[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

some points on weak codes

various points have been made about the undesirability
of weak voice scrambling mechanisms.

I'd like to advance the position that the use of trivially-broken 
codes is better than no codes at all, as long as the owner is
aware of the distinction.

one of the goals of cypherpunks is not necessarily to get a 
secure world (that is a *long* term goal), but to get a world
in which people are aware of the issues that cypherpunks are
interested in. Encryption, privacy, etc. 

now, along these lines, even a widespread trivially broken 
code penetration would be better than none at all.

this is a similar concept to that advocated by someone else
on this list, namely PRZ's manual that talks about how
you shouldn't use PGP on a shared system, and how you should
only exchange keys in person, as being a little to extreme
for the common man, for whom insecure crypto, along with
the *understanding* that it is not totally secure.

I think everyone here agrees on long term goals of widespread
encryption penetration. but one way to bridge that gap is to
just have "toy crypto". I see this deroated frequently on
the list but it is probably a very, very valuable public
relations mechanism. 

I mean, it's hard to imagine that in politics that distributing
little plastic symbols called "buttons" would have any social effect,
yet it has persisted since the invention of buttons.

things like a cheap "purple" kit, promoted by the cypherpunks, not
foolproof but easy to build and cheap to buy, would advance the
agenda in the long run in a very valuable way.

what we need to do is give people a variety of options to the
interested public laypeople, just like Ford and that anecdote demonstrates. 
are we saying, "you can have any crypto that you want, as long as the NSA 
can't break it in 1000 years"? that's the equivalent of saying, "you can 
have any car you want, as long as its black". we must resist the
illusion that there are only 2 kinds of crypto: insecure or secure.
there is a continuum of crypto, and casual users should not have
to worry about the capabilities of the NSA. IMHO we are sabotaging
our main goals, launching into a deep discussion of the NSA's
supercomputers and the theory of numbers whenever a newbie asks about 
what is available.

again, weak crypto is probably better than no crypto in most cases,
just because it helps improve public awareness. people can't even
comprehend the idea of what is "weak" or what is "strong" until
they even have a mental framework of what they are dealing with.

\  / ~/ |\| | | |> |  : : : : : : Vladimir Z. Nuri : : : : <[email protected]>
 \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html