Keeping Secrets (notes)

Michael Stone, April 8, 2011, , (src), (all posts)


Keeping Secrets

I know that I’m not very good at keeping secrets. Unfortunately, I also have yet to meet anyone who can tell me a convincing story about how they protect their secrets. As a result, I’ve begun to think that the problem might be hard. This essay is my attempt to understand why this problem is hard and what we might do about it despite its hardness.

What’s Hard about Secrets

These properties are well-known and are reproduced here mainly as an aid to my over-committed memory:

  1. Good secrets are hard to generate.
  2. Good secrets are hard to remember.
  3. Hidden secrets are easy to lose.
  4. Written secrets are easy to copy.
  5. Secrecy and availability are inversely related.
  6. Using secrets tends to expose them to disclosure.

What’s Hard about Authentication

Security principals are usefully defined as entities that can keep secrets (citation needed!) because this is definition provides a good base on which to the question: “how can principal A convince me that xe is not principal B?” (with the answer being: “…by proving to me that xe knows a secret that I know1 that only A knows.”)


economics, safety constraints, common-mode failures, system accidents, adversaries, …

  1. Note: I need to find some more precise words than “know”, “convince”, and “xe” above…↩︎