[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Systems with weak crypto, was: The House Rules At The Permanent VirtualCypherpunks Party



At  9:46 AM 12/6/96 -0500, Dr.Dimitri Vulis KOTM wrote:
>If an entrepreneur wants to sell a new electrical gizmo and wants an
>independent review of its safety, he pays $$$ for it. Apparently one of the
>functions of the new brand of "cypher punks" is to provide a similar service
>for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's
>proposal. I have better use for my time.

However, I assume that you have no objection to others reviewing Don't
proposal for free (Actually for reputation).
>
>I also don't think that the ease of breaking the code should be the only
>consideration in evaluating a low-end cryptographic product. ...
>
>... If someone wants to market (and support) a crypto package for
>the masses and gets the masses to deploy it, I take my hat off to them. It
>doesn't matter if the code itself can be cracked as easily as the codes used
>in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the
>code isn't strong enough for their needs, they'll upgrade to stronger codes.
>The path from weak crypto to strong crypto is much shorter than the path from
>no crypto to some crypto.
>
>If the user interface and [did you mean "is" - bf] logical and transparent 
>and provides hooks to
>replace the weak (non-export-controlled) crypto being shipped with a stronger
>one (say, by FTPing a DLL) then it's a Good Thing.

Good interfaces are definitely something needed for the widespread adoption
of crypto, either strong or weak.  However, the general opinion I have
heard is that UIs with easily replaced crypto are covered by ITAR.


>Don is doing a Good Thing and the "cypher punks" are doing an evil thing.

If Don is contributing to better interfaces, then I agree he is doing a
good thing.  If all he is doing is proposing a new algorithm and describing
it with, to be charitable, non-standard uses of well defined terms, then I
disagree.

I strongly disagree that cypherpunks are doing an evil thing by exposing
the weaknesses in anyone's (including Don's) crypto system.  There are many
ways to contribute, and publicizing the facts about a system are one of
them.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
[email protected] |       - Who 1st said this? | Los Gatos, CA 95032, USA