're asked for both a password and then some number. 1120 00:49:49,780 --> 00:49:52,570 And the earlier incarnation of this used to be 1121 00:49:52,570 --> 00:49:56,930 RSA key fob-- some people might still carry these-- that looked like this. 1122 00:49:56,930 --> 00:49:59,450 And it's a clever idea and it kind of predates everyone 1123 00:49:59,450 --> 00:50:01,620 having phones in their pockets. 1124 00:50:01,620 --> 00:50:04,805 This is a number that changes every second, every minute or so, 1125 00:50:04,805 --> 00:50:07,430 and the idea is that Felicia in addition to typing her username 1126 00:50:07,430 --> 00:50:10,090 and password also has to type in whatever the current number is 1127 00:50:10,090 --> 00:50:13,600 on this key fob that's on her key chain in her pocket. 1128 00:50:13,600 --> 00:50:16,350 So this is a second factor, but it's fundamentally 1129 00:50:16,350 --> 00:50:19,900 different from her password in what sense? 1130 00:50:19,900 --> 00:50:23,706 It's not just the second password, which would be still one factor. 1131 00:50:23,706 --> 00:50:24,580 AUDIENCE: It changes. 1132 00:50:24,580 --> 00:50:27,110 DAVID J. MALAN: It changes, which is compelling, 1133 00:50:27,110 --> 00:50:30,570 but that, too, isn't what fundamentally distinguishes it, I would argue. 1134 00:50:30,570 --> 00:50:31,570 AUDIENCE: It's physical. 1135 00:50:31,570 --> 00:50:32,819 DAVID J. MALAN: It's physical. 1136 00:50:32,819 --> 00:50:33,479 It's physical. 1137 00:50:33,479 --> 00:50:35,270 Well, it's actually not random otherwise it 1138 00:50:35,270 --> 00:50:37,730 would be problematic to have it on her key chain 1139 00:50:37,730 --> 00:50:39,910 and then somehow synchronize with the server. 1140 00:50:39,910 --> 00:50:43,287 So there is a pattern that it follows in some sense, but it's physical. 1141 00:50:43,287 --> 00:50:45,370 So whereas the first factor is generally something 1142 00:50:45,370 --> 00:50:49,250 you know and have sort of up here but that can be extracted or somehow stolen 1143 00:50:49,250 --> 00:50:54,429 if you type it in or have it logged somehow, 1144 00:50:54,429 --> 00:50:56,220 the second factor needs to be fundamentally 1145 00:50:56,220 --> 00:50:59,260 different which needs to be, in this case, something you have. 1146 00:50:59,260 --> 00:51:02,420 So now given that Felicia is protecting her account with these two factors, 1147 00:51:02,420 --> 00:51:04,600 not only-- I could probably pretty easily figure out 1148 00:51:04,600 --> 00:51:06,810 her password looking over her shoulder or tricking her 1149 00:51:06,810 --> 00:51:08,518 into a phishing attack or the like, but I 1150 00:51:08,518 --> 00:51:12,360 have to have physical access to her now to thread her security further 1151 00:51:12,360 --> 00:51:14,420 because now I need that key fob. 1152 00:51:14,420 --> 00:51:16,340 And unless I have physical access to that, 1153 00:51:16,340 --> 00:51:19,420 I'm not going to know what that six-digit code is at any given time. 1154 00:51:19,420 --> 00:51:22,870 And what happens is when these devices first shipped from the factory, 1155 00:51:22,870 --> 00:51:25,370 essentially they're synchronized with some piece of software 1156 00:51:25,370 --> 00:51:28,960 or some kind of initialization routine on a server 1157 00:51:28,960 --> 00:51:35,420 so that Felicia's company knows that this is 159759 at this moment in time. 1158 00:51:35,420 --> 00:51:37,830 But then a minute later both the server's 1159 00:51:37,830 --> 00:51:41,320 understanding of that number and her own key fob device change, 1160 00:51:41,320 --> 00:51:43,660 and sometimes they can drift out of sync because clocks 1161 00:51:43,660 --> 00:51:45,060 will be ever so slightly askew. 1162 00:51:45,060 --> 00:51:48,450 So every time you log in, which is probably once a day or once a week 1163 00:51:48,450 --> 00:51:51,260 or what not, the clocks will resync as a result. 1164 00:51:51,260 --> 00:51:53,820 But if you've ever carried this thing and you haven't used it 1165 00:51:53,820 --> 00:51:56,830 for weeks on end or maybe even a year, it might very well not 1166 00:51:56,830 --> 00:51:58,940 work after some time because it will drift 1167 00:51:58,940 --> 00:52:01,900 or it will be forcibly expired for lack of use. 1168 00:52:01,900 --> 00:52:03,860 AUDIENCE: [INAUDIBLE] the Internet? 1169 00:52:03,860 --> 00:52:04,510 DAVID J. MALAN: These are-- no. 1170 00:52:04,510 --> 00:52:04,770 No. 1171 00:52:04,770 --> 00:52:05,510 These are just-- 1172 00:52:05,510 --> 00:52:07,060 AUDIENCE: [INAUDIBLE] 1173 00:52:07,060 --> 00:52:09,560 DAVID J. MALAN: The server syncs with this device. 1174 00:52:09,560 --> 00:52:12,500 So if it starts to drift out of date slightly, 1175 00:52:12,500 --> 00:52:15,450 Felicia's server knows, oh, wait a minute, I just saw that number. 1176 00:52:15,450 --> 00:52:17,490 I was expecting to see it a few seconds ago. 1177 00:52:17,490 --> 00:52:20,335 Let me just update my own clock relative to that device. 1178 00:52:20,335 --> 00:52:22,460 So nowadays most people don't bother carrying these 1179 00:52:22,460 --> 00:52:23,980 because we all carry these. 1180 00:52:23,980 --> 00:52:25,920 And so now you have software versions of this, 1181 00:52:25,920 --> 00:52:28,320 and Google offers this, lots of banks offer this. 1182 00:52:28,320 --> 00:52:30,320 And even if you don't have a special application 1183 00:52:30,320 --> 00:52:33,361 you can certainly just receive a text message, which is super compelling. 1184 00:52:33,361 --> 00:52:35,540 And so, personally speaking, after this week 1185 00:52:35,540 --> 00:52:37,550 if you go back home and take nothing else away 1186 00:52:37,550 --> 00:52:41,900 security-wise besides choosing better passwords, for instance, 1187 00:52:41,900 --> 00:52:44,590 also start to look for companies, especially banks, that 1188 00:52:44,590 --> 00:52:46,740 offer two-factor authentication. 1189 00:52:46,740 --> 00:52:48,840 Most of us probably don't care all that much 1190 00:52:48,840 --> 00:52:53,640 if our Peapod.com account is compromised or some silly website, for instance, 1191 00:52:53,640 --> 00:52:56,520 that you occasionally log into, but bank accounts are more important, 1192 00:52:56,520 --> 00:52:59,820 maybe your email is more important or any number of other such accounts. 1193 00:52:59,820 --> 00:53:02,880 And unfortunately relatively few vendors offer these services, 1194 00:53:02,880 --> 00:53:06,375 but Gmail does and certain banks do now, certain brokerage houses. 1195 00:53:06,375 --> 00:53:09,250 And so that's when you want to really raise the bar to the adversary. 1196 00:53:09,250 --> 00:53:11,969 Of course, there's a price paid, so to speak. 1197 00:53:11,969 --> 00:53:14,760 I mean, sometimes they might charge you for this but generally not. 1198 00:53:14,760 --> 00:53:18,700 What, Felicia, what other price do you pay, so to speak? 1199 00:53:18,700 --> 00:53:19,350 AUDIENCE: Time. 1200 00:53:19,350 --> 00:53:20,150 DAVID J. MALAN: Time, right? 1201 00:53:20,150 --> 00:53:22,233 You have to, like, fish around for the damn thing. 1202 00:53:22,233 --> 00:53:27,610 And there's corner cases like, you know, what can go wrong with this? 1203 00:53:27,610 --> 00:53:31,527 Battery dies or you're in the basement somewhere on campus or at home 1204 00:53:31,527 --> 00:53:34,360 and you just don't have reception so you can't get the text message, 1205 00:53:34,360 --> 00:53:36,110 so now to log in you have to walk outside, 1206 00:53:36,110 --> 00:53:38,469 walk upstairs, get the message, now go back downstairs, 1207 00:53:38,469 --> 00:53:40,760 and you only have a few seconds to actually type it in. 1208 00:53:40,760 --> 00:53:42,843 So there's some annoying corner cases but at least 1209 00:53:42,843 --> 00:53:46,654 you don't have to figure out how to buy or carry around something like this. 1210 00:53:46,654 --> 00:53:49,070 AUDIENCE: I thought, like, a few years ago this got hacked 1211 00:53:49,070 --> 00:53:51,977 and it was a big scandal because it was supposed to be unhackable. 1212 00:53:51,977 --> 00:53:53,560 DAVID J. MALAN: Yeah, they took a hit. 1213 00:53:53,560 --> 00:53:55,270 I forget the particulars of this. 1214 00:53:55,270 --> 00:53:58,359 But somehow I think the keys on their server, 1215 00:53:58,359 --> 00:54:00,900 so to speak, that they were using to keep things synchronized 1216 00:54:00,900 --> 00:54:02,830 were compromised, and via that information 1217 00:54:02,830 --> 00:54:05,600 you could figure out what someone's code was. 1218 00:54:05,600 --> 00:54:09,990 I'm guessing they had to reissue or change some aspect of it. 1219 00:54:09,990 --> 00:54:13,930 But, yeah, that was scandal because this was the product. 1220 00:54:13,930 --> 00:54:15,610 Like, that is not supposed to happen. 1221 00:54:15,610 --> 00:54:17,120 But you've got to trust someone. 1222 00:54:17,120 --> 00:54:20,560 And so in fact behind most of these topics 1223 00:54:20,560 --> 00:54:23,801 today is you have to trust someone at the end of the day. 1224 00:54:23,801 --> 00:54:26,050 You just want to ideally minimize the number of people 1225 00:54:26,050 --> 00:54:30,000 that you're actually having that trust with. 1226 00:54:30,000 --> 00:54:33,160 All right, so speaking of trust-- oh, yes. 1227 00:54:33,160 --> 00:54:34,013 Sal? 1228 00:54:34,013 --> 00:54:37,039 AUDIENCE: What do you think about cloud-based password managers? 1229 00:54:37,039 --> 00:54:37,830 DAVID J. MALAN: Ah. 1230 00:54:37,830 --> 00:54:38,560 Good question. 1231 00:54:38,560 --> 00:54:41,110 What do I think about cloud-based password managers? 1232 00:54:41,110 --> 00:54:45,490 They are probably better than not using any password manager 1233 00:54:45,490 --> 00:54:48,050 because if the result is that, understandably, you 1234 00:54:48,050 --> 00:54:52,470 have very easy passwords like 12345 or welcome or 1gloo with a 1, 1235 00:54:52,470 --> 00:54:58,431 then you're probably gaining on net from using a cloud-based service. 1236 00:54:58,431 --> 00:55:00,680 The problem with cloud-based password managers-- these 1237 00:55:00,680 --> 00:55:02,790 are pieces of software for which you generally 1238 00:55:02,790 --> 00:55:05,080 have one hard to guess password. 1239 00:55:05,080 --> 00:55:09,390 So you have to sort of bite your tongue and just choose a really hard password 1240 00:55:09,390 --> 00:55:11,060 for just one of your accounts. 1241 00:55:11,060 --> 00:55:13,230 And then use that one super hard password 1242 00:55:13,230 --> 00:55:16,230 to protect all of your other accounts by encrypting them essentially. 1243 00:55:16,230 --> 00:55:20,210 The problem with cloud-based services is to get those passwords 1244 00:55:20,210 --> 00:55:23,050 or access to them you're probably going to, like, LastPass.com 1245 00:55:23,050 --> 00:55:28,010 or whatever the service is and you are typing in your super secret password, 1246 00:55:28,010 --> 00:55:30,730 hitting Enter, and then copying and pasting 1247 00:55:30,730 --> 00:55:33,290 whatever your other passwords are. 1248 00:55:33,290 --> 00:55:35,140 There are some threats here though. 1249 00:55:35,140 --> 00:55:36,320 What's one such threat? 1250 00:55:36,320 --> 00:55:40,487 1251 00:55:40,487 --> 00:55:42,340 AUDIENCE: Somebody could hack your computer. 1252 00:55:42,340 --> 00:55:44,381 DAVID J. MALAN: Someone could hack your computer. 1253 00:55:44,381 --> 00:55:47,860 Like I personally would never do that on, like, a friend's computer 1254 00:55:47,860 --> 00:55:50,590 or a lab computer or a computer I don't physically 1255 00:55:50,590 --> 00:55:53,799 own and keep in my possession because it's just too possible 1256 00:55:53,799 --> 00:55:56,715 for there to be what's called a keystroke logger on the computer where 1257 00:55:56,715 --> 00:55:58,680 it's just logging all of the keystrokes. 1258 00:55:58,680 --> 00:56:01,570 Now, if Last Pass or the equivalent has two-factor 1259 00:56:01,570 --> 00:56:03,840 I'd be more comfortable because that way, sure, 1260 00:56:03,840 --> 00:56:06,940 my friend or some adversary in a computer lab might steal my password, 1261 00:56:06,940 --> 00:56:09,670 but he or she also needs to physically take this 1262 00:56:09,670 --> 00:56:11,800 from me or some equivalent device. 1263 00:56:11,800 --> 00:56:13,550 So that would be my biggest concern there. 1264 00:56:13,550 --> 00:56:15,840 So I use a password manager, but it's not cloud based. 1265 00:56:15,840 --> 00:56:21,380 It all runs on my phone, runs on my Mac and my desktop and my laptop computers. 1266 00:56:21,380 --> 00:56:26,310 With that said, it also supports Dropbox, which is a beautiful segue, 1267 00:56:26,310 --> 00:56:29,580 but it encrypts the file before putting it on Dropbox. 1268 00:56:29,580 --> 00:56:30,900 AUDIENCE: What was the name? 1269 00:56:30,900 --> 00:56:33,130 DAVID J. MALAN: One Password is an alternative 1270 00:56:33,130 --> 00:56:34,820 that does the same thing as Last Pass. 1271 00:56:34,820 --> 00:56:37,290 So One Password and Last Pass If you're unfamiliar. 1272 00:56:37,290 --> 00:56:39,180 So a perfect segue to services like this. 1273 00:56:39,180 --> 00:56:41,180 So you don't have to offer up which one you use, 1274 00:56:41,180 --> 00:56:44,360 but how many people in this room use either Dropbox or One 1275 00:56:44,360 --> 00:56:46,785 Drive or Google Drive or Box. 1276 00:56:46,785 --> 00:56:50,610 Like, pretty much almost everyone uses one of these things. 1277 00:56:50,610 --> 00:56:53,010 So let's consider how these services might work. 1278 00:56:53,010 --> 00:56:56,390 And they do have different security policies if not practices, 1279 00:56:56,390 --> 00:56:59,250 but let's see if we can't figure out just to what extent 1280 00:56:59,250 --> 00:57:01,840 we are secure with something like Dropbox, for instance. 1281 00:57:01,840 --> 00:57:05,660 So for those unfamiliar, Dropbox is a file synchronization service 1282 00:57:05,660 --> 00:57:09,510 whereby on your Mac or your PC or your phone you install their software 1283 00:57:09,510 --> 00:57:12,060 and then just automatically behind the scenes it constantly 1284 00:57:12,060 --> 00:57:15,500 ensures that a folder called Dropbox on your computer 1285 00:57:15,500 --> 00:57:19,660 has the exact same files on this Mac, on this phone, on this PC, 1286 00:57:19,660 --> 00:57:23,497 on this desktop-- any computer that I install the software on and log into. 1287 00:57:23,497 --> 00:57:26,330 And this is beautiful because if you have a work computer and a home 1288 00:57:26,330 --> 00:57:29,450 computer, maybe a phone, you can create the illusion for yourself 1289 00:57:29,450 --> 00:57:32,570 that all of your files are constantly accessible to you. 1290 00:57:32,570 --> 00:57:34,951 Now, in reality it's doing a lot of copying and updating 1291 00:57:34,951 --> 00:57:35,950 the files moving around. 1292 00:57:35,950 --> 00:57:36,908 It's not the same file. 1293 00:57:36,908 --> 00:57:38,590 It's not just one cloud service. 1294 00:57:38,590 --> 00:57:41,330 It's maintaining local copies on all of your computers. 1295 00:57:41,330 --> 00:57:44,400 So how does Dropbox achieve this? 1296 00:57:44,400 --> 00:57:49,820 So if this is the cloud and this is Dropbox here 1297 00:57:49,820 --> 00:57:56,090 and this is one of my laptops and here's another laptop, maybe work versus home, 1298 00:57:56,090 --> 00:57:57,750 each of them have a Dropbox folder. 1299 00:57:57,750 --> 00:58:01,460 Suppose I change a file on this laptop here. 1300 00:58:01,460 --> 00:58:07,176 How does it get over here according to this kind of model? 1301 00:58:07,176 --> 00:58:08,840 AUDIENCE: Sychronize [INAUDIBLE]. 1302 00:58:08,840 --> 00:58:09,715 DAVID J. MALAN: Yeah. 1303 00:58:09,715 --> 00:58:13,320 So the data, if I update it here, first goes through the cloud 1304 00:58:13,320 --> 00:58:15,170 and gets stored on Dropbox's servers. 1305 00:58:15,170 --> 00:58:17,740 They formerly used to use Amazon S3 but I believe 1306 00:58:17,740 --> 00:58:19,670 they use their own infrastructure now. 1307 00:58:19,670 --> 00:58:23,080 But that's sort of an uninteresting implementation detail for now. 1308 00:58:23,080 --> 00:58:24,560 Then it syncs the file to here. 1309 00:58:24,560 --> 00:58:28,420 And then if you change it here, it goes back up here and saves it down here. 1310 00:58:28,420 --> 00:58:33,560 So where might you be vulnerable in this scenario 1311 00:58:33,560 --> 00:58:36,910 In terms of your privacy or security? 1312 00:58:36,910 --> 00:58:37,410 Sorry? 1313 00:58:37,410 --> 00:58:39,120 AUDIENCE: In the Dropbox server? 1314 00:58:39,120 --> 00:58:41,120 DAVID J. MALAN: Yeah, the Dropbox server, right? 1315 00:58:41,120 --> 00:58:42,930 At the end of the day, we have to trust someone. 1316 00:58:42,930 --> 00:58:45,867 And it would seem that if I'm uploading, like, my important documents, 1317 00:58:45,867 --> 00:58:47,700 they've got to go to the cloud, so to speak, 1318 00:58:47,700 --> 00:58:49,560 which is an actual, physical place somewhere. 1319 00:58:49,560 --> 00:58:51,390 So this is Dropbox's servers and they've got 1320 00:58:51,390 --> 00:58:53,181 to get synchronized back down to my laptop. 1321 00:58:53,181 --> 00:58:55,584 So Dropbox would seem to have access. 1322 00:58:55,584 --> 00:58:56,500 OK, but wait a minute. 1323 00:58:56,500 --> 00:58:58,250 If you read the fine print and if you read 1324 00:58:58,250 --> 00:59:01,560 the marketing speak on Dropbox's website, they encrypt your data. 1325 00:59:01,560 --> 00:59:04,420 So what might that mean actually, because you shouldn't just 1326 00:59:04,420 --> 00:59:06,650 take these marketing statements at face value? 1327 00:59:06,650 --> 00:59:09,470 1328 00:59:09,470 --> 00:59:12,895 They encrypt your data, so what are they doing to it? 1329 00:59:12,895 --> 00:59:14,695 AUDIENCE: [INAUDIBLE] 1330 00:59:14,695 --> 00:59:15,570 DAVID J. MALAN: Good. 1331 00:59:15,570 --> 00:59:18,210 So they're scrambling it to create the illusion of just random zeros and ones 1332 00:59:18,210 --> 00:59:18,760 on their servers. 1333 00:59:18,760 --> 00:59:19,968 That seems like a good thing. 1334 00:59:19,968 --> 00:59:22,080 They're using some key presumably for that. 1335 00:59:22,080 --> 00:59:23,123 OK, so what key? 1336 00:59:23,123 --> 00:59:23,998 AUDIENCE: [INAUDIBLE] 1337 00:59:23,998 --> 00:59:26,370 1338 00:59:26,370 --> 00:59:28,490 DAVID J. MALAN: OK, well good, right? 1339 00:59:28,490 --> 00:59:30,840 Although that seems to be a thing. 1340 00:59:30,840 --> 00:59:34,080 So you don't know, but is it yours? 1341 00:59:34,080 --> 00:59:36,390 So it turns out it could be maybe your own password. 1342 00:59:36,390 --> 00:59:39,820 When you sign up for Dropbox, you have your own username and password. 1343 00:59:39,820 --> 00:59:42,569 So maybe they're using your password as the secret 1344 00:59:42,569 --> 00:59:43,860 with which to encrypt the data. 1345 00:59:43,860 --> 00:59:46,180 But this would kind of break the file-sharing features 1346 00:59:46,180 --> 00:59:50,660 of Dropbox and other tools insofar as I can share my files or folder with Katy 1347 00:59:50,660 --> 00:59:54,160 as well and with Christina and with any number of other people 1348 00:59:54,160 --> 00:59:58,000 and this would be problematic if my files now are encrypted with my key 1349 00:59:58,000 --> 01:00:02,190 but Katy's installed the same thing on her computer, needs access to my files, 1350 01:00:02,190 --> 01:00:05,030 but to her they look like random zeros and ones. 1351 01:00:05,030 --> 01:00:08,692 So can't be my key it would seem logically in this scenario. 1352 01:00:08,692 --> 01:00:11,150 It can't be Katy's key because, conversely, I couldn't then 1353 01:00:11,150 --> 01:00:12,400 see the files. 1354 01:00:12,400 --> 01:00:16,840 So it must be some central key, some main key that Dropbox generated years 1355 01:00:16,840 --> 01:00:19,550 ago, for instance, has locked away in a vault, 1356 01:00:19,550 --> 01:00:24,490 and is used to encrypt all of their data. 1357 01:00:24,490 --> 01:00:26,900 Yes? 1358 01:00:26,900 --> 01:00:28,630 Turns out that's true. 1359 01:00:28,630 --> 01:00:31,710 So what are the threats? 1360 01:00:31,710 --> 01:00:34,879 At least, that's true the last time I inquired. 1361 01:00:34,879 --> 01:00:36,420 AUDIENCE: Someone could get that key. 1362 01:00:36,420 --> 01:00:37,770 DAVID J. MALAN: Someone could get that key, right? 1363 01:00:37,770 --> 01:00:39,710 And so really all that's protecting you at that point 1364 01:00:39,710 --> 01:00:41,520 is the physical security of that key, which 1365 01:00:41,520 --> 01:00:44,520 is probably on some piece of paper or a USB stick or something like that 1366 01:00:44,520 --> 01:00:46,960 hopefully in a vault with very few people in the company 1367 01:00:46,960 --> 01:00:50,800 having access to what is effectively a really big seemingly random 1368 01:00:50,800 --> 01:00:54,110 looking number that's used on their servers. 1369 01:00:54,110 --> 01:00:58,280 But it could certainly be compromised somehow. 1370 01:00:58,280 --> 01:01:02,290 But this is actually a feature insofar as this is possible for Dropbox. 1371 01:01:02,290 --> 01:01:05,790 So it turns out Dropbox supports a technique which 1372 01:01:05,790 --> 01:01:10,740 is in their own interests, like other companies, called deduplication. 1373 01:01:10,740 --> 01:01:16,750 Does anyone know what it means to deduplicate your data? 1374 01:01:16,750 --> 01:01:19,470 Or for Dropbox to deduplicate our collective data? 1375 01:01:19,470 --> 01:01:24,070 1376 01:01:24,070 --> 01:01:24,680 So-- 1377 01:01:24,680 --> 01:01:25,380 AUDIENCE: No. 1378 01:01:25,380 --> 01:01:26,171 DAVID J. MALAN: No. 1379 01:01:26,171 --> 01:01:29,540 So deduplicate-- suppose that all of us in this room had, 1380 01:01:29,540 --> 01:01:33,730 let's say, all downloaded the same video file, which tend to be big. 1381 01:01:33,730 --> 01:01:36,590 So it's like some movie that we've all rented or bought or whatnot 1382 01:01:36,590 --> 01:01:39,390 and it's two gigabytes or four gigabytes. 1383 01:01:39,390 --> 01:01:40,660 So it's a pretty big file. 1384 01:01:40,660 --> 01:01:42,680 And there's 20 plus of us in this room and it 1385 01:01:42,680 --> 01:01:48,250 would be pretty wasteful for Dropbox to store two or four gigabytes times 20 1386 01:01:48,250 --> 01:01:51,950 people because at the end of the day how many copies does Dropbox technically 1387 01:01:51,950 --> 01:01:57,266 need in order to provide us all with access to that same movie? 1388 01:01:57,266 --> 01:01:58,390 I mean, in theory one copy. 1389 01:01:58,390 --> 01:02:00,520 Now, for backup purposes they should have a few spares 1390 01:02:00,520 --> 01:02:03,269 anyway on different servers, but that's besides the point for now. 1391 01:02:03,269 --> 01:02:06,890 They certainly don't need to keep one copy of every file 1392 01:02:06,890 --> 01:02:08,250 that we share among us. 1393 01:02:08,250 --> 01:02:10,000 One, in theory, suffices. 1394 01:02:10,000 --> 01:02:12,370 So to deduplicate your data means to do exactly that. 1395 01:02:12,370 --> 01:02:16,500 Instead of remembering the file for every user and a copy thereof, 1396 01:02:16,500 --> 01:02:22,167 what should suffice instead whereby Dropbox could use 1/20th the space? 1397 01:02:22,167 --> 01:02:23,000 AUDIENCE: Directory. 1398 01:02:23,000 --> 01:02:24,500 DAVID J. MALAN: The directory entry. 1399 01:02:24,500 --> 01:02:27,296 So just remember that I have this file and Siobhan has this file 1400 01:02:27,296 --> 01:02:29,920 and Dario has this file and everyone in the room has this file. 1401 01:02:29,920 --> 01:02:32,550 And just like yesterday's discussion of file system, 1402 01:02:32,550 --> 01:02:36,270 just remember where that file is and then any other backups as well. 1403 01:02:36,270 --> 01:02:42,610 So this too is only possible for Dropbox if what is the case? 1404 01:02:42,610 --> 01:02:45,630 If they're not encrypting our data individually. 1405 01:02:45,630 --> 01:02:47,550 Because if all 20 of us downloaded this movie 1406 01:02:47,550 --> 01:02:50,010 and dragged it into our Dropbox folder, suppose 1407 01:02:50,010 --> 01:02:53,790 that it were encrypted with our own encryption keys. 1408 01:02:53,790 --> 01:02:55,830 So far as Dropbox is concerned, it would look 1409 01:02:55,830 --> 01:02:58,890 like they have 20 different patterns of bits 1410 01:02:58,890 --> 01:03:01,360 that are thus not the same by definition so they 1411 01:03:01,360 --> 01:03:03,350 can't throw away 19 of those copies. 1412 01:03:03,350 --> 01:03:04,930 They have to keep all 20. 1413 01:03:04,930 --> 01:03:09,590 So in order to save on cost, 1/20th the cost in our particular sample, 1414 01:03:09,590 --> 01:03:12,620 like Dropbox logically has to be using the same key 1415 01:03:12,620 --> 01:03:16,690 to encrypt all of our data in order to leverage that feature. 