Soatok's Informal Guide to Threat Models

(soatok.blog)

52 points | by zdw 4 hours ago

4 comments

  • Cider9986 34 minutes ago
    This was a fun read.

    My introduction to threat modeling was from this post: https://www.privacyguides.org/en/basics/threat-modeling/

    It's a bit shorter and focused for people interested in privacy.

  • mapontosevenths 4 hours ago
    This is the best gay furry blog post about threat modeling I've seen all day!
  • teravor 1 hour ago

        > Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs.
    
    
    there is also the likelihood that Q-Day never arrives, either because something we don't know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.
  • evanprodromou 4 hours ago
    Wow, excellent guide! And I love the E2EE example.