<preamble> I initially posted this as a comment on a duplicate submission, not realising it was a duplicate. So I've moved it here to the original. For some reason someone down-voted it there - no idea why - so I hereby give them the chance to down-vote it again, but ask for a reason.
</preamble>
Usually submitting XKCD is frowned on, but I'm pleased to see this one submitted. This attack vector is so seldom recognised as a real potential problem. It neatly explains the problem of password re-use.
As an aside, it's known that One-Time-Pad is provably secure. What's less well known is that during WW2 OTP systems were occasionally broken, because in the real world they ended up being Two-Time-Pads. People re-used a pad because they didn't get a new pad in time, etc. This was going to be one of my greybeard stories, but I'm still getting closer to the information source.
</preamble>
Usually submitting XKCD is frowned on, but I'm pleased to see this one submitted. This attack vector is so seldom recognised as a real potential problem. It neatly explains the problem of password re-use.
As an aside, it's known that One-Time-Pad is provably secure. What's less well known is that during WW2 OTP systems were occasionally broken, because in the real world they ended up being Two-Time-Pads. People re-used a pad because they didn't get a new pad in time, etc. This was going to be one of my greybeard stories, but I'm still getting closer to the information source.
http://news.ycombinator.com/item?id=1333934
http://news.ycombinator.com/item?id=996250
http://news.ycombinator.com/item?id=994358
http://news.ycombinator.com/item?id=1001262
I really have to find time to go back and organise them properly.