
RFIDs, Encryption, and Stop Rules - akerl_
http://www.thegrumpyprogrammer.com/2015/04/rfids-encryption-and-stop-rules-oh-my.html
======
kijin
Stop rules are fine, we'd probably go insane if we didn't use them. But as
soon as somebody questions the validity of a stop rule, it should cease to be
a stop rule and become subject to rational examination. Once you are satisfied
that it is indeed valid, it becomes a stop rule again... until next time.

In other words, we should be comfortable with switching between two modes: a
"production" mode where we rely on our stop rules to get things done
efficiently, and a "debugging" mode where we can step back to examine our
source code. Failure to switch modes like this leads to assholery as
exemplified by the various examples mentioned in the article.

The most dangerous stop rules are the ones you don't understand. Most non-IT
business executives have no understanding of how encryption works. It's magic
to them. Therefore, they are incapable of stepping back and examining it. They
segfault as soon as they try to switch modes, so after a while, they don't
even try. Most DRM schemes are the same. It's a mantra that they chant without
understanding. And from the point of view of consumers who suffer from the
consequences, sufficiently serious incompetence is indistinguishable from
malice.

------
edent
The irony of someone talking about facts and then referencing the Myers Briggs
scam!

An absolutely discredited pseudoscience which exists solely to make money for
the corporation which peddles it.

An _excellent_ example of a stop rule there - "I am this MBTI therefore..."

[https://shkspr.mobi/blog/2012/12/astrology-for-
businesses/](https://shkspr.mobi/blog/2012/12/astrology-for-businesses/)

------
e12e
Some good points, except for the point about passwords: passwords are rarely
encrypted. While you could say that a salted hash might obfuscate the
plaintext of the password - it's not _encrypted_ \-- and it can't be _de-
crypted_.

It is of course possible to store passwords encrypted, but that is rarely
done.

~~~
kijin
From the point of view of people who treat encryption as a black box and don't
care about the details, the passwords are "encrypted" all right. The point of
the article is to criticize these people, so the technically incorrect choice
of word might be intentional.

Also, it often makes sense to treat hashing as a kind of encryption. It just
happens to be a kind of encryption that cannot be (easily) reversed.

~~~
e12e
I supppose you're right, apparently encryption is a relatively new term,
derived as a synonym to encode from crypt (derived from cryptic) whose meaning
is defined (among other things) as: "to change (information) from one form to
another especially to hide its meaning".

So in the colloquial use, encryption does apparently not imply that decryption
is possible.

I don't buy the argument that "lots of people use the term wrong, so lets just
continue to do that". (As it turns out, _I_ might have been the person to
understand the term wrongly, and the word choice might not have been
"technically incorrect" after all. Always challenge your assumptions :-)

------
GFK_of_xmaspast
There's nothing I love more than articles that are full of 'look how much
smarter I am than everybody else'.