1416 01:03:16,690 --> 01:03:21,439 So here there's this trade too between space and security and financial cost 1417 01:03:21,439 --> 01:03:21,980 and security. 1418 01:03:21,980 --> 01:03:28,319 If they want that feature, they can't go about logically throwing away-- they 1419 01:03:28,319 --> 01:03:30,985 can't go about, rather, encrypting all of our data individually. 1420 01:03:30,985 --> 01:03:34,420 1421 01:03:34,420 --> 01:03:35,710 Question? 1422 01:03:35,710 --> 01:03:36,350 Yeah? 1423 01:03:36,350 --> 01:03:38,226 Inessa? 1424 01:03:38,226 --> 01:03:41,359 AUDIENCE: So usually the data in Dropbox is 1425 01:03:41,359 --> 01:03:44,510 able-- you are able to manipulate the particular piece of data 1426 01:03:44,510 --> 01:03:46,760 so long as an individual user manipulates it 1427 01:03:46,760 --> 01:03:50,819 and it creates a separate copy that becomes a different source of code, 1428 01:03:50,819 --> 01:03:52,671 right, that's separate from that. 1429 01:03:52,671 --> 01:03:55,102 So if 20 of us downloaded a movie-- 1430 01:03:55,102 --> 01:03:56,060 DAVID J. MALAN: Uh huh. 1431 01:03:56,060 --> 01:03:59,930 AUDIENCE: Let's say if that one source [INAUDIBLE] I manipulate the movie, 1432 01:03:59,930 --> 01:04:03,037 say, for the [INAUDIBLE] just mine? 1433 01:04:03,037 --> 01:04:04,370 DAVID J. MALAN: That is correct. 1434 01:04:04,370 --> 01:04:06,716 If you make your own edit of it, absolutely. 1435 01:04:06,716 --> 01:04:08,590 Then you become decoupled from everyone else. 1436 01:04:08,590 --> 01:04:12,320 So now there's two copies-- the original and the altered version of it. 1437 01:04:12,320 --> 01:04:13,380 Absolutely. 1438 01:04:13,380 --> 01:04:15,460 So that is the case, for sure. 1439 01:04:15,460 --> 01:04:15,960 Yeah? 1440 01:04:15,960 --> 01:04:18,418 AUDIENCE: Also I noticed if you delete something on Dropbox 1441 01:04:18,418 --> 01:04:21,600 it goes to the Trash and then it stays there for a certain amount of time. 1442 01:04:21,600 --> 01:04:22,870 DAVID J. MALAN: Yeah. 1443 01:04:22,870 --> 01:04:25,380 So that's a feature from their perspective, 1444 01:04:25,380 --> 01:04:27,270 right, because-- or feature for us, the end 1445 01:04:27,270 --> 01:04:29,395 users, because if you accidentally delete something 1446 01:04:29,395 --> 01:04:32,920 or if, like, Katy deletes some file that I did not want Katy to delete, 1447 01:04:32,920 --> 01:04:36,792 it's a nice feature that I can retrieve it from the trash. 1448 01:04:36,792 --> 01:04:38,750 And it's probably ill-defined just because they 1449 01:04:38,750 --> 01:04:40,124 don't feel like committing to it. 1450 01:04:40,124 --> 01:04:41,970 It's sort of like a nice feature. 1451 01:04:41,970 --> 01:04:44,264 Nice to have but not a guaranteed feature. 1452 01:04:44,264 --> 01:04:46,930 And that's very similar in spirit to what we discussed yesterday 1453 01:04:46,930 --> 01:04:48,900 whereby eventually they'll just forget where the file is, 1454 01:04:48,900 --> 01:04:50,670 but it's surely somewhere on their servers 1455 01:04:50,670 --> 01:04:53,450 because it's not worth overriding necessarily. 1456 01:04:53,450 --> 01:04:54,175 Yeah, Felicia? 1457 01:04:54,175 --> 01:04:57,210 AUDIENCE: Dropbox, Box, iCloud [INAUDIBLE] 1458 01:04:57,210 --> 01:04:58,210 DAVID J. MALAN: Unclear. 1459 01:04:58,210 --> 01:05:01,293 I know less about the other services just because there's less information 1460 01:05:01,293 --> 01:05:02,570 kind of floating around. 1461 01:05:02,570 --> 01:05:07,160 But you can start to infer these kinds of details. 1462 01:05:07,160 --> 01:05:09,259 And technically I don't know-- Dropbox might maybe 1463 01:05:09,259 --> 01:05:11,550 have different keys for different subsets of its users. 1464 01:05:11,550 --> 01:05:14,650 Now they have business features, for instance, where you can actually 1465 01:05:14,650 --> 01:05:18,134 put users in an organization, and within those narrowly-defined organizations 1466 01:05:18,134 --> 01:05:19,550 they might be using separate keys. 1467 01:05:19,550 --> 01:05:24,960 So there are ways to re-scope the threat in question but at the-- 1468 01:05:24,960 --> 01:05:26,417 AUDIENCE: [INAUDIBLE] 1469 01:05:26,417 --> 01:05:27,500 DAVID J. MALAN: I'm sorry. 1470 01:05:27,500 --> 01:05:29,000 AUDIENCE: The synchronization piece? 1471 01:05:29,000 --> 01:05:32,083 DAVID J. MALAN: The synchronization piece is pretty much equivalent, yeah. 1472 01:05:32,083 --> 01:05:33,940 They all offer roughly the same feature set. 1473 01:05:33,940 --> 01:05:34,930 Exactly. 1474 01:05:34,930 --> 01:05:35,505 Sean? 1475 01:05:35,505 --> 01:05:41,284 AUDIENCE: [INAUDIBLE] if you share your whole folder and someone makes 1476 01:05:41,284 --> 01:05:45,412 a change to those files in the folder, you get the same effect [INAUDIBLE]. 1477 01:05:45,412 --> 01:05:46,370 They change it for you. 1478 01:05:46,370 --> 01:05:50,340 But if you just give them a link would [INAUDIBLE] the file themselves, 1479 01:05:50,340 --> 01:05:52,427 just kind of read and not write? 1480 01:05:52,427 --> 01:05:53,760 DAVID J. MALAN: That is correct. 1481 01:05:53,760 --> 01:05:57,290 And they will get a copy of whatever the file looks 1482 01:05:57,290 --> 01:05:59,930 like when they initiate the download process if you 1483 01:05:59,930 --> 01:06:01,374 haven't changed it since. 1484 01:06:01,374 --> 01:06:02,249 AUDIENCE: [INAUDIBLE] 1485 01:06:02,249 --> 01:06:04,987 1486 01:06:04,987 --> 01:06:06,320 DAVID J. MALAN: That's fine too. 1487 01:06:06,320 --> 01:06:08,140 And there's actually another feature built into the client 1488 01:06:08,140 --> 01:06:10,080 now where you can make the folder read-only where 1489 01:06:10,080 --> 01:06:12,413 I presume if someone does change it, Dropbox essentially 1490 01:06:12,413 --> 01:06:15,640 undoes the change by deleting it and re-downloading the original version 1491 01:06:15,640 --> 01:06:18,010 or some such trick as well. 1492 01:06:18,010 --> 01:06:22,090 All right, other questions as it relates to security? 1493 01:06:22,090 --> 01:06:22,690 Yeah, David? 1494 01:06:22,690 --> 01:06:26,542 AUDIENCE: It's kind of related to the Dropbox and the synchronization. 1495 01:06:26,542 --> 01:06:31,015 A lot of the browsers also have a synchronization mechanism, 1496 01:06:31,015 --> 01:06:31,651 like Firefox-- 1497 01:06:31,651 --> 01:06:32,484 DAVID J. MALAN: Yep. 1498 01:06:32,484 --> 01:06:37,742 AUDIENCE: --where you could just change your browser history and your bookmarks 1499 01:06:37,742 --> 01:06:41,340 [INAUDIBLE] and does that store all the cookies 1500 01:06:41,340 --> 01:06:45,232 or all your certificates as well? 1501 01:06:45,232 --> 01:06:47,462 Does that get synchronized and unencrypted? 1502 01:06:47,462 --> 01:06:49,490 DAVID J. MALAN: That's a good question. 1503 01:06:49,490 --> 01:06:51,660 It definitely gets synchronized to some server. 1504 01:06:51,660 --> 01:06:53,124 What they do is unclear. 1505 01:06:53,124 --> 01:06:55,290 Certainly in this case in the abstract I'm not sure. 1506 01:06:55,290 --> 01:06:58,200 And frankly almost always if you go to some website, 1507 01:06:58,200 --> 01:07:00,730 they will use some fluffy marketing speak like, encrypted 1508 01:07:00,730 --> 01:07:02,880 with industry-grade encryption. 1509 01:07:02,880 --> 01:07:04,340 That could mean so many things. 1510 01:07:04,340 --> 01:07:06,830 That could just mean they're using HTTPS so 1511 01:07:06,830 --> 01:07:09,830 that when your data goes from your browser to their servers, 1512 01:07:09,830 --> 01:07:12,770 yes, it's encrypted and it's pretty safe mathematically, 1513 01:07:12,770 --> 01:07:16,060 but once it gets to their servers it's not very well-defined. 1514 01:07:16,060 --> 01:07:19,060 In fact, this is one of the hard things, especially since most consumers 1515 01:07:19,060 --> 01:07:22,060 aren't savvy enough yet in society to demand 1516 01:07:22,060 --> 01:07:23,990 better clarity around these issues. 1517 01:07:23,990 --> 01:07:27,540 The companies are under no obligation otherwise really other than ethically 1518 01:07:27,540 --> 01:07:29,546 to disclose this information, and even then they 1519 01:07:29,546 --> 01:07:32,170 might not want you to know what they really mean when they say, 1520 01:07:32,170 --> 01:07:33,590 this is secure. 1521 01:07:33,590 --> 01:07:36,680 So in cases like that, you could try reading the fine print, 1522 01:07:36,680 --> 01:07:38,817 you could try googling around for a white paper 1523 01:07:38,817 --> 01:07:41,900 as it would typically be called on the security of that particular system. 1524 01:07:41,900 --> 01:07:44,810 And, like, Dropbox has such documents available, for instance. 1525 01:07:44,810 --> 01:07:47,900 But even then, the secret sauce is often not disclosed, 1526 01:07:47,900 --> 01:07:50,670 either because it's particularly secret or they just 1527 01:07:50,670 --> 01:07:53,870 don't want you to know exactly what the attack scenarios are. 1528 01:07:53,870 --> 01:07:55,427 Not good for business. 1529 01:07:55,427 --> 01:07:57,510 But even here for the password manager I mentioned 1530 01:07:57,510 --> 01:08:01,455 earlier, One Password, like I would-- so personally using Dropbox, like, 1531 01:08:01,455 --> 01:08:03,760 I don't put personal stuff in it for this reason. 1532 01:08:03,760 --> 01:08:06,340 I'll put encrypted stuff in it where I will encrypt it 1533 01:08:06,340 --> 01:08:09,600 or I'll use a tool like One Password which will encrypt its data file, 1534 01:08:09,600 --> 01:08:13,260 put a seemingly random sequence of zeros and ones 1535 01:08:13,260 --> 01:08:15,247 in the Dropbox folder that gets synced so 1536 01:08:15,247 --> 01:08:17,080 that even if something does get compromised, 1537 01:08:17,080 --> 01:08:21,140 all they have is seemingly random zeros and ones. 1538 01:08:21,140 --> 01:08:23,750 Unfortunately, the world is not user friendly 1539 01:08:23,750 --> 01:08:26,000 enough yet to do all of this for us automatically. 1540 01:08:26,000 --> 01:08:27,990 And so this is kind of-- we're kind of here. 1541 01:08:27,990 --> 01:08:29,390 And I forget who asked this. 1542 01:08:29,390 --> 01:08:31,390 Was there something more precise we can address? 1543 01:08:31,390 --> 01:08:37,130 But risks of cloud tools, certainly Dropbox and password management 1544 01:08:37,130 --> 01:08:38,979 and any other number of variants all kind of 1545 01:08:38,979 --> 01:08:41,391 relate to the security of cloud services. 1546 01:08:41,391 --> 01:08:44,390 Per our discussion yesterday, I would say that you have physical threats 1547 01:08:44,390 --> 01:08:44,890 certainly. 1548 01:08:44,890 --> 01:08:47,354 Like, Amazon is a physical place. 1549 01:08:47,354 --> 01:08:49,520 They have data centers in various parts of the world 1550 01:08:49,520 --> 01:08:51,470 and so there are certainly engineers at the end of the day that 1551 01:08:51,470 --> 01:08:54,170 could get physical access to the hard drives, get off that data, 1552 01:08:54,170 --> 01:08:56,628 but that's hopefully a fairly narrow threat and most likely 1553 01:08:56,628 --> 01:08:59,753 some random person working at Amazon doesn't care about your specific data. 1554 01:08:59,753 --> 01:09:02,128 But there's only so much you can do at the end of the day 1555 01:09:02,128 --> 01:09:04,040 if you don't physically control the space. 1556 01:09:04,040 --> 01:09:06,590 In fact, there's a common kind of saying where 1557 01:09:06,590 --> 01:09:11,020 the only secure computer in a room is in a locked closet 1558 01:09:11,020 --> 01:09:12,740 with no power and no cords. 1559 01:09:12,740 --> 01:09:14,659 I mean, that is truly secure. 1560 01:09:14,659 --> 01:09:17,034 Everything after that starts to poke holes in the system. 1561 01:09:17,034 --> 01:09:23,922 AUDIENCE: When I was asking the question [INAUDIBLE] Google Docs [INAUDIBLE] 1562 01:09:23,922 --> 01:09:25,422 because of the security [INAUDIBLE]. 1563 01:09:25,422 --> 01:09:31,069 So I'm just curious how secure was it because clearly there's a cost element. 1564 01:09:31,069 --> 01:09:33,670 You don't have to pay for Microsoft Office [INAUDIBLE]. 1565 01:09:33,670 --> 01:09:35,060 DAVID J. MALAN: Oh, those kinds of tools too. 1566 01:09:35,060 --> 01:09:36,479 AUDIENCE: [INAUDIBLE] Google Docs. 1567 01:09:36,479 --> 01:09:41,425 You could use [INAUDIBLE] you could use all 1568 01:09:41,425 --> 01:09:46,010 those tools for free as opposed to paying for [INAUDIBLE] licenses. 