[cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Jun 16 18:52:36 EDT 2011
On Thu, Jun 16, 2011 at 5:27 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2011-06-17 4:02 AM, Nico Williams wrote:
> Crypto is no more than an equivalent of doors, locks, keys, safes, and
> The state can break locks, but it cannot break crypto.
> Hiding *is* effectual against the state - and long has been even before
The key word here being *effectual*. Crypto is effective, but some of your
make it seem to be a panacea, similar to how Bruce Schneier originally
(see preface of *Applied Cryptography*) that cryptography was going to be
salvation of information security. Crypto certainly has a major role to play
in ensuring confidentiality and integrity, but it is not an be-all
The point is, the state doesn't always *need *to *break *crypto to get your
To that end, I think you are misinterpreting what Nico was trying to say,
was, crypto is no guarantee that you can hide things from the state, at
as it is practiced by the general populace.
Specifically, if that "state" is some corrupt regime, crypto *may* help,
will not ensure with 100% certainty that your secrets will remain
from the state.
For that to be true, everything would have to be secure, from the OS all the
down to all the firmware. (See Ken Thompson's ACM Turing Award lecture,
*On Trusting Trust*.) You'd also have to eliminate all possible side
attacks such as EMF leaks. And even if you are secure from attacks coming
all those threat sources, an unscrupulous state will have no compunctions
about using a rubber hose attack on you or ones you care about to get your
secrets or get you to divulge your crypto keys. (Someone in an earlier post
mentioned how it is already getting close to that in certain criminal cases
England. How much worse would it be with a corrupt regime not following
principled rule-of-law at all?)
While I don't want to put words into Nico's mouth, I think he was merely
trying to point out the difference between the use of crypto in theory and
crypto in practice.
 Using crypto in a fascist or otherwise corrupt state where crypto is not
may have the opposite affect of drawing attention to yourself and arousing
suspicion of the state. So in such cases, one at least needs to account for
plausible deniability, otherwise you'd be better off keeping your head low
so as not to be noticed in the first place.
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography