Hacker News new | past | comments | ask | show | jobs | submit login

Brings back nausea from arguments past, that went something like this (dramatized for your pleasure):

Me: Your protocol has a serious size-side channel that leaks all the important data as sizes. Please use a constant length encoding.

Duh: Thanks! I added RANDOM padding. Totally secure now(tm).

Me: Your random was rand(), I recovered the LCG state from a few packets with known sizes and then recovered the original sizes, its still totally insecure. /Please/ make it constant size.

Duh: I made the random better and got rid of the known length packets. Now its extra completely secure.

Me: This will just take more statistical analysis to break, please just make it constant— the overhead is negligible! This is critical and anything short of constant is leaking information. We can't make assumptions about how powerful the attacker's statistical reasoning is, so even a small leak could be fatal.

Duh: I tried for two hours and couldn't break it. You're wasting my time.

Me: Argh. After a week of analysis, I've created this sampling and averaging script which completely recovers the secret data. Please. Just. Make. The. Encoding. Constant. Length.

Duh: Oh come on, that requires the same user to use it four times in a row. But fine, I now also quantize the size to a multiple of 2. The script you gave me no longer works, so now it's secure.

Me: <jumps off building>

The adage that anyone can make a cryptosystem he himself can't break— should have a sister rule: Most people can make a cryptosystem which isn't cost effective to review by an honest party but which may be very economical to attack once it's protecting something of value.

Don't forget that Duh also lights up the twitter and the hubs with their SuperSecretCoderRing. On the internet anyone can pretend to do brain surgery.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact