Almost there...

Tuesday, March 16, 2010

PGP Causes Ammy to Whimper

My coworker walked in and asked, "What's your favorite grunge song of the 1980's?" I looked at her as though a tree had sprouted out of her forehead. I said, "Um, there's no such thing per se. Grunge sort of hit the music scene as a thing back in 1991. Why do you ask?" And she said, "Because it's one of the default security questions for the new version of PGP. I surely thought you'd be able to come up with this one." I was dumbfounded. No, really, grunge wasn't really a thing before 1991, unless you lived in Seattle. There were little outliers - you could technically class things like Soundgarden as grunge, but the term wasn't in the common parlance yet. It took Nirvana and Pearl Jam to do that. It's not really possible to have a favorite grunge song from the 80's. Why the heck is PGP asking an unanswerable question?

Meanwhile, I'm still staring at Linda. I cross-check to Wikipedia to make sure I'm not totally cracked, but really, I know this one. I graduated from high school in 1992, so this was one of the last shifts in pop music I actually paid much attention to.

I ask if there are other questions. She says she's trying to use the default first question that comes up for the documentation, but "Yeah, there are things like "The name of someone you used to go skateboarding with" or "The second person you ever held hands with."" Now I'm just agog. This is going to be awesome for Stanford. I'm sure President Hennessey will be able to wax fondly over his skateboarding days. WTF PGP? Seriously?

So after a few minutes debate, I tell her that the answer is None, or No Such Thing. She says, "Hey, that works. None is totally the truth for me."

Security questions have gone beyond stupid.


  • This comment has been removed by the author.

    By Blogger Chrisfs, at 10:59 PM  

  • One would think that since there are hacking programs with dictionary lists of pretty much every word out there, it would be trivial to have a list of song titles from the '80s.

    By Blogger Chrisfs, at 10:59 PM  

  • You probably should not post your or someone else's security answers on your blog.

    That being said sometimes with these and other security questions the best answer is a non sequitur.

    What is your favorite 80's grunge song? A Night At The Opera.

    Who is the second person you ever held hands with? A bowl of petunias.

    By Blogger mice, at 11:25 PM  

  • What is being revealed that is not available to the public at large already?

    The default questions are available to everyone. No Security breach there. Co-worker asked Ammy so Ammy's answer didn't exist before then, before she was asked. Ammy may not even use PGP as a part of her job. The purpose of the question seems to be so you could provide an answer for documentation, not for a live system.

    By Blogger Chrisfs, at 5:40 PM  

  • If anything, my top comment is the most 'dangerous' thing on this post, as it suggests a hack for defeating the security system.

    By Blogger Chrisfs, at 5:41 PM  

  • Dear anonymous,
    Here I thought you'd decided to quit being a dick. Nope, you're still a dick, just not bugging me on a day-to-day basis anymore.

    Your first sentence doesn't make sense. Your second sentence is a fragment. Your third item first fails to make sense, then ends in ellipsis.

    The sense I get is that you think I should be fired for sharing this information, but PGP is a commercially available product and the security questions come from a randomized set. Some of them just make no sense. Linda was taking screen shots for documentation on a machine that is routinely wiped and restored and does not contain any Prohibited, Restricted, or Confidential data as defined in Stanford University's data security guidelines.

    Seriously dude, get a hobby.

    By Blogger Ammy, at 12:43 PM  

Post a Comment

<< Home