XKCD is an amazing comic. Sometimes it’s drop-dead hilarious. Sometimes I don’t quite get it. But with frightening accuracy, it’s either an astonishingly accurate picture of me, or it uses a crude-drawn diagram of stick figures to say something I’ve thought for a long time much more eloquently than I could. A recent comic does just that:

I think it’s valuable both on its surface and a bit metaphorically. Encryption’s a pretty neat field, with all sorts of applications. And even more mainstream operating systems like RHEL and CentOS are making it easy to encrypt not only your filesystem, but swap. But I think a lot of people hang their hats on technical solutions, where it’s only half the battle. 4096-bit RSA is no good when your passphrase is “passphrase,” though I have to think that crypto-geeks might know better.

The same is true for home security. I really wish I had the link for the article I read in which some ex-burglars were interviewed. They pointed out that those hollowed-out soup can “safes” are a great idea, except that when you have a can of soup on your dresser, it’s going to get stolen. Those hollowed-out book safes are ingenious, except that savvy burglars just knock over you bookshelf. And that having a safe is really pretty foolish, because they’ll just take the whole thing. Or the story about the people who hid hundreds of dollars of cash inside their DVD player for safekeeping. But the burglars weren’t looking for cash, they were looking for electronics they could pawn, so they stole the DVD player.

And how about SSL? I think there are a sizable number of people who know that the ‘lock icon’ of SSL means that their connection to the webserver is encrypted, and therefore it’s safe to give out their credit card number. But they don’t realize that their encrypted connection is to “https://paypal.com:homepage@scammer.example.com” and that they just gave the badguys their information.

In all our time guarding against the million-dollar supercomputer, we forget to guard against the $5 wrench.