The weakness of the chain are human beings. For the same reasons the young coders are still making SQL injections, people keep bad practices for security.
Our human brain cannot store too much stress and secrets. So every human make shortcuts.
They forgot to check public keys and identity during key signing parties or accept to put in their ring of trusts people refusing to justify their identities.
PKI à la PGP like bitcoin is weak to local majority attack.
And human are still the weak point. Just target the vulnerable to take down the ring of trust.
Information technology requires better education. Not more expertise. Just the basics.
"Our human brain cannot store too much stress and secrets. So every human make shortcuts."
Well put. Russians used to say some of the best info came from just before or after a secure phone went encrypted. People couldn't let themselves wait or double-check even that much.
Economics and productivity do even more damage. People griped that B3/A1 secure systems didnt have development pace or features for price paid vs insecure competition. Plus insecure did lock-in nicely. Result: almost no investment into secure alternatives to crud we're locked into.
Defence, Comp Sci, and what's left of high assurance commercial are still cranking out useful stuff at least.
The weakness of the chain are human beings. For the same reasons the young coders are still making SQL injections, people keep bad practices for security.
Our human brain cannot store too much stress and secrets. So every human make shortcuts.
They forgot to check public keys and identity during key signing parties or accept to put in their ring of trusts people refusing to justify their identities.
PKI à la PGP like bitcoin is weak to local majority attack.
And human are still the weak point. Just target the vulnerable to take down the ring of trust.
Information technology requires better education. Not more expertise. Just the basics.