Hacker News new | ask | show | jobs
by stcredzero 3492 days ago
Something tells me a conspirator wouldn't be required anyways.

The conspirator is there to teach about Defense in Depth. Systems that rely on just 1 "impenetrable" membrane tend to be brittle. Their failure is catastrophically sudden and complete, like glass breaking. Glass is way harder than steel, but steel structures are much more robust, because steel's ductility allows for partial failures and continued resistance/integrity.

Your security is either sound or broken

What about "Defense in depth?"
1 comments
marcosdumay 3492 days ago
Defense in depth mostly does not work (against willful targeted attacks).

Software is not the real world where things bend. If a barrier is sane, it will stand, nobody will break it. But no matter how many non-sane barriers you add, you can not turn them into a sane one. The only thing you will achieve is to increase your system complexity and get more bugs as a result.

link
mSparks 3491 days ago
only one encryption scheme works against "willful targeted attacks" - the one time pad (and even that has potential for going wrong)

All the others are about making the effort required greater than the will to get there in favor of usability.

All the standard libraries stop at "miniscule effort for a state".

And states aren't even "the big boys" anymore.

link