Quote of the day–Breda

Why does the government assume that they are the only ones with a list?

[Overheard by] Breda
February 7, 2009
[If such lists exist I strongly suggest they be encrypted. Free (and probably quite secure) encryption software is available here.–Joe]


One thought on “Quote of the day–Breda

  1. My first exposure to real cryptography came many years ago when I wound up writing a very weak cipher for a side project. I don’t even recall why exactly, but the need was for the appearance of secrecy, and after looking through the FIPS stuff for DES, we decided it’d be too much time/effort to implement it (that probably sounds dumb, but in the context of that project, it was completely true, given details I’m leaving out). It was only much later, after I starting seeing my predictions about data mining capabilities, particularly in the context of govt. snooping, come true that I got interested in real cryptography.

    I’m certainly not a mathematician, so I can’t evaluate how strong the various algorithms are, and my 133t coding skills aren’t what they used to be either. But I do keep an eye open on developments in the area. In re. gnupg, I think it’s among the best of the solutions available to the everyday user (and even the not-so-everyday user, for that matter). Hoping to not sound like someone who’s just drinking the kool-aide, I do believe that the “many eyeballs make for shallow bugs” philosophy is a big help here. And I have to note the similarity of that to the peer-review process for the algorithms themselves

    The main development I hope for in the world of cryptography is some way to make it easy for people to use sufficiently strong passphrases, or the moral equivalent thereof. Recent stories regarding the MySpace and phpbb password cracks certainly demonstrate that. I would love to be able to use strong cryptography for the majority of my e-mail, for example. But off the top of my head, I can think of only 2 correspondents who would be willing to do so, and who would use good practices on their ends. And I think that using encryption for a small minority of messages serves mainly to draw attention to those. The same argument goes for whole-disk encryption. 1 (or a few) files that are encrypted simply draws forensic attention. Of course, if someone is examining your HD, you’ve probably already done something to draw attention to yourself anyways, so perhaps that’s a moot point.

    I’m fairly certain you read XKCD, but for the benefit of your readers who don’t — http://xkcd.com/538/

Comments are closed.