morlockelloi on Mon, 25 May 2015 04:49:07 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> What should GCHQ do?

There is a fine point here which is almost always missed, but from which most of these conclusions come from.

It is about the concept that 'crypto' is created by some small set of Illuminati, it needs to be standardized, and the rest of the world must trust them. These 'crypto wars' are then waged between the mentioned Illuminati and various evil agencies that would like take away the tools, bestowed by Illuminati upon the unwashed.

The concept works great both for the Illuminati and evil agencies - both do everything they can to maintain it.

Illuminati get livelihood: denigrating terms like "home brew crypto" are deeply entrenched and help maintain the guild exclusivity.

Evil agencies get their job made easy - it is trivial to subvert several standards or rubberhose few dozen experts into submission. Mass surveillance is only possible when there is a small number of crypto technologies.

This is all total bs.

While crypto is not the simplest technology in the world, it is far from being rocket science in practical terms. If everyone that did some scripting in any language would construct their own custom terribly weak cipher (ROT-14, ROT-15, etc), and use it only between themselves and their personal correspondents, totally incompatible with ways that "standard" web sites and VPNs do crypto, it would become too expensive, for any evil entity, to break millions of terribly weak ciphers. There is nothing "standard" about your circle of correspondents. There is no need that everyone in the world can participate in your crypto technology.

Back to the point: you don't need absolute crypto. You don't need to trust anyone. Scramble your communications in some custom way that will take evil agency's analyst 10 minutes to break: they can't afford it. And if they target you, you are f*cked anyway, no matter what you use.

On 5/24/15 19:09 , t byfield wrote:

Normally I don't go in for oracular bluster like that, but when it comes
to cryptography I've learned to make an exception. The alternative is to
trust the mathematicians. That's no exaggeration: one of the rallying
cries of the crypto crowd is 'trust the math.' I don't, because math
doesn't exist in the abstract. Its relationship to engineering is
obvious: engineers implement math, they make it real, make it happen.
Its relationship to law is less obvious. I don't mean ITAR, Wassenaar,
or any other mechanism by which states would standardize or regulate
cryptography. Instead, I mean the kinds of individual and collective
sovereignty that cryptography enables through various implementations.
The Cypherpunks understood this potential in their own way ('crypto
anarchy'), and the Bitcoin/altcoin advocates understand it in other ways
-- hence all the experimentation and excitement about things like side

Hard crypto everywhere all the time has become one of those internet
pietisms that's hard to challenge. First of all, anyone who does so ends
up with some really troubling bedfellows (e.g., the NSA). But even if we
ignore that kind of implication (i.e., ultraist extrapolation), we
quickly come to basic, practical questions: If you want anything less
than absolute crypto, where and how would you draw the lines? For
example, the lines between what's permitted and what's forbidden, or
what's practically possible or impossible, or for how long (e.g., key
length vs 'Moore's Law' and misc innovations).

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact: