undefined | Better HN

0 pointserikpukinskis9y ago0 comments

It's a false dichotomy. Your private keys are just "obscure" information that requires some effort to find too. And security protocols can be designed so the keys aren't enough.

At the end of the day it's an arms race, and you're just trying to slow attackers down.

0 comments

12 comments · 7 top-level

throwaway911119y ago· 2 in thread

Well, they're provably secure for some (mind-bogingly massive) search space.

Security by obscurity tends to refer to measures which can be broken once, and thereafter opened trivially. It sounds like the article is about one of these trivial openings.

Everything can be broken; the goal is to move it or arrest them before they can get in, physically or virtually. It just so happens that, virtually, the time required to brute force it can, at times, be on heat-death-of-the-universe scales. Safes tend to rely on men with guns following soon after alarms trigger.

Rapzid9y ago

Obtaining most keys doesn't require mind-bogglingly massive searches.

throwaway911119y ago

Well, it might not. Can you clue me in to the specific scenario you're thinking about?

Input rate limiting + known key size should provide a concrete search space.

1 more reply

kevhito9y ago· 2 in thread

> It's a false dichotomy.

What part of the parent are you responding to here?

> Your private keys are just "obscure" information that requires some effort to find too.

I think this is highly misleading. There is nothing "just" or "some" about it. Your private keys are "obscured" information that requires a (mostly) specific and quantifiably very large amount of effort to find, and which if it were to become exposed, can be changed without requiring any new design to restore security.

Blueprints and wiring diagrams are "barely if at all obscured" information that requires vague, hard-to-quantify, and often trivially little amount of effort to find, and if exposed, can't be easily changed without requiring entirely new designs, manufacturing, and engineering.

erikpukinskisOP9y ago

How do you quantify the probability someone will gain unauthorized access to your office?

How do you quantify the probability they have a rootkit for your machine?

kevhito9y ago

Well, that's why I said "mostly". The thing I need to protect, the key, is a very specific piece of data, which is used for one specific purpose, and I can take specific measures to prevent that secret from leaking. Everything from not writing it down, to key-sharing, to physical lock boxes with multiple locks, to offline-only storage, etc. It's much harder to do any of that with blueprints, since blueprints have competing needs -- they are no good if locked in a box most of the time.

benchaney9y ago· 1 in thread

There is a fundamental difference between obscure and secret. Private keys are secret.

erikpukinskisOP9y ago

Don't you think there's a fundamental equivalence too?

Natsu9y ago

Your secrets need to be small, easily changed things (keys, passwords). Not large, difficult to change things like protocols.

That's the point behind rejecting 'security by obscurity', so I can't see any dichotomy between the two.

bigbugbag9y ago

I think you're misusing the word "obscure" here. Private keys are not obscure, they're private. You can steal them but you can hardly reverse-engineer them. Finding how a specific model of ATM works is an obscure piece of information but it's not private: people who sell,buy,repair, maintain,design this ATM have this piece of information. Giving enough will and effort one can reverse engineer this information from the ATM itself.

eximius9y ago

> There should be enough physical security to ensure an attack will take longer to perform than the response time of the authorities.

Replace 'physical' with 'cryptographic' and 'authority response time' with 'reasonable amount of time'. It's literally the same thing.

jgalt2129y ago

I agree. At a certain level, all security relies on obscurity.

1 more reply

j / k navigate · click thread line to collapse

0 comments

12 comments · 7 top-level

throwaway911119y ago· 2 in thread

Well, they're provably secure for some (mind-bogingly massive) search space.

Security by obscurity tends to refer to measures which can be broken once, and thereafter opened trivially. It sounds like the article is about one of these trivial openings.

Rapzid9y ago

Obtaining most keys doesn't require mind-bogglingly massive searches.

throwaway911119y ago

Well, it might not. Can you clue me in to the specific scenario you're thinking about?

Input rate limiting + known key size should provide a concrete search space.

1 more reply

kevhito9y ago· 2 in thread

> It's a false dichotomy.

What part of the parent are you responding to here?

> Your private keys are just "obscure" information that requires some effort to find too.

erikpukinskisOP9y ago

How do you quantify the probability someone will gain unauthorized access to your office?

How do you quantify the probability they have a rootkit for your machine?

kevhito9y ago

benchaney9y ago· 1 in thread

There is a fundamental difference between obscure and secret. Private keys are secret.

erikpukinskisOP9y ago

Don't you think there's a fundamental equivalence too?

Natsu9y ago

Your secrets need to be small, easily changed things (keys, passwords). Not large, difficult to change things like protocols.

That's the point behind rejecting 'security by obscurity', so I can't see any dichotomy between the two.

bigbugbag9y ago

eximius9y ago

> There should be enough physical security to ensure an attack will take longer to perform than the response time of the authorities.

Replace 'physical' with 'cryptographic' and 'authority response time' with 'reasonable amount of time'. It's literally the same thing.

jgalt2129y ago

I agree. At a certain level, all security relies on obscurity.

1 more reply

j / k navigate · click thread line to collapse