zlacker

[return to "Ask HN: What scientific phenomenon do you wish someone would explain better?"]
1. memset+tD[view] [source] 2020-04-27 00:33:30
>>qqqqqu+(OP)
Crypto and practical security. I get tired of the circular “don’t roll your own crypto unless you’re qualified”. How does one become qualified? I don’t feel like I know how to evaluate many of the arguments people make for or against technologies people argue about on HN, such as Signal or different password managers. I feel like “security through obscurity” is a bad thing, and “layers of security” are a good thing, but isn’t all security obscuring something, and how does one evaluate whether a layer is adequate? “Just use bcrypt” - okay, help me understand!
◧◩
2. vlasev+K63[view] [source] 2020-04-27 23:06:54
>>memset+tD
I don't see it mentioned, but I thought I'd chime in. Even if your crypto algorithm is perfect and works infinitely fast, there's still the problem of implementation. And that's usually not perfect and often leads to practical gaps that can be exploited. During WWII, the German Enigma machines were broken in part due to design errors (like letters wouldn't be encoded to themselves) and user error (like sending messages that start/end the same way). Even if crypto is some day perfect in a sense, it may still be used in imperfect ways that allow one to break it or circumvent it entirely.
[go to top]