1569 01:09:46,010 --> 01:09:47,359 DAVID J. MALAN: Yeah. 1570 01:09:47,359 --> 01:09:51,290 I mean, I would probably-- the free services are typically freemium 1571 01:09:51,290 --> 01:09:53,240 services whereby there's paid versions. 1572 01:09:53,240 --> 01:09:56,100 And so you're probably getting essentially the exact same tools 1573 01:09:56,100 --> 01:10:00,110 and in turn the exact same security for something like Google Docs as you 1574 01:10:00,110 --> 01:10:01,570 would if you paid for Google Apps. 1575 01:10:01,570 --> 01:10:05,050 The difference being for certain governmental requirements sometimes 1576 01:10:05,050 --> 01:10:08,650 cloud-based companies will run separate servers or that adhere 1577 01:10:08,650 --> 01:10:11,800 to certain security protocols that are too expensive for consumers 1578 01:10:11,800 --> 01:10:16,550 to care about or to commit to, but the US government 1579 01:10:16,550 --> 01:10:18,800 might require that, hey, if we're going to use Amazon, 1580 01:10:18,800 --> 01:10:23,010 you have to put us in our own locked concrete room with our own servers 1581 01:10:23,010 --> 01:10:25,950 on no one else's servers, no other country's servers and so forth. 1582 01:10:25,950 --> 01:10:28,200 But that would be more a matter of policy or practice. 1583 01:10:28,200 --> 01:10:31,408 Box typically was much better at that in terms of focusing on the enterprise. 1584 01:10:31,408 --> 01:10:33,480 Dropbox started more as a consumer company. 1585 01:10:33,480 --> 01:10:36,480 And there's different levels of offerings along those lines. 1586 01:10:36,480 --> 01:10:39,730 But the short answer is that cloud-based service is not secure fundamentally, 1587 01:10:39,730 --> 01:10:40,230 right? 1588 01:10:40,230 --> 01:10:43,470 Unless you run it yourself, unless you're doing the encryption yourself, 1589 01:10:43,470 --> 01:10:45,340 it's not fundamentally secure. 1590 01:10:45,340 --> 01:10:49,090 And even then the great tragedy in computing is 1591 01:10:49,090 --> 01:10:51,980 suppose I do download some program that encrypts information. 1592 01:10:51,980 --> 01:10:53,670 PGP-- it's called Pretty Good Privacy. 1593 01:10:53,670 --> 01:10:56,880 It's sort of a tongue in cheek kind of-- it's actually good privacy, 1594 01:10:56,880 --> 01:10:58,800 but they call it Pretty Good Privacy. 1595 01:10:58,800 --> 01:11:02,030 But if I use this kind of tool or any number of these algorithms 1596 01:11:02,030 --> 01:11:05,220 I enumerated earlier, who's to say that the software you're 1597 01:11:05,220 --> 01:11:08,800 using to encrypt your data-- which you might not even understand 1598 01:11:08,800 --> 01:11:11,662 mathematically and so you're just trusting that someone else 1599 01:11:11,662 --> 01:11:13,620 understands this stuff better than you and thus 1600 01:11:13,620 --> 01:11:16,750 wrote the software for you-- how do you know that that person didn't 1601 01:11:16,750 --> 01:11:18,311 slip in their own backdoor? 1602 01:11:18,311 --> 01:11:20,060 This is what the government, for instance, 1603 01:11:20,060 --> 01:11:22,240 is so clamoring for-- give us backdoors into this. 1604 01:11:22,240 --> 01:11:26,450 Years ago it was like the V-chip in TVs and so forth giving them this backdoor. 1605 01:11:26,450 --> 01:11:30,130 Well, how do you know there aren't backdoors in our phones right now? 1606 01:11:30,130 --> 01:11:33,350 Like, how do I know my phone is not listening to this entire class 1607 01:11:33,350 --> 01:11:34,600 and transmitting it somewhere? 1608 01:11:34,600 --> 01:11:37,341 I'd have to intercept it with some physical device. 1609 01:11:37,341 --> 01:11:39,840 But, you know, unless the green light turns on on my laptop, 1610 01:11:39,840 --> 01:11:41,580 I'm going to assume the camera's not on. 1611 01:11:41,580 --> 01:11:44,869 And yet if you watch like Mr. Robot or other shows, I mean, this is possible. 1612 01:11:44,869 --> 01:11:46,910 If you have malware, malicious software installed 1613 01:11:46,910 --> 01:11:49,734 on your computer, who's to say it didn't turn on my camera 1614 01:11:49,734 --> 01:11:51,650 and just didn't turn on the green light and is 1615 01:11:51,650 --> 01:11:54,800 recording everything I do and say? 1616 01:11:54,800 --> 01:11:57,700 So this is kind of-- and you can go to the lowest level. 1617 01:11:57,700 --> 01:12:00,050 Like, we will talk a little bit about this later today, 1618 01:12:00,050 --> 01:12:01,920 but when you write software you typically 1619 01:12:01,920 --> 01:12:05,360 use a program called an interpreter or a compiler that 1620 01:12:05,360 --> 01:12:08,140 turns the words that you write into zeros and ones, 1621 01:12:08,140 --> 01:12:09,730 essentially, the computer understands. 1622 01:12:09,730 --> 01:12:14,080 Who's to say that the compiler or the interpreter you're using 1623 01:12:14,080 --> 01:12:17,260 isn't adding to your own software malicious zeros 1624 01:12:17,260 --> 01:12:22,240 and ones that are injecting backdoors into every piece of software we write? 1625 01:12:22,240 --> 01:12:25,650 So unless you wrote the sort of software that 1626 01:12:25,650 --> 01:12:28,410 understands the zeros and ones at the lowest level, 1627 01:12:28,410 --> 01:12:31,010 like, you can't trust anything we use. 1628 01:12:31,010 --> 01:12:33,886 You really are just computing while crossing your fingers. 1629 01:12:33,886 --> 01:12:36,780 1630 01:12:36,780 --> 01:12:37,334 Felicia? 1631 01:12:37,334 --> 01:12:39,000 AUDIENCE: I have a question on security. 1632 01:12:39,000 --> 01:12:43,071 So I have deleted some text messages I didn't mean to delete 1633 01:12:43,071 --> 01:12:44,685 and I wanted to retrieve them. 1634 01:12:44,685 --> 01:12:48,344 So technically I guess they were lost somewhere. 1635 01:12:48,344 --> 01:12:49,135 DAVID J. MALAN: OK. 1636 01:12:49,135 --> 01:12:51,310 AUDIENCE: So I paid for some software that could retrieve them. 1637 01:12:51,310 --> 01:12:51,610 DAVID J. MALAN: OK. 1638 01:12:51,610 --> 01:12:54,485 So this tells me, OK, they're not really deleted off my phone, right? 1639 01:12:54,485 --> 01:12:55,360 DAVID J. MALAN: OK. 1640 01:12:55,360 --> 01:12:57,652 AUDIENCE: So again that's another backdoor [INAUDIBLE]. 1641 01:12:57,652 --> 01:12:59,651 DAVID J. MALAN: I wouldn't call that a backdoor. 1642 01:12:59,651 --> 01:13:03,190 Backdoor generally means there is a way of logging into or accessing 1643 01:13:03,190 --> 01:13:06,240 a system outside of the normal means. 1644 01:13:06,240 --> 01:13:08,960 That would be just how deletion is implement. 1645 01:13:08,960 --> 01:13:11,420 That's a bug or a feature. 1646 01:13:11,420 --> 01:13:14,230 The phone was just forgetting where the files were a la yesterday's 1647 01:13:14,230 --> 01:13:16,111 chat about directories. 1648 01:13:16,111 --> 01:13:16,610 Yeah. 1649 01:13:16,610 --> 01:13:16,900 I mean-- 1650 01:13:16,900 --> 01:13:17,910 AUDIENCE: So it's just forgetting? 1651 01:13:17,910 --> 01:13:18,785 DAVID J. MALAN: Yeah. 1652 01:13:18,785 --> 01:13:22,110 And, I mean, these days too we have so much performance capability 1653 01:13:22,110 --> 01:13:24,940 in these phones, it's lazy and it's bad design 1654 01:13:24,940 --> 01:13:28,860 I would argue if phones and computers these days are not actually deleting 1655 01:13:28,860 --> 01:13:30,910 your files when you request as much. 1656 01:13:30,910 --> 01:13:33,710 But we consumers, especially given messages like the DOS window 1657 01:13:33,710 --> 01:13:36,370 from earlier, have never been really educated fundamentally 1658 01:13:36,370 --> 01:13:38,500 to expect as much and so people don't do it. 1659 01:13:38,500 --> 01:13:43,086 And in fact you can't-- I mean, it's Apple's and Microsoft's own faults. 1660 01:13:43,086 --> 01:13:45,210 Like Apple at least to their credit for some time-- 1661 01:13:45,210 --> 01:13:48,270 it's no longer in the most recent version-- 1662 01:13:48,270 --> 01:13:52,090 you used to have a Secure Empty Trash option that's since been removed 1663 01:13:52,090 --> 01:13:54,314 that would actually overwrite with zeroes and ones 1664 01:13:54,314 --> 01:13:55,480 the data on your hard drive. 1665 01:13:55,480 --> 01:14:00,499 Nowadays I think this ends up impacting the drive too much because SSDs don't 1666 01:14:00,499 --> 01:14:03,540 last as long as mechanical devices necessarily in terms of how many times 1667 01:14:03,540 --> 01:14:04,331 you can write them. 1668 01:14:04,331 --> 01:14:06,280 But it's Microsoft's and Windows' own fault 1669 01:14:06,280 --> 01:14:07,946 that they've not been doing this for us. 1670 01:14:07,946 --> 01:14:10,330 So hopefully this tendency will change over time. 1671 01:14:10,330 --> 01:14:12,230 And in the case of Apple, if you instead turn 1672 01:14:12,230 --> 01:14:16,560 on something called File Vault, which is the equivalent of what 1673 01:14:16,560 --> 01:14:20,020 iOS automatically does, you can make sure your hard drive is constantly 1674 01:14:20,020 --> 01:14:24,775 encrypted so that if it is stolen or someone physically tries to access it, 1675 01:14:24,775 --> 01:14:27,890 they only see random zeros and ones unless they know your password. 1676 01:14:27,890 --> 01:14:31,890 Of course, if your password is super easy to guess, it's still insecure. 1677 01:14:31,890 --> 01:14:33,214 So bad design I'm guessing. 1678 01:14:33,214 --> 01:14:35,880 Like, there's no way Apple would let you run software like that, 1679 01:14:35,880 --> 01:14:37,540 so I'm guessing it's an Android phone? 1680 01:14:37,540 --> 01:14:38,800 AUDIENCE: [INAUDIBLE] 1681 01:14:38,800 --> 01:14:40,216 DAVID J. MALAN: They were able to? 1682 01:14:40,216 --> 01:14:41,398 What version of-- 1683 01:14:41,398 --> 01:14:43,272 AUDIENCE: One or two versions of [INAUDIBLE]. 1684 01:14:43,272 --> 01:14:43,770 DAVID J. MALAN: Really? 1685 01:14:43,770 --> 01:14:44,300 Oh, OK. 1686 01:14:44,300 --> 01:14:45,690 So it might be something that's since been-- 1687 01:14:45,690 --> 01:14:47,481 AUDIENCE: [INAUDIBLE] text messages purely. 1688 01:14:47,481 --> 01:14:50,980 It was kind of gobbledygook, but it did retrieve some of the text messages. 1689 01:14:50,980 --> 01:14:51,938 DAVID J. MALAN: Really? 1690 01:14:51,938 --> 01:14:52,857 Interesting. 1691 01:14:52,857 --> 01:14:55,190 Poorly implemented software that you were-- good for you 1692 01:14:55,190 --> 01:14:57,020 but bad that you were able to get them back nonetheless. 1693 01:14:57,020 --> 01:14:59,110 AUDIENCE: They told me, yes, that [INAUDIBLE]. 1694 01:14:59,110 --> 01:15:00,168 DAVID J. MALAN: Gotcha. 1695 01:15:00,168 --> 01:15:02,167 And did they have to connect a cable to do this? 1696 01:15:02,167 --> 01:15:02,708 AUDIENCE: No. 1697 01:15:02,708 --> 01:15:05,875 You just download the software online [INAUDIBLE] and link that to an iPhone 1698 01:15:05,875 --> 01:15:06,999 DAVID J. MALAN: Oh, really. 1699 01:15:06,999 --> 01:15:08,560 AUDIENCE: Up to the cloud, I mean. 1700 01:15:08,560 --> 01:15:09,200 DAVID J. MALAN: Interesting. 1701 01:15:09,200 --> 01:15:09,570 OK. 1702 01:15:09,570 --> 01:15:10,070 Can't-- 1703 01:15:10,070 --> 01:15:13,457 AUDIENCE: [INAUDIBLE] backup copy of her [INAUDIBLE]. 1704 01:15:13,457 --> 01:15:15,040 DAVID J. MALAN: Oh, that's what it is. 1705 01:15:15,040 --> 01:15:15,470 So it was-- 1706 01:15:15,470 --> 01:15:16,070 AUDIENCE: [INAUDIBLE] 1707 01:15:16,070 --> 01:15:16,998 DAVID J. MALAN: OK, good, good. 1708 01:15:16,998 --> 01:15:19,560 AUDIENCE: I do it before for my old business [INAUDIBLE], my old phone-- 1709 01:15:19,560 --> 01:15:19,860 DAVID J. MALAN: OK. 1710 01:15:19,860 --> 01:15:22,430 AUDIENCE: --or whatever and I pulled the backup [INAUDIBLE]. 1711 01:15:22,430 --> 01:15:23,420 DAVID J. MALAN: That makes sense. 1712 01:15:23,420 --> 01:15:25,670 Yeah, you can't just toss words like cloud around now. 1713 01:15:25,670 --> 01:15:28,250 That has no meaning anymore after today and yesterday. 1714 01:15:28,250 --> 01:15:30,754 OK, other questions? 1715 01:15:30,754 --> 01:15:32,670 All right, well let's go ahead and pause here. 1716 01:15:32,670 --> 01:15:34,128 Let's take a 15 or so minute break. 1717 01:15:34,128 --> 01:15:38,560 And when we come back, we will focus on what it means to program. 1718 01:15:38,560 --> 01:15:40,568