Hacker News new | past | comments | ask | show | jobs | submit login

And plausible deniability is the #1 rule when being malicious. If you know enough to use an asymmetric key instead of a password, but not enough to think it's a good idea to leave the private key there, you're in a weird cross-section of expertise.

A broken script that turns a development build into a production/customer build could also be at fault, forgetting to delete the default key pair.

Equally as plausible which is exactly where you want to be if you're malicious.

I'll spin this around though: What would a high-quality plausibly deniable backdoor look like to you?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact