[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cluelessness V.S. Lack of Knowledge



At 9:29 PM 2/23/96, Alan Olsen wrote:

>There are companies out there that are trying to build good
>products.  These people can be instructed on the ways of
>implementing good crypto.  Unfortunately, I have seen a number
>of them pushed up against the "Wall of Attitude" when they do
>ask for help.  Cypherpunks, for good or for bad, have a
>reputation for being experts in the field.  People come here to
>ask questions because "Cypherpunks know what Good Crypto tastes
>like".  What is happening though is that they are also getting
>a reputation as people who flame first and give answers later,
>if ever.  This is not a "good thing".  If you want strong
>crypto to exist, you have to make the people who are trying to
>put it into place able to understand what it is in the first
>place.  Giving them grief when they try to find out the flaws
>in the ideas (and are willing to learn) is not helpful to the
>community as a whole.

I disagree. There are several points to keep in mind:

1. There are many sources of information on crypto, including excellent
books on cryptography and information theory, and several FAQs readily
available. There are frequent pointers to these FAQs, books, journals, and
newsgroups.

2. Most of the "harsh criticisms" come when people do one or more of the
following:

a. announce an amazing new discovery, but refuse to give details ("we have
applied for patents on our amazing new discovery")

b. show an unawareness of basic facts which any competent cryptologist
should at least be familiar with

c. expect "the Cypherpunks" to provide free consulting and educational
training (this same issue comes up on sci.crypt all the time, too, with
people announcing some new cipher--which is usually some variant of a
well-known cipher--and expressing frustration that "nobody will help me try
to break it.")

3. "The Cypherpunks" is not a freelance consulting group, doing
"Underwriter's Laboratories" (as in "UL Approved" on your electrical
appliances) tests on proposed new systems. Even weak ciphers take time to
break. See above. Or see the many comments to this effect in sci.crypt (in
fact, I recall that it's in the FAQ for sci.crypt.)

4. In any case, with 1000 or more subscribers, and no consensus mechanism
(no official position), nearly any proposal is going to be met with some
negative comments from _someone_. Welcome to the real world. Anyone whose
skin is so thin as to be scared off from posting because he fears that
_someone_ will criticize his idea is a hopeless case.

5. Genuinely good ideas, or ideas that appear to come from someone who has
done some real research and thinking, are usually responded to pretty
favorably. I could cite the work on MixMaster, Crypto++, Blowfish, etc.


>I know of one developer who is trying to implement a strong
>cryptosystem in his app.  He is unwilling to post his
>questions/concerns here because he is afraid of getting his ass
>shot off on the first query.  Judging by some of the responses
>I have seen, I do not blame him!  I can understand intolerance
>of the sales droids who push crap.  I do not have much
>tolerance for them either.  It bothers me when I see people who
>are not experts in the field AND ARE TRYING TO LEARN getting
>"blowed up real good" because they are not experts.
>
>Cypherpunks not only need to teach, they need to be willing to
>teach.

There's a huge textbook on crypto: Schneier's book. Also, numerous books by
Koblitz, Denning, Meyer and Matyas, and on and on.

If your friend has a system which builds on basic principles, he won't be
"shot down." If his ideas are good ones, he'll be embraced as a colleague.
If he hasn't absorbed the standard theory, he'll be dismissed curtly. As it
should be.

Breaking a system, even one based on good principles, takes real work. Few
people will volunteer to put free time and computer resources into testing
the strength of unknown systems. Think about it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."