Hacker News new | ask | show | jobs
by woodruffw 923 days ago
You're thinking about this the wrong way: if your data needs to be secure, then it's already perilous to keep it around with with weak or broken encryption. Security models where data is too important to risk encryption upgrades but not important enough to encrypt correctly are internally incoherent.

(This is sidestepping the other parts of the comment that don't make sense, like why a single read implies multiple writes or why performing cryptographic upgrades is somehow uniquely, unacceptably risky from a data corruption perspective.)
1 comments
asveikau 923 days ago
No, I think you're thinking about it the the wrong way: write failures are common. The failure mode for a bad disk is often that reads will succeed and writes will lose data. Something that silently writes like this is increasing the risk of data loss.

It probably depends a lot on the application, but I think it's often much better to have something that will warn the user about security risks and let them decide what to do with that risk. If you do design something with these silent writes, you absolutely need to think hard about failure cases and test them, and not handwave them away. Having the most "secure" data be corrupted is ultimately an unacceptable outcome.

That's not even getting into the other problems, such as ... is it ok for the user to take a performance hit of writing X GB when all they want to do is read a file?

link
woodruffw 922 days ago
Your cryptosystem is not responsible for the stability of your storage medium, and your storage medium is not responsible for the security of your cryptosystem. They are black boxes to each other; to confound their responsibilities is to ensure doom in your designs.

Put another way: your cryptosystem isn't responsible for saving your ass from not making backups. If your data is valuable, treat it that way.

link
asveikau 922 days ago
> Your cryptosystem is not responsible for the stability of your storage medium, and your storage medium is not responsible for the security of your cryptosystem

This is exactly why your crypto system should not rely on spontaneously writing many gigabytes on a read operation, without asking. I couldn't have said it better myself.

What you are advocating is crypto intruding on the storage mechanism inappropriately. It's a layer violation.

I think if it's important to the end user, you could write fairly decent code at the app layer that asynchronously re-encrypts old data in a way that doesn't harm the user. That code would need to have a strategy for write failures. A basic cryptography tool should probably not have this as a built-in feature however, for a few reasons including those I've stated.

link
woodruffw 922 days ago
> This is exactly why your crypto system should not rely on spontaneously writing many gigabytes on a read operation, without asking.

Again: nobody has said this.

Whether or not the tool does this in bulk, or asynchronously, or whatever else is not particularly important to me. The only concern I have in this conversation is whether it's contradictory to simultaneously assert the value of some data and refuse to encrypt it correctly. Which it is.

link
asveikau 922 days ago
> Again: nobody has said this

You said it. You said that's what the cryptosystem should do. It's a bad design.

link
woodruffw 922 days ago
I don’t see anywhere in my comments that I either state or imply that you have to upgrade everything at once.

From the original comment:

> This is sidestepping the other parts of the comment that don't make sense, like why a single read implies multiple writes

link