Wikipedia

Wikipedia:Reference desk/Archives/Miscellaneous/2009 January 28

< Wikipedia:Reference desk‎ | Archives‎ | Miscellaneous
Miscellaneous desk
< January 27 << Dec | January | Feb >> January 29 >
Welcome to the Wikipedia Miscellaneous Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


January 28

edit

Smallest viable population

edit

I have been watching the new season of Battlestar Galactica and the overall story got me thinking: If a similar scale of disaster were to befall the human population of Earth, would ~40,000 people be sufficient to rebuild civilization over several generations? And what would be the smallest population that could still maintain sufficient genetic diversity over 10 generations or more? Astronaut (talk) 04:11, 28 January 2009 (UTC)[reply]

Define "sufficient genetic diversity". Our article on minimum viable population sets a value of 1000 for terrestrial vertebrates with inbreeding and loss of genetic variability. However, the article also specifically notes that "human intervention" is a factor that can modify the odds. Given that humans would presumably be most interested in intervening for their own species, I'd guess the actual minimum viable population for humans would be in the low hundreds. We'd lose significant genetic diversity, but humans are one of few species that rely on intelligence over genetics for adaptation: if the world is too cold light a fire, make a coat; don't just wait for your progeny to develop insulating fat deposits. That difference makes "sufficient genetic diversity" for the continuation of the human species less of a concern than it would be for many other species. As an example, consider the number of genetic diseases that are either treatable or managable today--as long as we retain the knowledge and technology to treat these diseases it doesn't matter whether they afflict a small portion or the entirety of the population. Rebuilding our civilization from such a point would, however, require more than "several generations". -- 74.137.108.115 (talk) 04:49, 28 January 2009 (UTC)[reply]
See also space colonization for a discussion on a minimum viable human population, which supplies the estimate 150-180. -- 74.137.108.115 (talk) 05:04, 28 January 2009 (UTC)[reply]
(ec) See founder effect for some discussion of the effects of very small population sizes—there are some notable examples of populations getting reduced very heavily and not always suffering for it much, genetically speaking. Genetically there is some luck involved. But anyway, this shouldn't surprise us too much that small population sizes can indeed prosper without severe problems with inbreeding—for most of their existence as a species humans existed in pretty small groups. Obviously there was some genetic interchange with these groups but you don't need to have civilization and cities for sufficient genetic diversity. I suspect 40,000 would be well more than enough to "rebuild civilization" as long as certain resources were in place (as on the show, the biggest issue is not population, but food and water supplies, etc.). --98.217.14.211 (talk) 04:55, 28 January 2009 (UTC)[reply]
Some academics have calculated that all humans from outside Africa derived from just "a single group of hunter-gatherers, perhaps a couple of hundred strong". [1] These were likely to be rather inbred too, but seemed to do just fine for themselves. So one would expect that a couple of hundred would be plenty. If the survivors were purposefully sampled from different ethnicities (say a human Noah's Ark was selected for survival) rather than members of an extended family, and post-disaster reproduction was regulated to minimize consanguinity, then much less would be sufficient to avoid serious founder effects. As few as 50 monogamous couples could generate 5 generations without the need for any consanguinity. Once you get past the 3rd generation apart (second cousins) it wouldn't make too much difference. Rockpocket 09:02, 28 January 2009 (UTC)[reply]
Some genetic evidence suggests that the total human population was at one time cut down to 2,000 - 20,000 individuals, one possibility for the reduction being a major volcanic eruption. 88.112.34.160 (talk) 09:55, 28 January 2009 (UTC)[reply]
I'd say the size of the population has less of a bearing on genetic diversity & long-term survival than the number of women of child bearing age, fertility rates and the nature and extent of disease in that population (eg if only 1 small area in East Africa survived with 20,000 people in it that wouldn't necessarily mean a surviving genetically diverse population in the long-term if 90% of the population had AIDS, and only 40% were fertile women). Other factors will have a bearing too but these seemed the most obvious. AllanHainey (talk) 12:33, 28 January 2009 (UTC)[reply]
Well, you can basically ignore anyone that can't reliably reproduce (eg. too old), then you need to calculate the effective population size to account for uneven gender distributions. --Tango (talk) 13:37, 28 January 2009 (UTC)[reply]

Are the above assuming that the citizens of this mini population are willingly going to pro-create together? I guess that given the situation normal social boundaries might change, do such theories account for this sort of thing? 194.221.133.226 (talk) 16:35, 28 January 2009 (UTC)[reply]

Well, if there were two groups that refused to interbreed, then they are effectively separate populations. I don't think it takes much mixing to keep the groups viable, though - even a very small group can manage just fine for a few generations, so one or two mixed couples each generation may well be enough. --Tango (talk) 18:56, 28 January 2009 (UTC)[reply]
I am fairly sure one could rely on biology/hormones/etc. to take care of that. People are really not all that picky when it comes to mates unless they think there are going to be a lot of options. --98.217.14.211 (talk) 01:32, 29 January 2009 (UTC)[reply]

So, in essence, if someone moved to a small isolated population they'd significantly increase their chances of finding a mate? I can see the logic, but I wonder whether people who have been raised in a mass-society with 1000s of potential mates and are 'cultured' to be picky would change their mindset and become less picky. On that basis unattached males and females would become less picky as they get older and the dating pool reduces...oh. 16:17, 29 January 2009 (UTC) —Preceding unsigned comment added by 194.221.133.226 (talk)

I don't see why the size of the population makes any difference - it's the ratio of men to women that matters, surely? --Tango (talk) 19:57, 29 January 2009 (UTC)[reply]
Not necessarily. Statistically you are correct that the male/female ratio is the sole consideration. Psychologically, however, a significantly smaller population would tend to increase "competition" effects that would accelerate pairing. To put it another way, as long as there are "many fish in the sea" there's no reason to be hasty; but when only a few options are present there's no time to be choosy. This effect would be most prevalent for a person in the middle section of the desirabilty range—higher and there wouldn't be any trouble securing a mate in any population; lower and there wouldn't be sufficient competition to encourage early selection. (The preceding is pure speculation.) – 74  05:04, 31 January 2009 (UTC)[reply]

Heavy metal a victim of reverse discrimination?

edit

I have moved this question to the more appropriate Entertainment desk. --Richardrj talk email 08:30, 28 January 2009 (UTC)[reply]

Coconut Shy

edit

In the song I've Got A Lovely Bunch of Coconuts, how do you play the game he's describing? In the article on coconut shy it says you throw a baseball at a row of coconuts on posts, but that doesn't really fit with "roll a bowler ball". Black Carrot (talk) 14:25, 28 January 2009 (UTC)[reply]

I can't say for sure if I've got the correct 'spin' here, but could it be a reference to cricket (the game, not the insect)? In cricket, the bowler is roughly analogous to the pitcher in baseball. I could in that case read "roll a bowler ball" as a colourful way of saying "pitch a cricket ball". Totally conjecture, mind. TenOfAllTrades(talk) 14:41, 28 January 2009 (UTC)[reply]
While lyrics sites are notoriously unreliable, and I think linking to them is frowned upon, I am pretty sure, and my searches confirm, that the line is "Roll a bowl, a ball, a penny a pitch". --LarryMac | Talk 15:01, 28 January 2009 (UTC)[reply]
Spot on LarryMac. Btw,I don't think we ever used baseballs to knock off the coconuts, I seem to remember they were wooden balls - but about the size of a baseball ball. Richard Avery (talk) 15:06, 28 January 2009 (UTC)[reply]
I've found several sets of lyrics that disagree with each other, and I trust none of them. Is your source authoritative? Anyway, the part that confused me was "roll". If you're rolling a ball, it's on the ground, and whatever it's rolling towards must be on the ground too, right? Black Carrot (talk) 15:07, 28 January 2009 (UTC)[reply]
As I noted, such sites are unreliable. You do realize you're trying to make sense of a music hall song, right? Chances are that the words were chosen for sound as much as for technical description of the activity. Similarly, there is no digging nor actual canines nor any bombs involved in Hot Diggity (Dog Ziggity Boom).  :-) --LarryMac | Talk 15:17, 28 January 2009 (UTC)[reply]
My memory of this song is "Roll or bowl a ball, a penny a pitch". Which means roll (underarm) or bowl (overarm) a ball (which RichardAvery identified correctly as a wooden ball, maybe the same size as one used nowadays in bowls), for a penny per go. Hope this helps. —Preceding unsigned comment added by TammyMoet (talkcontribs) 15:38, 28 January 2009 (UTC)[reply]
That's plausible, but I've never heard of throwing underarm being called "rolling" unless the ball is actually going to roll along the ground. --Tango (talk) 15:46, 28 January 2009 (UTC)[reply]

Two traditional games at British fairs are the Coconut Shy where wooden balls a little smaller than a baseball are thrown at coconuts that are set up in acorn-shaped holders on poles, and about 20 feet away. Not so difficult to hit the nut - far more difficult to get it out of the holder! Knock the nut out and it is yours as a prize. The other game is a version of skittles. No explanation needed. Both could be side-by-side with one barker. Thus roll or bowl a ball. ('Bowl' of course substitutes for throw, otherwise the lyric wouldn't work.) A penny a pitch simply refers to the price. A penny being, then, one 240th of a pound.86.197.18.122 (talk) 16:35, 28 January 2009 (UTC)DT[reply]

The words for these old songs do get horribly mangled over the years precisely because they often weren't written down - so their meaning can change multiple times before reaching the present day. The degree of this mangling is truly impressive sometimes. Check out Ring a Ring o' Roses for example. Coconut shy's were notoriously 'rigged' with a short length of string threaded up through the center of the 'cup' and tied onto the hollowed out bottom of the coconut shell. The string would be loose enough to allow the coconut to come ALMOST out of the cup and then fall back - thereby encouraging the loser to want to try again. One or two non-rigged cups would be there in order that the barker could demonstrate the fairness of the shy - and to allay suspicion by ensuring that people would OCCASIONALLY win. That's why the nut is easy to hit but quite impossible to get out of the cup! Because the rigged coconuts don't get replaced very often, they tend to lose the 'hair' on the outside - so when possible, aim for the hairiest coconut! I don't think people throw the ball underarm at those events - it's definitely an overarm pitch...which would be required in order to get the power to knock one of the coconuts off. In any case, an overarm throw would be the more familiar for the English due to the popularity of cricket as an amateur/adult sport that most men would have participated in many times in the past. SteveBaker (talk) 20:33, 28 January 2009 (UTC)[reply]

I found a source. According to Danny Kaye [2], it's "roll or bowl a ball." It looks like 86.197's explanation is the most likely so far. Black Carrot (talk) 05:06, 29 January 2009 (UTC)[reply]

Does the "version of skittles" you mention involve coconuts as well, maybe as the pins, or is it just the ordinary game? Black Carrot (talk) 05:08, 29 January 2009 (UTC)[reply]

hello again. No the skittles did not involve coconuts. Simply what appeared to be normal skittles, but often heavily weighted so they would be very hard to eliminate. (Not impossible, of course, players would get suspicious if the skittle went down and then came rolling back up again!) Sometimes there were boards to roll the balls down. Often the pitch was simply the grass of the field, with natural obstacles such as thistles in the way! There were lots of versions of these fairground games. often created (and adapted) by the individual stall holders. Fairs used to be great fun!86.200.130.201 (talk) 16:02, 29 January 2009 (UTC)DT[reply]

How do deaf people communicate with normal people?

edit

Deaf people communicate with each other in sign language, but how do they communicate with normal people who don't know they're deaf? Does it happen that someone tries to talk to a deaf person for several minutes, then suddenly realises he/she's deaf? How do they then proceed if the other person doesn't know sign language? With blind people it's easier, as a blind person can simply say "I'm blind." But how does it work with deaf people? JIP | Talk 18:27, 28 January 2009 (UTC)[reply]

It varies. Some deaf people have learned to vocalize words (understandably often a bit awkwardly). Others would use gestures. Deaf people tend to be very good at making themselves understood through gestures even to people who don't understand sign language. It is unlikely that someone would spend several minutes talking to a deaf person before realizing that he/she's deaf. Deaf people know visually when a speaker is speaking and would generally respond in some way to let the speaker know that they are deaf. Marco polo (talk) 18:38, 28 January 2009 (UTC)[reply]
Deaf people are often very good at lip reading, so the deaf person understanding the hearing person is often not a problem. If someone wasn't born deaf, but went deaf later in life, then they can usually speak with no difficulty. People who were born deaf do often learn to speak well enough to be understood, those that don't have to rely on gestures or an interpreter (or writing things down, I guess). --Tango (talk) 18:49, 28 January 2009 (UTC)[reply]
By the way, you might want to be careful with that word normal. I don't think you meant anything bad, but you can tread on people's sensitivities if you're not careful. --Trovatore (talk) 18:55, 28 January 2009 (UTC)[reply]
Yes, I realised it myself, but only after I had written my message. I thought it was obvious enough that I only meant "non-deaf" and not implied there was anything bad about being deaf, so I let it be. JIP | Talk 19:55, 28 January 2009 (UTC)[reply]

Too true - I had a friend who was profoundly deaf from birth and he married a similarly profoundly deaf person he met at the school for the deaf. In those days it was called The School for the Deaf and Dumb, which nowadays would be an appalling expression, as it was even then. But he was quite content to be referred to as Hearing Impaired when talking or communicating with a Hearing Person. 92.22.201.203 (talk) 19:29, 28 January 2009 (UTC)[reply]

"The School for the Deaf and Dumb" sounds reasonable to me - you can be dumb (ie. unable to speak) without being deaf, and attending such a school would probably make sense for you. Of course, "dumb" is used to mean "stupid" these days, but personally I think the best way to deal with such inappropriate changes of meaning is the use the word for its original meaning as often as possible. --Tango (talk) 19:49, 28 January 2009 (UTC)[reply]
In Finnish we say "mykkä" meaning physically unable to speak. I once read a GI Joe comic where some Cobra guy says about Snake-Eyes: "How could I have forgot? This madman is mute!" I understood that the English word "mute" means the same thing. But as I'm not a native English speaker, I would want to confirm this with a native speaker. JIP | Talk 19:55, 28 January 2009 (UTC)[reply]
Mute is synonymous with this usage of dumb in English and is the more politically correct term. Tomdobb (talk) 20:06, 28 January 2009 (UTC)[reply]
What is the matter with "Deaf & Dumb", it is simply a statement of fact understood by all. I am deaf and quite happy to be referred to as such. --Artjo (talk) 10:15, 29 January 2009 (UTC)[reply]
It doesn't bother me and I'm glad it doesn't bother you, but generally speaking, I understand mute to be the preferred term. Tomdobb (talk) 13:36, 29 January 2009 (UTC)[reply]
In America, influenced by the German "dumm", 'dumb' came to mean 'stupid'. Rhinoracer (talk) 13:14, 29 January 2009 (UTC)[reply]
Thank you for your contribution, Artjo: it is good to have somebody in the discussion who has the experience we are talking about. I would normally avoid the phrase 'deaf and dumb' because to me it either lumps together two groups with little in common (deaf people and mute people) or it embodies the limiting assumption that deaf people in general cannot speak. --ColinFine (talk) 19:54, 2 February 2009 (UTC)[reply]
Well, but there would be the same problem then with deaf-mute, or anyway with deaf and mute. No, the real problem is that dumb now means stupid; the older meaning mute is almost unavailable, at least in the States. It's probably easier to use gay to mean cheerful than dumb to mean mute.
I was actually quite surprised when I found out that the phrase dumb animals refers to their inability to speak, rather than to their intellectual capacity. --Trovatore (talk) 07:40, 3 February 2009 (UTC)[reply]

Watching movies like "Untraceable"

edit

I watched this movie for the first time last night and found myself both appalled that people could log on to a live streaming website to watch the live "death" of the perpetrator's victim; and yet fascinated to see what would transpire as the storyline unfolded. We were informed that the sicko who set up these murders was a psychopath who was paying back in kind those he believed to have broadcast (admittedly repetitiously)images of the suicide of his bereaved and depressed father - or those in the FBI who were getting close to arresting him. We were also shown graphically how he set up his equipment so that the more people who logged on to watch the action in real time, the more quickly the effects of his chosen modus operandii would work on his victim - with a digital counter recording viewers in excess of 20 million at times. 2 questions - would the authorities really have no way to switch off such websites as these should any nutter attempt to copy the storyline in this film, thus denying him his audience - and equally worrying - to me at least - was there any moral difference between my watching a fictional portrayal of such a set-piece, and potentially watching the real thing itself? In short - should I have demonstrated my horror by turning off the TV? And believe me - I was and am truly horrified that such things can exist via the Internet. 92.22.201.203 (talk) 19:24, 28 January 2009 (UTC)[reply]

Most governments do *not* have sweeping powers to control content on the internet (which is much more a good thing than a bad thing--think censorship in China). They can presumably create local blocks (like the great firewall of China), but as is commonly stated, the internet detects censorship as damage and routes around it. On the other hand, in a case similar to the movie I doubt law enforcement would have much trouble convincing the ISP/host of the site to remove it immediately.
It is quite normal to explore unthinkable situations in fiction. As long as you are capable of understanding the difference between a fictional portrayal and real life, then there is indeed a moral difference (i.e. one is real; one isn't). Lastly, although the internet may be the most recent medium for public execution, it is hardly the first, nor even the first with spectator participation: see trial by combat, stoning, and gibbet. – 74 19:51, 28 January 2009 (UTC)[reply]
This issue isn't new with the Internet, snuff films were around a long time ago. I do consider it a sin to watch, if the people making the film/committing the murder get any benefit from it. If you watch a website, they could count the number of hits and get money from advertisers for your visit. This came up with the murder of Daniel Pearl, which was available on the Internet, but I decided not to watch it for this reason. StuRat (talk) 19:55, 28 January 2009 (UTC)[reply]
The thing with a simple video is that the Internet is only the means of transmission. It's VERY tough for a government to prevent the spread of a video if it's copied from one user to another or spread via some peer-to-peer protocol. The data only travels any particular route once or twice and then it's off being spread via some other route. In the case of the scenario in 'Untraceable' though, the perpetrator had to count the number of hits at his web site. That requires the video (which in any case was supposed to be live streaming video) to come from a single source and to monitor visitors arriving at that single site. That makes it trivial to find - and no harder to shut down than any criminal activity for which you have a street address. Furthermore - the amount of site bandwidth required to single-source stream live video to 2 million visitors would require infrastructure comparable to Google or YouTube! Multiple large buildings with a staff of hundreds of IT guys. This isn't something you can do with your PC and a DSL line! The movie is junk...it's ridiculous. Calling it 'untraceable' is pretty much the worst part! In reality, the perpetrator would be EASY to trace! SteveBaker (talk) 20:10, 28 January 2009 (UTC)[reply]
Not that I ever want to see something like this take place, but the premise isn't as "unpossible" as you seem to think. A practically "untraceable" solution: decentralized distributed p2p malware automatically installed onto a large botnet. Add in a few details like auto-emailing URLs of compromised computers, browser hijacking, botnet activity tracking, and a few foreign-hosted domains and you've got a serious mess. Since the (many) URLs are available in IP address form (pointing to many different zombie computers), there is no reasonable block that can be applied quickly short of shutting down the internet. Since the load is distributed on zombie computers no massive datacenter is necessary. And since all the software is running on compromised machines there is no easy link to the perpetrator. (To be fair, I'm sure the writers used some hand-waving to explain the "untraceability" in the movie, and probably got the technology all wrong.) – 74 23:24, 28 January 2009 (UTC)[reply]
The whole premise is that there is a REAL TIME video stream with REAL TIME feedback to that point counting the number of viewers. People go to a specified HTTP address to see the video - how the heck could you POSSIBLY distribute that without being able to simply track the path back from machine to machine to the ultimate source? Particularly because the data is bidirectional in nature and can't have more than a few seconds of latency? If you think you can do that through a botnet you don't understand the Internet! SteveBaker (talk) 00:58, 29 January 2009 (UTC)[reply]
P2PTV74  01:12, 29 January 2009 (UTC)[reply]
While it's true that governments have relatively little power to patrol the internet - they would have no problem whatever in tracking down the perpetrator's web site and shutting it down - or even of simply blocking access to it by removing the site's DNS entries. The movie is quite simply ridiculous. So such things really CAN'T exist - the very need for the perpetrator to count the number of visitors means that some traffic has to travel from the visitor's computer to the perpetrator's computer - and following that data isn't difficult. Heck - the software you need comes with every UNIX/Linux computer! It's called 'traceroute'. Even if the site were overseas - it would be simple to have the DNS entries pulled or the site's IP address blocked on US servers. So: IT'S JUST FICTION. Can't happen, won't happen, don't worry about it. SteveBaker (talk) 20:02, 28 January 2009 (UTC)[reply]
Yeah, it's not like there is a trivial way of bypassing DNS lookups or a way to bypass IP address blocks. For reference, these are some of the techniques used by the great firewall of China, and we all know how well that works. – 74 20:22, 28 January 2009 (UTC)[reply]
OK folks - thanks for your responses to both parts of my OP - much appreciated and much relieved. But sorry Steve - I seem to have gotten you a bit animated with my technical incompetence. 92.22.246.240 (talk) 21:19, 28 January 2009 (UTC)[reply]
StuRat, you realize that Snuff Films are an urban legend, right? It says so right in the intro to the article you just linked. APL (talk) 22:31, 28 January 2009 (UTC)[reply]
Perhaps people committing murders on film with the intent of making a profit is, but you do get one person who films a murder and another who sells it. Than there's those sick bastards who sold the Faces of Death videos showing children getting killed (accidentally). StuRat (talk) 05:54, 29 January 2009 (UTC)[reply]

