1996-03-30 - Re: Crypto CD UpDate

Header Data

From: JR@ns.cnb.uam.es
To: cypherpunks@toad.com
Message Hash: f5e9847e42f713c624a73cb952c6e775cd883c854ecea1d652de49379666651a
Message ID: <960328203626.20200293@ROCK.CNB.UAM.ES>
Reply To: N/A
UTC Datetime: 1996-03-30 11:53:06 UTC
Raw Date: Sat, 30 Mar 1996 19:53:06 +0800

Raw message

From: JR@ns.cnb.uam.es
Date: Sat, 30 Mar 1996 19:53:06 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <960328203626.20200293@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>Thoughtful comments, so I'll comment on Henry's comments:
>At 6:10 PM 3/27/96, Henry Huang wrote:
>
>>I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
>>because:
>>
>>- It gives you an idea of what sorts of crypto applications are out there,
>
>True, but your later point about who the intended market is makes the point
>I was making: the likeliest users pretty much know what they want and snarf
>the most recent (and debugged) version off the Net. (I have little
>interest, speaking as a user, in the zillions of variants of CryptDisk and
>SmartCrypt and whatnot that get mentioned here....I really only want
>"MacPGP" in its latest version, at this time, and for this the Web is
>certainly fast enough for me.)
>
>And I suspect I am not that unusual. The faster access to a CD-ROM is not
>too useful to most, as the time to install, learn, use, etc. a new crypto
>program is many orders of magnitude greater than getting it by even a 14.4
>modem.
>
	What I see most useful in the CDs I burned last fall for personal
use is not just having access to the latest executables, but to have access
to trusted source code. Just as it is nice to have Appl. Crypt. disk, it
is -for me- to have sources for many interesting things around. I can then
study any of them, pick a piece, get whatever at any moment without having
to surf the net.

	Hey, I just got Appl. Crypt. 2nd Ed. yesterday. Meanwhile with 
the 1st Ed. and the code I had in my CDs I could very well manage with
most things, protocols, algorithms... Of course, the version of Crypto++
I have there is outdated now, but the algorithms are still valid, and
I still have much more algorithms there than the current version has, and
I can always plug in or adapt a new one should I need to.

	Yes, I can always go to the Net for the latest sources when I
need them, but when I don't, it's easier for me to go to my CD (but I
have it always at hand over my desk).

	Still, the main problem I see is that users should have to trust
the authors of such CD. Of course I trust myself and I had already reviewed
most of the code I stored -or verified it somehow- and so my CD is good
for me. But a good crypto "aficionado" should seriously consider whether
to trust any executables (hell, any net-aficionado should think the same
about Java applets, but that's another story).

	That reduces the interest of the CD to those who want source
code to work with or to analyze. Or at least those savvy enough to use
a compiler and possibly study source code. Unless someone stands behind
the CD to assert its truthfulness.

	I may -or not- trust the people at unimi, but would I also trust
a lot of intermediate people putting up together a CD-ROM? For that sake,
and considering the costs of storage and removable storage media, I'd
bet many people would find more useful to download their copies from
the net (even once a year only) as I did.

	It's a nice idea though. If well put together and done, it could
help raise concern and access to cryptography to the average user. In this
case, many crypto programs, shells and so would be bundled with samples and
say, exercises, for average people to play with. Well done, many teens
would play with it, and possibly many serious users. A good documentation
set explaining in plain terms what each package does, its good and bad
points, and comparing it with similar packages both for the savvy and
the merely curious would round up the bundle.

	I'd like to imagine such a CD distributed with a popular magazine
(PCworld for example)and many kids playing "spy vs. spy" with their
friends, trying simple algorithms and corresponding cracking programs,
discovering which are best and which ar not... And possibly serious
adults studying the reports and playing too, cracking their WP files,
discovering how good PKZIP crypto is, and moving on to PGP and other
systems... Descriptive plays for mimicking simple protocols and attacks
with real world roll games and then with the computer. All guided by a 
nice tutorial with references to more technical reports for the interested. 
Maybe with several levels of explanations up to real crypto stuff and 
source code.

	But you won't find all that on any current archive. And writing all
the additional stuff, together with compiling for several platforms, and
rearranging information for a rational organization (not just a mirror)
is quite a *lot* of work.

	That could pretty well be Applied Cryptography Nth Online Edition.

	Oh well, I don't lose anything by dreaming.

				jr





Thread