[Kosh]

lol wut?

"CBS News reports that the Obama administration is currently drafting the National Strategy for Trusted Identities in Cyberspace, which will be released by the president in the next few months. 'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.' Although details have not been finalized, the 'trusted identity' may take the form of a smart card or digital certificate that would prove online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. White House Cybersecurity Coordinator Howard Schmidt says that anonymity and pseudonymity will remain possible on the Internet. 'I don't have to get a credential if I don't want to,' says Schmidt. There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"

Question, how can a system like this NOT be a huge target for abuse of power, ID theft, etc?

[Scotty]

ID theft I can see, but power?

Actually, as long as we can still use handles on forums and other places where anonymity is desired or preferred, I don't see a problem.  From the looks of that article, it's geared more toward internet vendors and stuff that could really USE accountability.

[Flipside]

Don't these people ever learn? If it's digital, it's hackable.

[Polpolion]

From what I skimmed of the article it seems totally absurd. Why anyone would willingly centralize their internet security into a single entity I can't imagine...

[Kosh]

From what I skimmed of the article it seems totally absurd. Why anyone would willingly centralize their internet security into a single entity I can't imagine...

It seems to me that it is an extension of the Real ID, which was a failed attempt at forcing a national id card (with an accompanying centralized database) under the bush administration. Real ID failed because the states refused to go along, but with this system would bypass them entirely.

[Flipside]

What annoys me is that the whole point of adding organic elements to digital IDs is because there is no such thing as 'random' with a computer. That's why you need to remember your pin number or your password, because it adds a truly random element to the identification process. Remove that random, organic element and you are left with a predictable system, and given enough time, that system can be decoded.

[General Battuta]

Human 'randomness' is actually tremendously predictable as well; a computer can almost certainly do a much better job.

[Flipside]

Possibly so, but if nothing else, it puts some level of responsiblity to the user themselves to protect their information. If you only need one password to access all your internet resources, all you are doing is putting all your eggs in one basket. No-one with a moderate sense of security uses less than 3 different passwords for their various accounts (3 is a good number because you usually get 3 attempts to enter the password), making one single access point, means that you have a single point of vulnerability, and if that is compromised, your data is blown wide open.

[General Battuta]

Concurred.

[Kosh]

Human 'randomness' is actually tremendously predictable as well; a computer can almost certainly do a much better job.

Since a computer uses an actual algorithm any math major should be able to reverse engineer it, whereas a human at least has the option of changing their pattern once they realize it.

[General Battuta]

Human 'randomness' is actually tremendously predictable as well; a computer can almost certainly do a much better job.

Since a computer uses an actual algorithm any math major should be able to reverse engineer it, whereas a human at least has the option of changing their pattern once they realize it.

This is not a bad point, but the usual solution is to use an external chaotic source as a random seed; it's pretty trivial to generate a near-truly-random one from a natural phenomenon like radioactive decay or whatever.

There are also enormous tables of truly random digits you can simply feed in to use as said seed.

[NGTM-1R]

Then you end up with the same problem as a Book Cipher: other people can locate your source.

[General Battuta]

Then you end up with the same problem as a Book Cipher: other people can locate your source.

Right, but a source like radioactive decay does not produce randomness in a historically contingent pattern.

[Goober5000]

"We are not talking about a national ID card" ... "We are not talking about a government-controlled system" ... "There's no chance that 'a centralized database will emerge,'"

And how exactly should we trust this guy given the government's track record on other things?  I predict that if this gets implemented, it will eventually become all three of these things, in practice if not in name.

[Grizzly]

Human 'randomness' is actually tremendously predictable as well; a computer can almost certainly do a much better job.

If human randomness is tremendously predictable, many of the world's problems would have been solved already, without any side effects. Now, if we solve a problem (such as a food crisis), we cause another problem (economic crisis in same area, which is then followed by another food crisis). If human randomness was so predictable, then all those complicated financial programs people used before the credit crunch would have worked or never have existed.

[Qent]

Fine, base your computer's security on the world's economy then. I'll stick with random and computer-generated pseudorandom numbers.

And passwords, but I won't claim they're random.

[Kosh]

And passwords, but I won't claim they're random.

Because I just can't help it

[General Battuta]

And passwords, but I won't claim they're random.

Because I just can't help it

You will probably appreciate this - http://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/

[Kosh]

Awesome 

[General Battuta]

The infographic is a bit deceptive, in that only 3% of the total passwords were 'password', '123456', and '12345678'. But it's still a laugh.