Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes! It becomes worthless for copy protection.

Public-private key pairs only work if the private key is secret. If it’s not secret it doesn’t work.

This is a simple fact of how cryptography works. Or passwords, keys, or any secret like an API key, etc…

If you publish such things on GitHub, they instantly become “not what you’ve labelled it as”.



> It becomes worthless for...

So you admit it's not completely worthless at that point only for specific use cases.


Sure, it has uses: it can be printed on a T-shirt to teach big media a lesson about the futility of copy protection, etc…


Plus it lets people decrypt media encrypted by that key that they might otherwise have been unable to.

So we've established that a "private key" that is no longer private may still have uses to some people, it is not wholly "worthless."

Do you want to revise your earlier statement about the private key in the repo in question? Is it "worthless"? Is it a security problem? Do you know what that key is being used for?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: