Hacker News new | ask | show | jobs
by Mindwipe 1776 days ago
I read the paper when it was published, and wasn't great then and it's definitely not great now.
1 comments
jl_agilebits 1776 days ago
> I read the paper when it was published, and wasn't great then and it's definitely not great now.

Would you mind elaborating on this?

link
Mindwipe 1775 days ago
It's really simple. It just doesn't consider anything unexpected happening.

Compromised algorithms are unlikely. But not impossible. Quantum computing enabling brute force attacks is unlikely in the immediate future, but not impossible. Certificate pinning compromise during transport is not implausible for state actors.

And in those scenarios and others, having the vault stored remotely on someone else's machines is inherently less secure than not.

The assumptions made in the paper are clumsy.

link