Securely delegating trust with digital signatures and secret storage systems ⚙️

More Tech stuff! :pray:

The secret to having healthy, shiny hair is pretty easy to guess. Wash it regularly. Use a decent shampoo. Definitely do not iron it :person_getting_haircut:

Here’s a secret nobody will ever guess:


At Monzo, we think about “secrets” as any piece of information we want to tightly control access to, for example passwords, encryption keys, and safe codes. They’re often just very large numbers with countless possibilities.

Previously we’ve talked about how we manage and control access to secrets, and how we protect our most sensitive ones from the most determined attackers.

In this blog post @awn, our Security Infrastructure Engineer explains how we use a combination of different secret storage systems to implement a balance between security assurances and usability :point_down:

If you have any questions feel free to drop them in the comments :blush:


I’ve got myself fixated on this bit. There’s 26 so is this just a cipher alphabet? But then am I supposed to be decrypting something? It could be hashing…

@AlanDoe you’re ruining my evening :rage:

1 Like

Oh! There’s a puzzle to solve in this blog post?

Count me in if there’s a plushie up for grabs.

This string of numbers is just 2 to the power 256 tho.

So they’re just demonstrating how to do a alphabet?

Pity, I’m over wordle and wanted something to solve

1 Like

I mean I’d love to be wrong! I enjoy a good puzzle! I think this is just an oversimplified example of what a secret is, to give regular readers some kind of idea.

For a more accurate example of a secret, here’s the public key for the key pair I’ve just generated for my iPad.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCo3joJANnaV5GSqpSIXNJyWKC9p17eymYfF4uP5CWhFUuG5Pm2ZXwN3ZJ+jX4Nar7sjJKBrl5SLVCwmWNkuhBmPuOKjOhmpPWTb41cAtNljgtnbSKvtv6pRwAe9CePfc5m5VdMZXk/6eV5BK8aU1fqNfqfN9zO6rh5/Lo6ry1PwR2OuGUYlk3k0ir8JZKc3qeghU+yvGPWtX5soDf6gRqEsk5S224L0DI4E3cHm8+RJYhOAtUlyAb5g+TYv+39dg37IUg0Kg2QcdFdg3nbN8lMjLv+Z6ACy1hrkwPu+tDp+kgeA2tFaTcV8y/D3JZ2PEA5P4dI3ycW88MLVzDUnJGgnBdJbOR5PihelODBHHmQLv77esku4ruJX3JfztdTZcR7blqrfNhc71vKh88BNqk5HW0nft+apWhE2WkHX8k5wUDUNDdZ8eD3p6bg1wfljYmpYI1kSKij5JSyvIOpd56pwWels2jaYmm/fIiPP6Y970a0yPNMerwyPf9BLmU5t289yNODBHpvMRXZJmXHsQYqPzXSVrILUi0+1Lj4CUHpt6/InxO1X3T3xibtwHWg8BvNeTQDI5nprcMlFwfa02xQMvqL/04SHybrXj2lIFvEOtMo2ZmTlnF6/ZUeMZYTltue0zu78I2Wrz/DOL0+U9GMXY4Ae2izU9/J/G0z7wW1JQ== user@ipad

1 Like




My favourite easy to understand low level explanation on how public/private keys are secure is from Tom Scott, the link should take you to the correct place (1 minute in)


For a more accurate example of a secret, here’s the public key for the key pair I’ve just generated for my iPad.

Cryptocurrencies often encode secrets in English words, for example here is my Bitcoin wallet’s secret:

setup evil gap electric expire napkin around dance run fee cash maze salute hollow diesel hawk process write verify mystery shoot cruel tomorrow media

This is a joke, that’s not actually my wallet


Probably a good way to do it, for the benefit of humans. Entropy is still good, just easier for us to read! My ISP does the same thing!

Reminds me of this:

@N26throwaway @Rat_au_van

The number written in the blog post represents the number of different possible keys if a key is 256 bits long. I think there was some miscommunication when the social media posts were written so it looks like that number is itself a secret :sweat_smile:


Thought so!

In the future though, it would absolutely be awesome if you did hide little puzzles in future infosec blog posts for us nerds to find!

I love solving the ones GCHQ throw out there!


Have you been tapped on the digital shoulder yet? :man_detective:


I can neither confirm or deny any potential association with GCHQ :eyes:

Honestly I doubt they’d want me! I’m usually on the wrong side of the debates on encryption! But it’s funny, as a child figuring out my first computer, learning the command line and pen testing, it would have probably been my dream job! :heart_eyes:


If you liked this post you might also like other posts I’ve written at where there’s more technical details : )


I knew those graphs looked familiar! Thought they were either from the OU or Cisco but couldn’t place it! Turns out I’ve read that post on your blog before, and that’s where I recognise the aesthetics from!


I’m in the ed25519 camp personally :smile:

: ) is pretty good for quickly making diagrams


Interesting! Any particular reason why? I’m not especially partial, but rsa is force of habit at this point!

In this case it was just the pre-chosen default option blink provided so used it for brevity!

Ooo! That’ll come in handy! Thanks for sharing! I’ve always just resorted to using Pixelmator or keynote for mine, which are a bit overkill!

1 Like

The reason rsa keys are so long is because rsa is implemented in a field over the integers (there are both + and x operations with inverses) which leads to better attacks against it so the key-size has to increase a lot to compensate, but only one operation is really necessary. It’s also tricky to implement securely and ends up being relatively slow in practice

On the other hand EC keys are implemented inside a group over some finite field so there is only one operation which leads to fewer attacks meaning the keys can be very short. Curve25519 for example (which is what ed25519 is based on) is very fast, has a small and simple implementation, small keys, and it avoids timing side-channels by design, so attackers cannot monitor how long operations take in order to learn sensitive information. This has been a big problem in the past.

There’s also the NIST curves (e.g. p-256 secp256k1) but they are not as secure and are controversial because of unexplained constants used in their design, and in light of the Snowden leaks there is more suspicion of NIST designs in general (See Dual_EC_DRBG - Wikipedia). SafeCurves is a good overview of the security of various existing curves:

There’s also cool abstractions like Why Ristretto? - The Ristretto Group which provide a safe prime-order elliptic curve group which eliminates small co-factors and simplifies implementations


Fascinating! I’ve got homework to do!

I know it’s a mathematically sound key type from what I’ve read, but can’t say I’ve properly explored or compared it to rsa! I’ve used it before, but it’s not the one I naturally go with. I do like elliptic curve cryptography tho and I should probably be gravitating towards it more for my keys!

I suppose in my case rsa has been so widely used and for so long that it’s borderline instinct now! A bit like Java in many ways, though I’ve not used Java in a long time! I’m far more picky with my languages than my keys! The only one I generally avoid is dsa.

Lots of good resources there for me to look into though, thank you!