[cryptome] Re: [Cryptography] Boing Boing pushing an RSA Conference boycott

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: cryptography@xxxxxxxxxxxx,cryptography@xxxxxxxxxxxxx, cryptome@xxxxxxxxxxxxx
  • Date: Thu, 16 Jan 2014 10:28:40 -0500

Punishing RSA is work for bloodthirsty media and its fans. Public
crypto needs much better to offer the public than entertaining
evanescent revenge.

3DES is intriguing. Publicizing a list of other well-tested ciphersystems
would be constructive alternatives to "nothing can be done, authority always
wins." Public loss of trust in any comsec and crypto is ever present.

As a consumer, I want you to give me something useable and reliable
for ordinary use not weapons-grade illusion of infallibility. Ban the use
of "unbreakable." Stop tinkering with old reliable OTP with digital
simulacra. Stop blaming users for faulty implementation.

Civil engineers never say a dam is infallible, they say it will fail, watch
for well-known weak spots, prepare to patch and maintain continuously,
and never forget the disasters of over-confidence, limited construction
budgets, cut backs in maintenance, and water policy exploiters.

Earthen dams without sluices, relying upon mass and gravity, outlast
reinforced concrete "monoliths" perforated with umpteen ways to
monetize the water flow, nowadays usually to run more server farms
near hydropower facilities.

I'd like an earthen dam crypto tool I can watch myself for leaks.
I got PGP 2.6. Anything better that is not reliant up commercially
biased assurances?

BTW, why is PGP Inc and IBM Inc not being bashed like RSA Inc?

At 01:26 AM 1/16/2014, you wrote:
At 12:48 PM 1/15/2014, Phillip Hallam-Baker wrote:
What then should we do about all the folk clinging to 3DES? How about the people who stuck with MD5? How about the people who have not junked SHA-1?

Ignoring Phill's perfectly reasonable main point, what's wrong with 3DES?
Sure, it's clunky, takes lots of bit-twiddling, is a good bit slower and larger than AES, and only gives you ~112 bits of security for your 168 bits of keys, but is there anything wrong with it other than being not as good as some of the alternatives? (Ok, and maybe a bit of power analysis risk, depending on your implementation.) It's not like MD5 where there are theoretical attacks that make it much weaker?

The cryptography mailing list

Other related posts: