by Leonard Richardson
Published on segfault.org 07/09/2000
The well-known polynomial x^{2}+8x+6 was defaced today by a teenager who had "r00ted" the beloved function of one variable through the use of a popular script known as "QuAd 3QaZh0n". The attack set off the usual sequence of events: an initial panic setting off an orgy of media hype reaching a crescendo with an article in the mainstream media, a string of copycat successors, and a meaningless stream of empty promises from vendors who immediately lapsed back into apathy as the incident left the public's short-term memory.
Segfault spoke with the culprit, who goes by the name of "2o31js34g", although his real name is Alvin Schumaker.
"I did it for the kicks," said the eighth-grade desperado. "Also, it was problem 12 on my algebra homework."
Schumaker's admission that he had learned the technique used to crack the equation "in class" led to sweeping reforms at Nathan Hale Middle School, his alma mater. These range from a draconian school uniform policy to periodic cavity searches to Internet filters on library computers so restrictive that they ban the school's own home page.
"If these kids would just study their math, we wouldn't have anybody learning these dangerous equation things," said Nathan Hale principal Fred Fractal, previously known for shutting down the wood shop because "those nail things look like weapons."
Numerous other tools are avaliable for cracking polynomials exist, such as Fac-t0R. More worrying are tools for "solving" large groups of linear equations at a time; one such program makes reference to a "matrix", obviously an homage to the sci-fi classic.
Many such programs are distributed for the TI series of "calculators", tools widely viewed as a security threat in many fields and rings. Disturbingly, such devices are increasingly being made avaliable to high school and college students. Public policy must now answer the question: where is the line to be drawn between useful tool and bloodthirsty weapon of mathematical carnage? Who will answer for the countless linear equations to have undergone Gaussian elimination?
Predictably, immediately following the defacement, thousands of polynomial security companies came out of the woodwork to hawk their shoddy products.
"Our proprietary polynomials are one hundred percent safe because they have no roots at all," said Len Eir of Rootless.com, a company offering sales and consulting for polynomials such as x^{2}+4 and x^{6}+x^{2}+101. Despite Eir's claims, attacks on such polynomials are not uncommon, although Eir dismissed all such reports as "imaginary".
Dave Errential of Integrated Systems stated: "Integration technology makes it easy to add roots to your polynomial. Take 60x^{2}+264x, for instance. The roots for that polynomial have been posted in a million places on the web. But our proprietary integration technology can turn that into 5x^{4}+44x^{3}! I'd like to see someone try and find the roots of that polynomial!" [Try x=0. —Ed.] Research has shown that IS polynomials are vulnerable to several types of attacks, but, again, the vendor has chosen to go after the research, calling it "derivative", rather than investigate the vulnerabilities.
"Our polynomials are of a magnitude so high that it would be impossible to find their roots even with the most sophisticated technology," said OrderOfMagnitude.com's Sean Gular. "Our proprietary technology allows us to offer x to the power of one billion, x to the power of one trillion, even x to the power of ten gazillion! No one can crack these polynomials!" [Try x=0. —Ed.]
"It's irresponsible to distribute these polynomial-cracking kits," says security expert Bruce Schneier of Counterpane Internet Security. "It's like teaching a baby how to do surface integrals. He doesn't understand the socially responsible way to use this knowledge, so he wreaks havoc."
For improved security, Schneier urges all polynomials to be of fourth order or higher, and to change roots at least once every two weeks.
This document (source) is part of Crummy, the webspace of Leonard Richardson (contact information). It was last modified on Friday, January 26 2007, 02:30:52 Nowhere Standard Time and last built on Thursday, July 30 2015, 00:00:46 Nowhere Standard Time.
| Document tree: Site Search: |