1997-11-04 - Re: S/MIME

Header Data

From: Jim Gillogly <jim@acm.org>
To: cypherpunks@cyberpass.net
Message Hash: 97b841e18470d35f0677617a6ac49b1fc7ee7640f8bcdba11db3cff7ae07a199
Message ID: <345F6ABC.1E6AB2C@acm.org>
Reply To: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104162419Z-34904@mail.entrust.com>
UTC Datetime: 1997-11-04 17:54:56 UTC
Raw Date: Wed, 5 Nov 1997 01:54:56 +0800

Raw message

From: Jim Gillogly <jim@acm.org>
Date: Wed, 5 Nov 1997 01:54:56 +0800
To: cypherpunks@cyberpass.net
Subject: Re: S/MIME
In-Reply-To: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104162419Z-34904@mail.entrust.com>
Message-ID: <345F6ABC.1E6AB2C@acm.org>
MIME-Version: 1.0
Content-Type: text/plain



Ian Clysdale wrote:

>    Sorry, I'm going to continue to take a viewpoint that I suspect is
> rather unpopular in this list, and argue for the advantages of weak
> crypto in certain circumstances, when it is KNOWN to be weak.   The
> phrase "Poor security is worse than no security" refers to the dangers
> in assuming that your communications are secure, even when they're
> not.  If you know that your cryptography is weak, it can still
> sometimes be sufficient for your purposes. What weak cryptography does

There's a good reason this viewpoint is unpopular: it includes the tacit
assumption that strong crypto is harder to do than weak crypto.  In fact
that's not the case.  It's as fast and easy to do RC4/128 as to do
RC4/40 -- the only extra resource is keying material, which is cheap.

The <only> reason to use weak cryptography is political.

I'll also challenge your "If you know that your cryptography is weak"
meme:
most people have no idea what cryptography is, and at best can look at
the
little key to see if they're on a secure page.  Explaining to them that
they're
not really secure is normally possible in a one-to-one tutorial, but most

people just want to get their work done, and if the program says they're
now
in secure mode, they'll feel free to send their SSN/SIN/NID and their HIV

status.  They <don't> know their cryptography is weak, even if you tell
them.

Bad idea!  Bad!


--
        Jim Gillogly
        14 Blotmath S.R. 1997, 18:27
        12.19.4.11.12, 1 Eb 10 Zac, Seventh Lord of Night








Thread