Re: Flame Wars

["Perry E. Metzger" <perry@piermont.com>]

zoetrope@infinet.com writes:
>         I am sorry if I have annoyed or offended anyone here, It was not my
> intention of course......I dont want to hold any grudges especially with
> Sameer....I havent done much cracking and have alot of questions I bet alot
> of you had when you were 13 anyway zoetrope as in coppolla's
> studio....again sorry If I offended or annoyed you....

If you are actually 13, I apologize for the comments I made earlier.
However, if you are really are that young your questions are
understandable, as was your manner. I got started in computers when I
was about eleven many, many years ago, and I remember what its like
when you know more than most adults about technology but don't quite
know how to interact with other technical people yet. (I also remember
that I didn't appreciate people thinking that I didn't know how to
interact with other people, but thats another story.)

By the way, generally, it works better when you join a new mailing
list if you sit and listen for a while to get the flavor of what is
going on.

Anway, let me try to answer your question.

We don't study cryptography and data security for any one reason -- we
are a big and very diverse group of people and we have many different
reasons for what we do. However, many of us are interested in the
topic for political reasons. We view cryptography as a way to ensure
freedom and privacy for people around the world, and we try to advance
that cause by studying cryptographic systems and sometimes computer
security in general. Other reasons people like doing cryptography work
is that its a fun area of math/computer science to fool around with in
and of itself, and that some of us, including me, have paying work
doing things like computer and network security.

Most of us don't want to break in to computer systems for the sake of
breaking in to them, and in fact most of us don't even actually break
in to computers per se, but we do try to break badly designed
cryptographic software and security systems in order to get people to
build them better -- we tend to publicize these efforts both so that
we can get as many people working on them as possible (the more brains
the better) and so that we can make sure that people are aware of
flaws so that they will fix them or so that, if they aren't fixed,
people will avoid the software with the problems. "Security through
obscurity" is something we usually dislike around here, and you may
see the term "security through obscurity" used as a way of insulting
some cryptographic system or security sytem from time to time if it
depends on people not knowing how it works in order to keep it secure.

If you are interested in cryptography and in learning a bit about what
we do, I suggest that you first read a good introductory book on
cryptography like Bruce Schneier's "Applied Cryptography" (which is
coming out in a new edition in only a few weeks) and that you listen
a bit to the conversation around here -- you might also want to read
some of the back archives of the mailing list on www.hks.net.

You also might have other questions. One good way to deal with them is
to first see if you can find the answer in Schneier's book or the
archives, and then to try to ask the list if its a question that lots
of people might want to think about, or send mail to a single person
who probably knows the answer if you don't think its worth bothering
everyone about.

Above all, its important to remember that people around here are often
trying to get work done, and will answer quiet, polite questions
before they will answer loud and obnoxious ones.

Perry