Against what sort of attack? Who’s the attacker? What capabilities do they have? What do they want?
There’s a saying, “locks are to keep your friends out.” If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.
But a lock represents a social barrier: everyone knows that trying to defeat someone else’s lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.
A lock may slow down an attacker. It may redirect an attacker to go after your neighbor’s stuff instead of your stuff — but not if everyone has locks.
A password lock has some advantages over a key lock. You don’t have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you’re away, and then revoke it when they no longer need it.
However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That’s a lot harder with a physical key, because they’d have to go make a lot of copies of that key — which, if nothing else, costs money and time.
A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, …) were used to unlock it.
Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.
In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.
Against what sort of attack? Who’s the attacker? What capabilities do they have? What do they want?
There’s a saying, “locks are to keep your friends out.” If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.
But a lock represents a social barrier: everyone knows that trying to defeat someone else’s lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.
A lock may slow down an attacker. It may redirect an attacker to go after your neighbor’s stuff instead of your stuff — but not if everyone has locks.
A password lock has some advantages over a key lock. You don’t have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you’re away, and then revoke it when they no longer need it.
However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That’s a lot harder with a physical key, because they’d have to go make a lot of copies of that key — which, if nothing else, costs money and time.
A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, …) were used to unlock it.
Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.
Thanks for reminding me of this XKCD gem!
https://xkcd.com/538/
https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis