We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!
Posts must be:
Please also avoid duplicates.
Comments and post content must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.
And that’s basically it!
Assuming they were using threshold cryptography, they could have easily configured some redundancy into the system, e.g. by requiring 3 out of 5 people to decrypt it instead of 3 of 3.
It's easy to blame the one guy for losing the key, but he could have gotten hit by a bus or lost the hard drive in a house fire and they would have been equally as screwed. This is more of a system design failure than a PEBKAC failure.
in complex systems design, you never blame human error. humans are fallible, and if the system doesn’t account for human error then it’s just a matter of time until failure occurs. look for a way to make the system tolerate or eliminate human error
Normal error theory even takes the view that errors are inevitable in complex systems and that you need to design them so that the effects of those errors can't escalate.
literally the same concept as a comment i just wrote about russian hypersonic missiles breaking apart mid flight because they didn’t put limits on how fast they can change course when going mach 5 aha
look for a way to make the system tolerate human error
Ah, if only managers understood this principle.
My motto is that "all failures are management failures." But I'm not far enough up the chain to really implement that 😅
idk i fuck up and release buggy code at least 10% as much as management makes dumb ass decisions
And the 10% when you do… you were mismanaged!
According to the article they changed the procedure to require 2/3 keys, so at least they learned that lesson.
Which is stupid, since the reason they had 3/3 was that two people could not collaborate to change the results, which they now can with 2/3.
Should have been changed to 3/5 instead.
Exactly, it's worse all around.
And it's not like it's hard to use a different configuration; the threshold and total number of keys are just parameters of the algorithm.
The article concludes that's exactly what they're doing. Both changing to 2/3 and also providing clearer instructions to key holders.
Conspiracy time: Trustee #3 "lost" their key because polling suggested that they wouldn't like the results.
I have no reason to believe that's actually the case, but it's interesting that the org uses a 3 key system to prevent collusion between trustees, but didn't think about how this might enable lone-trustee sabotage.
Fuuuck... okay people, I'm going to pass my hat around, and you just throw in a piece of paper with the name you voted for.
I've heard of secret ballots, but this is ridiculous!
Skill issue.
In other news the owner of a vault whose key he threw away cannot access the contents.
It would be way worse if they somehow were able to decrypt the votes anyways without the key. Whether that be by retrieving the key from a backup or a flaw in the system. Because that would defeat the whole purpose.
All in all the technology they use is very interesting technically, but this event really demonstrates the tradeoff between security and convenience. Imagine if that was the election for a country... Oof
well the irony'd be in it anyway
~~—holy iambs, volume 14~~
the vaultkeepers alliance misplacing the key is what makes this such an amazing onion, though you probably agree, and I guess "Cryptographers unveil backdoor to every key ever created after losing key" would be an even better onion
Obligatory archive.is link. NYT thinks I'm a robot :'). Good thing real robots still work tho
Obligatory comment that archive doesn't load because it thinks I'm a robot
that's why I'm hesitant to host vaultwarden myself as opposed to pay to use bitwarden
Well, I'm not sure how using bitwarden changes anything here related to losing your keys?
Hosting vaultwarden you are just restricting third parties from having access to your cryptographed data. (personaly, to me, that's always better, since restricts possibilities of brute force - currently unfeasible for non-state actors, but who knows what will be achievable in 2, 4 years from now...)
If you lose the key* that unlocks your vault, be it vaultwarden or bitwarden, you will have effectively lost access to your vault either case.
*: losing the key is what seem to have happened in this election
a manager put all his passwords in a file then set a password to open it. forgot it. made him a new account. zip file iirc
I guess that trustee won't be getting voted into any important positions in the re-run!