I do agree. However cryptographically correct those who say it is not necessary may be, I am a supporter of the lock/unlock feature. I think even Steve was coming round to that way of thinking in the end!
the problem I can forsee with the lock/unlock feature is this.
Attacker finds a secret key that has been locked (he finds the key and some kind of even occurs).
Attacker now knows hes found something worth looking into.
Attacker spoofs his IP address, uses TOR, or whatever method to bypass an IP blocklist as puprosed in the past for this lock/unlock setup.
Attacker then sets up a system to continue to test this secret, or saves it for testing in the future.
A much better solution to this problem would have been to implement a PGP or GPG solution where there is a private and public key.
Can someone just guess shared secrets?
in Sync General Discussion
Posted
the problem I can forsee with the lock/unlock feature is this.
Attacker finds a secret key that has been locked (he finds the key and some kind of even occurs).
Attacker now knows hes found something worth looking into.
Attacker spoofs his IP address, uses TOR, or whatever method to bypass an IP blocklist as puprosed in the past for this lock/unlock setup.
Attacker then sets up a system to continue to test this secret, or saves it for testing in the future.
A much better solution to this problem would have been to implement a PGP or GPG solution where there is a private and public key.