Rendered at 11:08:09 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
poppadom1982 36 minutes ago [-]
> The Core Idea
> Enter X
> How It Works (Without the PhD)
> Why Y Should Care
...and an incredibly handwavy shallow explanation of why this actually works ("Through a clever sequence of oblivious transfers and what’s called multiplicative-to-additive share conversion, they each compute a partial signature.")
I don't get it. If you want a blog, write a blog. If you don't want a blog, don't write a blog. But why use an LLM to create a slopblog? It just wastes EVERYONE's time and energy. How disappointing.
bob1029 2 hours ago [-]
The article does touch on HSMs but might be missing the point of them?
> A compromised server no longer means a compromised key
Proper use of an HSM means that even the owner of the private key is not allowed to access it. You sign your messages within the secure context of the HSM. The key never leaves. It cannot become compromised if the system is configured correctly.
tjoff 2 hours ago [-]
You can't get the private key but you can sign with it, which is still plenty bad.
bob1029 1 hours ago [-]
The private key should be tightly scoped to its context of use. I would definitely agree with you if it's one key that rules the entire kingdom.
tjoff 20 minutes ago [-]
Not sure I follow? Lets say it is limited to one use only, sign an app.
Since I've got control of the box I can now use it to sign any app. Isn't that bad enough?
> Enter X
> How It Works (Without the PhD)
> Why Y Should Care
...and an incredibly handwavy shallow explanation of why this actually works ("Through a clever sequence of oblivious transfers and what’s called multiplicative-to-additive share conversion, they each compute a partial signature.")
I don't get it. If you want a blog, write a blog. If you don't want a blog, don't write a blog. But why use an LLM to create a slopblog? It just wastes EVERYONE's time and energy. How disappointing.
> A compromised server no longer means a compromised key
Proper use of an HSM means that even the owner of the private key is not allowed to access it. You sign your messages within the secure context of the HSM. The key never leaves. It cannot become compromised if the system is configured correctly.
Since I've got control of the box I can now use it to sign any app. Isn't that bad enough?