undefined | Better HN

0 pointsdpwm8y ago0 comments

Some of the most effective security measures actually increase complexity.

Two-factor authentication increases complexity in every measurable way but mitigates against a number of softer attacks.

Adding encryption adds a ton of complexity but effectively removes all man-in-the-middle attacks.

The simplest way of storing passwords is in plaintext.

Privelege separation is far from the simplest way of structuring a daemon, but it effectively prevents exploits in the complex parts from allowing an attacker to gain remote root access.

Perhaps it is more that superfluous complexity is the problem.

0 comments

sillysaurus38y ago

I think we're talking past each other. Complexity probably refers to anything beyond essential complexity. In the systems you mention, they all lack complexity by that definition.

j / k navigate · click thread line to collapse