undefined | Better HN

0 pointsmindslight10y ago0 comments

If this software variant can be installed on a locked device and post-facto modify its security model, then either that device was insecure or there is a master key.

0 comments

cmurf10y ago

Disabling the bruteforce inhibiting code does not mean it was insecure or that there's a master key.

mindslightOP10y ago

It certainly means the bruteforce inhibiting was insecure.

cmurf10y ago

Explain.

Include in the explanation how removing code makes the prior state insecure.

mindslightOP10y ago

If an attacker can modify the code, they simply nullify that check (as we're discussing here). The prior state was insecure because the whole point of crypto/trusted hardware is to prevent against such attacks, and the prior state should have never allowed a code update on a locked device (if we're talking about trusted hardware).

If we're not talking about trusted hardware, then naive code which calls sleep() is defective for the same reason - the security of the system cannot depend on running "friendly" code. See Linux's LUKS which has a parameter for the number of hash iterations when unlocking, which sets the work factor for brute forcing.

If this still isn't apparent, you need to try thinking adversarially - what would you require to defeat various security properties of specific systems?

1 more reply

j / k navigate · click thread line to collapse

0 comments

cmurf10y ago

Disabling the bruteforce inhibiting code does not mean it was insecure or that there's a master key.

mindslightOP10y ago

It certainly means the bruteforce inhibiting was insecure.

cmurf10y ago

Explain.

Include in the explanation how removing code makes the prior state insecure.

mindslightOP10y ago

If this still isn't apparent, you need to try thinking adversarially - what would you require to defeat various security properties of specific systems?

1 more reply

j / k navigate · click thread line to collapse