The Billion-Dollar Brain Fart

Written By The Secret Developer

Remember those Bitcoin billionaires who threw out their fortunes with a hard drive? Well, they’ve upgraded. They’re now managing security elections at one of the world’s top cryptographic research associations.

You can guess what’s happened. It’s the obvious escalation.

Oh dear

The people who live and breathe cryptography, The International Association for Cryptologic Research (IACR) used a three-key encryption system for votes in their latest leadership election. Who better to run a secure leadership election than the IACR?

They decided three people, each with part of the key, must combine their bits to decrypt the results.

Security, security, security. It’s crucial and super important. The most important thing. In this case it’s so important that the elections had to be cancelled, because the results couldn’t be recovered.

They were that secure.

The cause of the issue? One of the key holders lost theirs. You aren’t going to be able to overcome the human weak link that easily, said the universe.

People, people people

One of the trustees (well) trusted with the key “irretrievably” lost it. Is it on USB stick from 1998, mistakenly washed on a long cycle? Scrawled on the back of a Starbucks receipt? On a failed hard drive?

I guess we’ll never know. In any case the result is the same, votes are permanently locked and unable to be decrypted.

You are the Weakest Link

Bruce Schneier, the cryptography world’s closest thing to a celebrity, noted that these failures are “very human”. Whether it’s forgetting a password, losing a device, or writing your credentials on a sticky note, it turns out no amount of mathematics can secure your system from sheer idiocy.

The more secure a system, the more likely the weakest link is a user of it.

I remember when DevOps decided unanimously that we needed two approvals to merge code. It didn’t improve our code quality, the security of our work our the number of features pushed (it decreased all of these metrics). It did mean DevOps felt that they’d done something even though it didn’t help anybody in the firm. That’s life.

So I’m not even surprised that this incident happened to IACR. Yet you’d think that they has some sort of contingency plan, but no.

Now with 33% More Common Sense!

The solution? Do it again. The IACR is re-running the vote with a new trustee and a new policy which is that only two out of three trustees need to participate to decrypt results. This change is being marketed as “new safeguards”, which in corporate-speak means “we’ve finally acknowledged our users are human.”

Would’ve been nice to think of that before the election, but hey, hindsight is so in the past.

Why This Matters

For those of us working in enterprise tech, watching the cryptographic elite screw up basic access control is… reassuring. If the so-called experts can’t even recover from a lost key, maybe we’re not doing so badly when Jenkins accidentally deploys to production at 3 a.m.

But it also reminds us how fragile our systems are when built on the assumption that people will never make mistakes. Spoiler alert: people always make mistakes. Plan for that. Design for that. And maybe next time, make sure someone writes the damn key down.

About The Author

Professional Software Developer “The Secret Developer” can be found on Twitter @TheSDeveloper.

The Secret Developer once had to reset their GitHub password. It was an emotional day.

The Secret Developer
Previous

I’m Not Ignoring You, I’m Just Terrified of You
Next

24/7 Availability, but You Still Owe Us a Commute