Comment by 0xDEAFBEAD
2 years ago
My definition of efficient is essentially whatever decreases the number of workable exploits most rapidly per hour of developer time.
>Depending on your definition of efficient, adding more hoops should work exponentially better.
Explain?
Suppose your hoop probabilities are 25% and that you have two hoops so that the probability of jumping through both is
You can reduce the size of one of the hoops in half, changing the probability to
You can also add a third hoop, in which case the probability is
1.5625% < 3.125%, so adding a third hoop is better than shrinking one of the two existing hoops. Of course, this argument makes important assumptions about the hoop probabilities.
The probabilities aren't independent. The person jumping through the first hoop is probably more able than average. Therefore, any additional hoop - if it doesn't require a completely orthogonal skill - is less selective.
I think it depends on what the "probability" is meant to indicate. You're correct if it's meant to indicate whether a particular attacker can get through a particular hoop. But probabilities could also refer to e.g. the chance that it's possible to get through a particular hoop, period. Or the fraction of some input space which corresponds to an exploitation.
Makes sense. Other key questions would be: complexity cost of added hoop (including, possibly, increased attack surface -- the sequence of hoops is just an abstraction that reality may not obey) and also creation difficulty (it could be that improving an existing hoop is significantly quicker than creating a new one).