Hacker Newsnew | past | comments | ask | show | jobs | submit | vrypan's commentslogin

A totally predictable pattern shows more entropy than a randomly generated one. I would love to hear from people who have better and deeper understanding of the topic.


For cryptography, it's probably more important to be unpredictable than to have a perfect entropy score.


bckt-mcp: a MCP helper for the bckt static site generator. Compose your posts in Claude, let it take care of the front matter, paths, slugs, filenames.


This is cool!


Thank you! And thanks for the support!


And now that I think of it. IMAP (more or less) allows you to download your mbox file. Why downloading using HTTP is so much worst (it isn't) than using IMAP?


email was working long before there was IMAP. If you want your "keys", you have to be able to download your mbox file (which is possible in hey).


Thanks!


* For how long must it be secure? let's say for 10 years

* Against whom must it be secured? Everyone, including national agencies and organised crime.

* What are your potential losses if it's broken? A lot of money.

* How can you be sure you've used a secure implementation? No idea

* What do you think the "strongest available crypto" currently is? No idea, but I would guess someone has this answer

* Can you be sure that the key will never be compromised? No, but this is a separate problem, I assume here that the key is not compromised.

* Where will you store the key? Off-line

* Do you need to send the key to someone else? No.

* Where will the encryption happen? Locally.


Considering that you don't know whether you can be sure that you've used a secure implementation, then the answer is a resounding, NO! It is not, by your own admission, 'safe' to publish any data that needs to remain secure in a publicly available setting.

Once you can answer yes to:

<snip> How can you be sure you've used a secure implementation? No idea </snip>

Then you will be able to ascertain for yourself whether your encrypted data, placed in a publicly available location, is "Safe Enough", "Secure Enough" for your needs.

It would be naive to assume that any data placed somewhere, encrypted or not, is stored with a completely invulnerable method.

That having been said, one must rise to the occasion of determining how secure something needs to be, and then availing oneself of the means to achieve that level of security.

I hope that helps, but in reality, there really isn't a cut and dried YES|NO answer - only relative levels of reasonable assurance in securing your data and communications.


>> What are your potential losses if it's broken?

> A lot of money.

What is the potential gain to your adversaries?

The other question is: Why would you do this?

The answer is: You can publish things that are encrypted, but the level of confidence is tied up with knowing that the encryption is secure against all attack vectors as applied by your most determined and well-resourced adversary for ten years, during which time advances in attacks will be made.

If you think no one will really care, if your adversaries have little or nothing to gain, then you're probably fine.

If they stand to gain a lot, you're probably not.

But I'm not an expert, I'm just trying to highlight some of the issues for you.


Elliptic Curve Cryptography


One Time Pad!


A file server has nothing to do with syncing across devices. If this was the case, they wouldn't have a x86 Linux client either.


This is an amazing idea!


I'll do my best :-)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: