Discussion summary

The post discusses threat models and cryptographic strategies, with some debate over the likelihood of Q-Day and the effectiveness of certain encryption methods. Opinions vary on the author's bias and the threat models of platforms like Signal.

What the discussion says

  • Some agree with the post's cryptographic insights.
  • Concerns about the realism of Q-Day and quantum threats.
  • Criticism of the author's bias towards Signal.
  • Debate over the necessity of nuance in threat modeling.
Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day.
evanprodromou
Q-Day might never arrive due to unknown factors.
esseph

Comments

Hacker News

Wow, excellent guide! And I love the E2EE example.

by evanprodromou

    > Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs.

there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.

by teravor

> there is also the likelihood that Q-Day never arrives

A lot of big players have accelerated their Q-day timelines fairly recently by years.

by esseph

There's a lot of stuff in this post I agree with. There's also a lot of stuff that hints that the author doesn't believe in the worst case they name: that there might be a classical cryptanalytic attack on ML-KEM that occurs before Q-day.

by matthewdgreen

Hi, I'm the author of this blog post!

> there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity)

That is possible, but given the recent 2029 timelines from large Internet providers, I think it's prudent to prepare for Q-Day even if it never arrives.

> or because the entire field was a scam.

The field is like... a magnet for scams, sure. But it, itself, isn't one.

And, like, the Quantum Village at DEFCON has really failed to establish credibility in my eyes.

https://soatok.blog/2022/08/18/burning-trust-at-the-quantum-...

https://soatok.blog/2023/08/20/defcon-quantum-village-2-elec...

> in that scenario abandoning ECC would have been pretty stupid.

Not really, no. See https://blog.trailofbits.com/2024/07/01/quantum-is-unimporta... for a counter-point.

by some_furry

Maybe I shouldn't, but I stopped taking the author seriously for their lack of nuance/extremely biased views favouring Signal in every article about E2EE applied to IM. But I do agree that threat modeling is just a support to formalize and document the variables in the threat equation. It doesn't say anything about whether the threat is reasonable, legitimate and grounded in reality, so it's only knocking the subjectivity can a tad down the road.

by ezst

The author is an over-opinionated a*hole, so not taking him seriously is perfectly fine.

by frmersdog

Does one have to be nuanced in everything one says? I'm not a fan of Signal's threat model, especially their historical threat models (e.g. acting like it's safe to link users to phone numbers, and then advertise which phone numbers are and aren't using Signal), but Signal's main protocol seems pretty solid, especially compared to some other systems.

by wizzwizz4

perhaps not the kind of nuance you mean, but this post criticizes signal for not having a threat model

by throawayonthe

This is the best gay furry blog post about threat modeling I've seen all day!

by mapontosevenths

> Please remember that Dhole Moments is a furry blog before complaining about the furry art. It gets exhausting.

Articles about cybersecurity gets 100% credibility when made by furries.

by Lucasoato

Really enjoyed this framing of threat modelling as a way to make assumptions explicit and not just a compliance checklist. It was also quite amusing and sassy. Well done to the author, great piece! The point that secure is meaningless without defining the adversary and assets is especially important. One thing it doesn't tackle that I would like to know more about is how do teams keep these assumptions and threat models current as the system and its environment evolve? I think that is a massive challenge.

by raychis

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • Wow, excellent guide! And I love the E2EE example.
    by evanprodromou
  •     > Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs.
    
    
    there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.
    by teravor
  • > there is also the likelihood that Q-Day never arrives

    A lot of big players have accelerated their Q-day timelines fairly recently by years.

    by esseph
  • There's a lot of stuff in this post I agree with. There's also a lot of stuff that hints that the author doesn't believe in the worst case they name: that there might be a classical cryptanalytic attack on ML-KEM that occurs before Q-day.
    by matthewdgreen
  • Hi, I'm the author of this blog post!

    > there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity)

    That is possible, but given the recent 2029 timelines from large Internet providers, I think it's prudent to prepare for Q-Day even if it never arrives.

    > or because the entire field was a scam.

    The field is like... a magnet for scams, sure. But it, itself, isn't one.

    And, like, the Quantum Village at DEFCON has really failed to establish credibility in my eyes.

    https://soatok.blog/2022/08/18/burning-trust-at-the-quantum-...

    https://soatok.blog/2023/08/20/defcon-quantum-village-2-elec...

    > in that scenario abandoning ECC would have been pretty stupid.

    Not really, no. See https://blog.trailofbits.com/2024/07/01/quantum-is-unimporta... for a counter-point.

    by some_furry
  • Maybe I shouldn't, but I stopped taking the author seriously for their lack of nuance/extremely biased views favouring Signal in every article about E2EE applied to IM. But I do agree that threat modeling is just a support to formalize and document the variables in the threat equation. It doesn't say anything about whether the threat is reasonable, legitimate and grounded in reality, so it's only knocking the subjectivity can a tad down the road.
    by ezst
  • The author is an over-opinionated a*hole, so not taking him seriously is perfectly fine.
    by frmersdog
  • Does one have to be nuanced in everything one says? I'm not a fan of Signal's threat model, especially their historical threat models (e.g. acting like it's safe to link users to phone numbers, and then advertise which phone numbers are and aren't using Signal), but Signal's main protocol seems pretty solid, especially compared to some other systems.
    by wizzwizz4
  • perhaps not the kind of nuance you mean, but this post criticizes signal for not having a threat model
    by throawayonthe
  • This is the best gay furry blog post about threat modeling I've seen all day!
    by mapontosevenths
  • > Please remember that Dhole Moments is a furry blog before complaining about the furry art. It gets exhausting.

    Articles about cybersecurity gets 100% credibility when made by furries.

    by Lucasoato
  • Really enjoyed this framing of threat modelling as a way to make assumptions explicit and not just a compliance checklist. It was also quite amusing and sassy. Well done to the author, great piece! The point that secure is meaningless without defining the adversary and assets is especially important. One thing it doesn't tackle that I would like to know more about is how do teams keep these assumptions and threat models current as the system and its environment evolve? I think that is a massive challenge.
    by raychis
  • This was a fun read.

    My introduction to threat modeling was from this post: https://www.privacyguides.org/en/basics/threat-modeling/

    It's a bit shorter and focused for people interested in privacy.

    by Cider9986

Related stories