undefined | Better HN

0 pointsolalonde11mo ago0 comments

Can you be more specific about how it is absolutely not solving the problem?

To compromise a key you need to find a hidden piece of paper or engraved plate that your target has physically hidden somewhere. Plus guess a secret password (before your target has noticed you got to their seed and rang the alarm). Almost impossible to pull off.

I'm not sure what you mean about identity changing. If you mean a sex change or getting a new haircut, this is irrelevant to signing commits...

0 comments

captn3m011mo ago

Any knowledge held by a person is retrievable with a $5 wrench. Things can get stolen, houses can burn down, bank lockers can be robbed.

Identity Changes, such as name changes, are relevant in the Web o Trust/GPG world where you typically require a valid ID proof (such as a passport) and physical presence before you sign someone's keys at a Key Signing Party.

olalondeOP11mo ago

Fire issue is solved with multiple backups or titanium engraving. Theft is solved with secret passphrase that is either memorized or stored in a separate location. The $5 wrench attack (aka kidnapping and torture) is unsolved but it is extremely rare in comparison to the much more common key leaks/theft scenario. And I don't believe any defense is really possible against that one, cryptographically or otherwise.

> Identity Changes, such as name changes, are relevant in the Web o Trust/GPG world where you typically require a valid ID proof (such as a passport) and physical presence before you sign someone's keys at a Key Signing Party.

It doesn't solve that problem but I don't think "real life" identity is really relevant for the purpose of contributing code. In fact, plenty of open source contributors are pseudonymous.

alfiedotwtf11mo ago

It’s kind of a solved problem too, Julian Assange even worked on a file system called Rubberhose - https://en.m.wikipedia.org/wiki/Deniable_encryption

1 more reply

j / k navigate · click thread line to collapse