This Place is Taken: Bad movie cryptography, 'Swordfish' edition

Friday, April 20, 2012

Bad movie cryptography, 'Swordfish' edition

Bad movie cryptography, 'Swordfish' edition:
Hackers are paler than the general public. Also, they use gel.
I was just working on an honest-to-god technical post when I thought: here's an idea, let's illustrate this point with a reference to the classic bad-security movie 'Swordfish'. What a terrible mistake.



In searching for a link I turned up what purports to be Skip Woods' original shooting script. And now I'm not going to get any work done until I get this off my chest: holy &#^$*&# crap the cryptography in that movie is way worse than I thought it was. 



I know, I know, it's a ten year old movie and it's all been said before. So many times that it's not even shooting fish in a barrel anymore, it's more like shooting frozen fish in a barrel.



There isn't much crypto in the movie. But what there is, whew... If you consider a modified Pritchard scale where the X axis is 'refers to a technology that could actually exist' and the Y axis is 'doesn't make me want to stab myself', Skip Woods has veered substantially into negative territory.



I know most people will say something like 'Duh' or 'It's swordfish!' or 'What do you expect from a movie where a guy breaks a password while John Travolta holds a gun to his head and Halle Berry fiddles around in his lap.' And yes, I realize that this happens. But that stuff actually doesn't trouble me so much.



What does bother me is that the DoD system he breaks into uses 128-bit RSA encryption. Does anyone really think that the NSA would validate that? And then there's this exchange (emphasis mine):



                            GABRIEL
                  Here's the deal. I need a worm,
                  Stanley. A hydra, actually. A
                  multi-headed worm to break an
                  encryption and then sniff out
                  latent digital footprints
                  throughout an encrypted network.

                                STANLEY
                  What kind of cypher?

                                GABRIEL
                  Vernam encryption.

                                STANLEY
                  A Vernam's impossible. Its key
                  code is destroyed upon
                  implementation. Not to mention
                  being a true 128 bit encryption.

                                GABRIEL
                  Actually, we're talking 512 bit.

Ok, I don't know about the stuff at the beginning -- but the rest is serious. We're not going after a mere Vernam One-Time Pad, which would just be impossible to break. Instead we're going after the Big Kahuna, the true 128-bit unbreakable Vernam One-Time Pad. No, wait, that's too easy. To do this right, we're gonna have to break the full 512-bit unbreakable Vernam One-Time Pad, which is at least 2^384 times as unbreakable as the regular unbreakable kind. Get Halle back in here!
What kills me is that if you squint a little some of this technical jargon kind of makes sense. This can only mean one thing: Skip Woods brought in a technical advisor. But having done so, he obviously took the advice he was given and let it fly prettily out the windows of his Mercedes on the way home. Then he wrote what he wanted to write. Who needs an unbreakable cipher when we can have an unbreakable cipher with a frickin' 128 512 bit key!

I thought this post would be cathartic, but the truth is I just feel dirty now. Where will this end? Will I find myself criticizing Mercury Rising and Star Trek? The thing is, I like movies, even bad ones. I don't ask for realism. I just have limits.

And Swordfish is a bridge too far. If you're a Hollywood type and you need someone to vet your scripts, I'll do it. Cheap. I won't leave you all hung up in painful details -- if your plot requirements have the main character breaking cryptography in his head, I'll find a way to make it work. But it won't be a One-Time Pad and it sure as hell won't be 128-bit RSA. It will be *ahem* realistic.

No comments:

Post a Comment