undefined | Better HN

0 pointsclose047y ago0 comments

Here's an example of how the signature can help a user [0]. If fewer people fall for it that's still a win.

Your argument is that if a mechanism isn't perfect we shouldn't be using it at all. Well seatbelts and airbags also don't guarantee anything but still save people. Security is additive, no layer is perfect but put enough of them together and you can be relatively safe.

[0] https://arstechnica.com/information-technology/2015/05/sourc...

0 comments

kazinator7y ago

Seatbelts and airbags aren't defenses against a clever adversary that is trying to kill you, and who has the means to replace your real seatbelts and airbags with phony ones.

close04OP7y ago

No but they will protect you from an andversary that doesn’t have those capabilities and will go the more low tech way of ramming you.

No IT system is perfectly secure. None. They can and will be hacked. The point is to raise the bar for that hack. You lock your house, your phone, put passwords on account, etc. even if they can all be broken into. Why do you do that?

You still haven’t mentioned the method you find acceptable. Even what I suggested originally (distributed hashes) can be bypassed. A determined attacker will impersonate the author, will take over the blockchain, will replace enough instances of the hash in the wild to make it look legit, etc. so you complicated everything without guaranteeing anything.

If you indeed support the idea that the cert/signature system is not perfect so it’s useless I’m sure you can mention one that offers guarantees. You’re arguing for the sake of arguing but brought no argument you can support. Have at it.

j / k navigate · click thread line to collapse