Hmm couldn't a tor network be used to hide a server, just as a botnet could? I agree a way of counting views under such a system while remaining anonymous would be very difficult if not impossible. TastyCakes (talk) 23:44, 28 January 2009 (UTC)[reply]

The protection afforded by a tor network would provide secure access, but
  • throughput is often limited
  • tor node operators are much more computer savvy
  • the tor network *might* be taken down with sufficient motivation
As for counting page "views", note that botnets often track their activity with anonymous reports to their creator--it is no stretch to add a "page views" field. Similarly, the number of views could be propagated "in channel" with the p2p data. I suspect an accuracy rate near that of an actual centralized server could be obtained. – 74 00:12, 29 January 2009 (UTC)[reply]
Freenet may provide more anonymity then Tor anyway albeit at an even slower speed and very high latency (real time is out of the question) and without the ability to count the number of viewers Nil Einne (talk) 19:17, 2 February 2009 (UTC)[reply]
  • You folks do realize you are dedicating an inordinate ammount of time debating the viobility of a plot element from a work of fiction, right? The whole idea behind fiction is that its all made up. Sure, people who create fiction will sometimes add pseudorealistic jargon or terms into their works to make them appear more "realistic" so audiences can identify with them, but given the choice between scrupulous adherance to reality and fudging reallity to tell a good story, every writer worth his salt will forgo realism for storytelling. Otherwise, you wouldn't have found the movie interesting enough to watch anyways. Seriously, you shouldn't overanalyze these sorts of things because they're just made up anyways!!! --Jayron32.talk.contribs 06:00, 29 January 2009 (UTC)[reply]

Cryptography

edit

I've always had a nagging thought about asymmetric cryptography. For relatively short messages like passwords, what is to stop some nefarious intermediary from running the public key on a huge dictionary of possible passwords and keeping the generated encryption for each and then comparing the encrypted password from the sender with this huge list? Does this not reduce the encryption of such files to a relatively trivial brute force attack, albeit a brute force attack with the extra steps of creating a dictionary and looking for matches? TastyCakes (talk) 23:08, 28 January 2009 (UTC)[reply]

A simple counter is to include a nonce in the message--this increases the length of the message and makes any brute-force dictionary attack prohibitively expensive. – 74 23:33, 28 January 2009 (UTC)[reply]
If you know a lot about the message in question (such as it being likely to be a common English word or something like that) and the length is small then the possibilities for brute-forcing it are very high. This is comparable to how rainbow tables work. As with those, adding a salt can make such an operation computationally prohibitive. --98.217.14.211 (talk) 00:11, 29 January 2009 (UTC)[reply]
For convenience: salt (cryptography). TenOfAllTrades(talk) 14:03, 29 January 2009 (UTC)[reply]
But to be clear, salts and nonces don't do anything to prevent brute forcing of a password; they only make rainbow tables unfeasible and prevent duplicate entries in password hash lists (which slows down brute forcing of many passwords if some are identical). .froth. (talk) 18:18, 29 January 2009 (UTC)[reply]
They mean you have to brute force each password separately, rather than doing them all at once, so it is much slower. Often you don't care whose password you get, just that you get a password, so you can just make random guesses until one of the hashes matches. With salted passwords you would have to calculate the hash again for each account. --Tango (talk) 21:39, 29 January 2009 (UTC)[reply]
We're not talking about brute forcing the password, we're talking about brute forcing the hash. In the example given, it doesn't matter than the information is a password—we can just say, "it's a very short English word" that has been encrypted. We have the hashing algorithm already in this case (the public key), the question is, if you think the encrypted item is a short English word, and you have the public key, could you find out what the encrypted item is without knowing the private key. And the answer is, yes, pretty much, that's what rainbow tables are about. If you change the situation though, so that it is no longer just "a short English word" (that is, add a salt), then that becomes computationally prohibitive. --98.217.14.211 (talk) 14:42, 30 January 2009 (UTC)[reply]
Technically a salt is part of the key generation process (and often stored externally), not a random value added to the text to be encrypted. In that case, padding is a more correct technical term. And, to answer the OP's question, our article on padding says that public key cryptography no longer uses predictable values for padding, so a rainbow table attack is quite unlikely to succeed against a short message. – 74  22:00, 30 January 2009 (UTC)[reply]
I'm a little late to the party, but just to clear things up: you're absolutely right, questioner. This is called a Chosen-plaintext attack, and is indeed a problem. This is one of the reasons that if you want to communicate with some one using (say) SSL, you don't use public-key cryptography directly. You generate a completely random symmetric key, which is used to encrypt the conversation, and the symmetric key is then encrypted and sent over (btw, the other reason is speed, symmetric cryptography is way faster than asymmetric cryptography). With storing hashes of passwords and the like, as people have mentioned, you use salts. In this context, the salt is like an encryption key, and should be kept secret, so if someone compromises your database, they can't figure out what the passwords are. Belisarius (talk) 17:54, 31 January 2009 (UTC)[reply]

In military coded communications the procedures sometimes require that a message be longer than some specified length, to counter precisely this problem. It's also good policy not to make your 'password' an actual word; making it a concatenation of two short words hugely increases the difficulty of this kind of attack. DJ Clayworth (talk) 20:46, 2 February 2009 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Reference_desk/Archives/Miscellaneous/2009_January_28&oldid=1136441382"