[HN Gopher] The Cryptographic Doom Principle (2011)
       ___________________________________________________________________
        
       The Cryptographic Doom Principle (2011)
        
       Author : Bluestein
       Score  : 58 points
       Date   : 2024-08-24 11:16 UTC (1 days ago)
        
 (HTM) web link (moxie.org)
 (TXT) w3m dump (moxie.org)
        
       | api wrote:
       | This applies all the way down to machine code. It can be
       | dangerous to branch on secret data or on unauthenticated data, at
       | least if your threat model includes possible timing attacks.
        
         | woodruffw wrote:
         | The corollary to this is that digital signature implantations
         | _tend_ not to be timing hardened, with the assumption that
         | signed-over inputs are not secret. If your scheme assumes that
         | signed-over inputs also need to remain secret, you're likely
         | misusing your digital signature primitive!
        
       | tptacek wrote:
       | A great example of the unreasonable effectiveness of branding;
       | huge numbers of people who don't really know much at all about
       | cryptography engineering know the "doom principle", because it's
       | much more memorable than "nonce collision" or "error oracle".
        
         | Bluestein wrote:
         | > great example of the unreasonable effectiveness of branding
         | 
         | It is indeed.-
         | 
         | Unrelated to "will it run Doom?", of course. What someone here
         | has called "The Carmack Principle" :)
        
       ___________________________________________________________________
       (page generated 2024-08-25 23:00 UTC)