Soatok's Informal Guide to Threat Models

(soatok.blog)

53 points | by zdw 4 hours ago

4 comments

  • Cider9986 45 minutes ago
    This was a fun read.

    My introduction to threat modeling was from this post: https://www.privacyguides.org/en/basics/threat-modeling/

    It's a bit shorter and focused for people interested in privacy.

  • mapontosevenths 4 hours ago
    This is the best gay furry blog post about threat modeling I've seen all day!
  • teravor 1 hour ago

        > Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs.
    
    
    there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.
    • some_furry 1 hour ago
      Hi, I'm the author of this blog post!

      > there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity)

      That is possible, but given the recent 2029 timelines from large Internet providers, I think it's prudent to prepare for Q-Day even if it never arrives.

      > or because the entire field was a scam.

      The field is like... a magnet for scams, sure. But it, itself, isn't one.

      And, like, the Quantum Village at DEFCON has really failed to establish credibility in my eyes.

      https://soatok.blog/2022/08/18/burning-trust-at-the-quantum-...

      https://soatok.blog/2023/08/20/defcon-quantum-village-2-elec...

      > in that scenario abandoning ECC would have been pretty stupid.

      Not really, no. See https://blog.trailofbits.com/2024/07/01/quantum-is-unimporta... for a counter-point.

      • teravor 7 minutes ago

            > That is possible, but given the recent 2029 timelines from large Internet providers, I think it's prudent to prepare for Q-Day even if it never arrives.
        
        no one argues we shouldn't. you made the argument that we should abandon ECC by not doing hybrid, in my opinion it's an extremely weak argument because it assumes Q-Day will arrive. don't change goalposts.

        the article you linked supports my position.

            > the fear of the quantum doomsayers is based on a completely valid observation: the internet has put nearly all of its cryptographic eggs into the single basket of the hidden subgroup problem.
        
            > By the time the next phase of standardization is over, we can expect to have algorithms based on at least three or four different mathematical problems. If one of the selected problems were to fall to advances in quantum or classical algorithms, there are readily-available replacements that are highly unlikely to be affected by attacks on the fallen cryptosystems.
        
        
        in fact, it makes the argument (if not directly) for a concatenation of multiple schemes. I'm all for it, hybrid++.
  • evanprodromou 4 hours ago
    Wow, excellent guide! And I love the E2EE example.