[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Cryptodiversity" and Foiling the "Key Grabbers"

George Gleason argues for having and using several types of
cryptosystems, a kind of "cryptodiversity." He writes:

> I do agree that OTPs are more expensive and less convenient to use than
> PKSs.  However, I also believe that the public interest would *best* be
> served by having *many* different kinds of cyphers available, including
> OTPs, PKSs, and various conventional cyphers, historic cyphers with
> relatively little current security value (for educational purposes) and so
> on.  The main advantages of OTPs are provable absolute security and the fact
> that the basic technique is so straightforward that it probably could never
> be banned and put out of circulation.   The time may come when we *need*
> OTPs, and we ought to have them ready beforehand, and have them in use in
> appropriate situations long before any crisis comes (to gain operational
> experience which could lead to improvements).  
> on the grounds of having unauthorised copies of copyrighted material.  Now I
> may be off base on this point, but the key here is the idea that many
> different kinds of cyphers, like many different varieties of plants and
> animals, make for a robust ecosystem which can't be wiped out by one plague.

A great idea. Getting several forms of crypto out there is a good
insurance policy. The problem I see is that no system, be it OTP or
something else, is likely to get much penetration in the market. PGP
has taken off, but another system will face an uphill battle unless it
is very well-written, very easy to use, and/or fills some special

Still, I want to encourage George to pursue this (somehow). I have a
CD-ROM on my Mac, but I doubt it'll be practical to burn CD-ROMs
economically (one service wants $200 for one CD-ROM, with a second one
for nominally more...and note that such a service is an obvious
security hole). 128 MB magneto-opticals may be a better bet, though
few folks have them.

In terms of programming energy, vis-a-vis a point John Gilmore made
recently about adding to the PGP effort, I'm sure enhancing PGP by
integrating it into standard mailers (yes, I'm aware of the security
holes here, too) would be even more beneficial to cryptodiversity,
just in the sense of getting the volume of encrypted traffic way up. A
good Mac version would also help, of course.

And to head off the "key grabbers," developing steganographic methods
to hide our encrypted bitstreams inside innocuous GIF files and the
like (as I have written about before) may be useful.


Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: awaiting Macintosh version.