From Bruce Schneier’s “The Keys to the Sydney Subway“:
Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.
This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them. …
Another problem with global secrets is that it’s expensive to recover from a security failure. …
A final problem with global secrets is that it’s simply too easy to lose control of them.
Posted on March 29th, 2006 by Scott Granneman
Filed under: security