My favorite crypto feature is limited cracking attempts. Socialist millionaire, PAKE, Secure Enclave, YubiKeys, this http://blog.cryptographyengineering.com/2016/08/is-apples-cloud-key-vault-crypto.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+AFewThoughtsOnCryptographicEngineering+(A+Few+Thoughts+on+Cryptographic+Engineering)&m=1 …
-
-
mh, real world users don’t have strong passwords, or targeted nation state adversaries. Security is relative.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
sure. So no system anywhere should ever be called "secure" right? Even tamper proof hardware might be subverted!
-
No budget is big enough to break proper encryption with a strong passphrase. It's not obfuscation.
-
There's quite a difference between an inherently strong security feature and complex obfuscation.
-
I wouldn’t call a HSM obfuscation.
-
It can be defeated and the technology to break it scales to every instance once implemented.
-
How is it not obfuscation when it's simply hiding data that's inherently possible to extract?
-
“take the only physical HSM and perform a long expensive advanced process” is a VERY high bar
-
how would a foreign gov do it? How would a private get away with it? How could US do it covertly?
End of conversation
New conversation -
-
-
so let's give up, nothing will ever be secure, and apples key security is equivalent to plaintext pw in dropbox
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.