“How about seven keys hidden in different places?” This was a reference to Voldemort right? I was surprised you talked about Mad-Eye Moody instead, Voldemort’s horcruxes feel like a better illustration of ordinairy paranoia
I don’t see anything fundamentally wrong with Voldemort’s approach. To identify and destroy those horcruxes, the protagonists surely did spend significant amount of time, at great personal expenses. To me it has already successfully achieved the intended effect.
In cryptography, Shamir’s Secret Sharing Scheme (SSSS) is the same idea—this algorithm splits an encryption key into multiple shares, which then can be guarded by different trustees. The encryption key, hence the secret information, can only be unlocked when most or all trustees are compromised or agree to release their shares. This is certainly extremely useful for many problems, and it also foreshadowed a new cryptography subfield called Secure Multi-Party Computation (MPC). I think it’s fair to call this a product of the “true deep security mindset”.
Yudkowsky said “seven keys hidden in different places [in the filesystem]” is silly because they’re not conditionally independent, the entire filesystem could be bypassed altogether. Also, the attacker who’s able to find the first key is likely to be able to find the next key as well.
[...] the chance of obtaining the seventh key is not conditionally independent of the chance of obtaining the first two keys. If I can read the encrypted password file, and read your encrypted encryption key, then I’ve probably come up with something that just bypasses your filesystem and reads directly from the disk.
But speaking of Shamir’s shares or Voldemort’s horcruxes, they are basically all uncorrelated to each other and cannot be bypassed. I think the different shapes and forms of Voldemort’s horcruxes are actually a good demonstration of “security through diversity”—intentionally decorrelate the redundant parts of the system, e.g. don’t use the same operating system, don’t trust the same people. Tor Project identified the Linux monoculture as a security risk and encourages people to run more FreeBSD and OpenBSD relays.
Thus, I think not mentioning Voldemort’s horcruxes is a correct decision. While misguided reliance of redundancy is “ordinairy paranoia” and dangerous—attaching 7 locks to a breakable door, or adding secure secret sharing to a monolithic kernel probably does little on improving security (even with conditionally independent keys), and Tor Project’s platform diversity attempt only has a small (but still useful) contribution to its overall network security since they all run the same Tor executable. Nevertheless, redundancy itself can be “deep security”.
“How about seven keys hidden in different places?” This was a reference to Voldemort right? I was surprised you talked about Mad-Eye Moody instead, Voldemort’s horcruxes feel like a better illustration of ordinairy paranoia
I don’t see anything fundamentally wrong with Voldemort’s approach. To identify and destroy those horcruxes, the protagonists surely did spend significant amount of time, at great personal expenses. To me it has already successfully achieved the intended effect.
In cryptography, Shamir’s Secret Sharing Scheme (SSSS) is the same idea—this algorithm splits an encryption key into multiple shares, which then can be guarded by different trustees. The encryption key, hence the secret information, can only be unlocked when most or all trustees are compromised or agree to release their shares. This is certainly extremely useful for many problems, and it also foreshadowed a new cryptography subfield called Secure Multi-Party Computation (MPC). I think it’s fair to call this a product of the “true deep security mindset”.
Yudkowsky said “seven keys hidden in different places [in the filesystem]” is silly because they’re not conditionally independent, the entire filesystem could be bypassed altogether. Also, the attacker who’s able to find the first key is likely to be able to find the next key as well.
But speaking of Shamir’s shares or Voldemort’s horcruxes, they are basically all uncorrelated to each other and cannot be bypassed. I think the different shapes and forms of Voldemort’s horcruxes are actually a good demonstration of “security through diversity”—intentionally decorrelate the redundant parts of the system, e.g. don’t use the same operating system, don’t trust the same people. Tor Project identified the Linux monoculture as a security risk and encourages people to run more FreeBSD and OpenBSD relays.
Thus, I think not mentioning Voldemort’s horcruxes is a correct decision. While misguided reliance of redundancy is “ordinairy paranoia” and dangerous—attaching 7 locks to a breakable door, or adding secure secret sharing to a monolithic kernel probably does little on improving security (even with conditionally independent keys), and Tor Project’s platform diversity attempt only has a small (but still useful) contribution to its overall network security since they all run the same Tor executable. Nevertheless, redundancy itself can be “deep security”.