WingNews logo WingNews
top | item 42009872

(no title)

nkmskdmfodf | 1 year ago

> They are absolutely complementary, and implementing a real world secure system will layer both- one starts with a mathematically secure heavily publicly audited system, and adds obscurity in their real world deployment of it.

Ok, let's start with a 'mathematically secure heavily public audited system' - let's take ECDSA, for example - how will you use obscurity to improve security?

> If you have the resources and ability to, for example, develop your own internally used but externally unknown, but still heavily audited and cryptographically secure system, is going to be better than an open source tool.

Literally all of the evidence we have throughout the history of the planet says you're 100% wrong.

discuss

order

UniverseHacker|1 year ago

> Literally all of the evidence we have throughout the history of the planet says you're 100% wrong

You are so sure you’re right that you are not really thinking about what I am saying, and how it applies to real world situations- especially things like real life high stakes life or death situations.

I am satisfied that your perspective makes the most sense for low stakes broad deployments like software releases, but not for one off high stakes systems.

For things like ECDSA, like anything else you implement obscurity on a one off basis tailored to the specific use case- know your opponent and make them think you are using an entirely different method and protocol that they’ve already figured out and compromised. Hide the actual channel of communication so they are unable to notice it exists, and over that you simply use ECDSA properly.

Oh, and store your real private key in the geometric design of a giant mural in your living room, while your house and computers are littered with thousands of wrong private keys on ancient media that is expensive to extract. Subscribe to and own every key wallet product or device, but actually use none of them.

nkmskdmfodf|1 year ago

> You are so sure you’re right that you are not really thinking about what I am saying, and how it applies to real world situations- especially things like real life high stakes life or death situations.

Nah, you're just saying a lot of stuff that's factually incorrect and just terrible advice overall. You lack understanding what you're talking about. And the stakes are pretty irrelevant to whether a system is secure or not.

> For things like ECDSA, like anything else you implement obscurity on a one off basis tailored to the specific use case- know your opponent and make them think you are using an entirely different method and protocol that they’ve already figured out and compromised.

You're going to make ECDSA more secure by making people think you're not using ECDSA? That makes so little sense in so many ways. Ahahahahaha.