Nanashi comments on A pair of free information security tools I wrote - LessWrong

17 Post author: Nanashi 11 April 2015 11:03PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (97)

CC Licenced

Comments (97)

Sort By: Best

You are viewing a single comment's thread. Show more comments above.

Comment author: Nanashi 16 April 2015 06:01:20PM 2 points [-]

That made me smile. One of my favorite sayings is that "all security is security through obscurity", because all it really takes is a lead pipe and some duct tape to "de-obscure" the password. But, that said, I've always considered such "rubberhose cryptanalysis" to be a form of social engineering. Actually, that's a great doublespeak term for it. "Extreme Adversarial Social Engineering". It even has a good acronym: EASE.

When you say "the threat model which you skipped", what do you mean?

Comment author: Lumifer 16 April 2015 06:11:20PM 1 point [-]

all it really takes is a lead pipe and some duct tape to "de-obscure" the password

Which is why many contemporary secure systems do not rely on permanent passwords (e.g. OTR messaging).

threat model

The usual: who is your adversary and against which threats are you trying to protect yourself?

Nanashi comments on A pair of free information security tools I wrote - LessWrong

Article Navigation

Comments (97)

Nearest Meetups

Virtual Study Room

Recent Comments

Recent Posts

Recent Rationality Quotes

Recent Wiki Edits

Top Contributors, 30 Days

Recent Karma Awards

Comments (97)

Top Contributors, 30 Days

You'll need to login or register to do that

(Don't worry, it only takes a few seconds)

Create

Login