[cryptome] Re: 2nd closure - provider of encrypted emails

  • From: Ben McGinnes <ben@xxxxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sun, 18 Aug 2013 22:19:54 +1000

On 18/08/13 10:02 PM, John Young wrote:
> Jon Callas writes recently that crypto is not the weakness,
> it is by-passed to attack vulnerabilities of transmission.
> http://cryptome.org/2013/08/callas-snowden.htm

Interesting, though not entirely surprising.

> Corollaries:
> Crypto is a red flag inviting attack, aided by anonymizing and other
> concealing methodologies.

Of course.

> The only trustworthy email is that which never leaves your box which
> must be disconnected from everything else in a Faraday, in a bunker,
> un-powered, out of your reach. Never used, no CPU, no chips, no
> cards, no wiring, just the tin shell covered in bakelite. A
> demagnetized rock will do.

And at that point it is no longer useful as a means of communications.
There's always a degree of compromise with such systems.

> Humans leak far more than machines. Solipsists and hermits and
> braggarts the leakiest.

Right.  The biggest problems being with those poeple who are all three
of these (insert pointed look at Julian Assange here).

> One thing is for sure after the history of computers of trying,
> infallible digital security is impossible, only gradations of
> cybernetic illusion. As with security in general.

Yes and not just the history of computing.  There have been plenty of
examples throughout history.  Every time a conspiracy is betrayed by
the fear of a member, every time an individual makes a bid for their
own power instead of whatever cause they were supposed to be loyal too
and so on.

> Attackers always win until they crow about prowess as strong
> security for a marketing effort. Then they are taken down by the
> weakest link.

Exactly.  Furthermore, since marketing is the construction of
illusion, it introduces its own weaknesses in the form of deluding the
target of the marketing campaign into believing there is greater
substance present than really exists.

> Ponder the invention of the word security. It isn't what it is
> alleged to be, it means credible illusion, a brand.

Right.  Security is a feeling; people are not secure, they feel
secure.  It's one of the first rules of international relations.  That
security can never be achieved, it is a concept used to instil a sense
of order and reliability in an ecosystem.

>  PKC is a brand which wizened cryptographers tinker with but
> distrust beyond marketing. Read Callas and Zimmermann closely, not
> their publicity.

Always worth bearing in mind.  Not being a Silent Circle user (because
I don't have an Android phone or an iPhone), I haven't really paid as
much attention to their recent stuff.  As for my email, well, I'm sure
the GPG signature gives that away.  ;)


Attachment: signature.asc
Description: OpenPGP digital signature

Other related posts: