[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weak encryption

To: mgraffam@idsi.net
Subject: Re: weak encryption
From: dave madden <dhm@mersenne.com>
Date: Fri, 12 Nov 1999 11:28:32 -0800
Cc: cypherpunks@toad.com

 =>On Thu, 11 Nov 1999, I wrote:
 =>
 =>> I've been wondering whether weak encryption is, in fact, worse than no
 =>> encryption.[...]

 Michael J. Graffam <mgraffam@idsi.net> replied:

 =>>From a mathematical standpoint, yes you are right: shitty encryption is
 =>not as bad as no encryption.. however, by and large, humans are not
 =>mathematical. 
 =>
 =>Widespread usage of shitty crypto is bad because it gives people a false
 =>sense of security. People will think they have privacy and reveal secrets
 =>that they may not if there was no crypto. People will think "hey, 40 bits
 =>must be enough.. EVERYONE is using it" and we'll never get actual GOOD
 =>crypto in place. 

My point, though, is that if everybody is using shitty encryption,
then *I* can use good encryption without drawing attention to myself.
(Yes, it's a selfish motive.)

I don't think the "false sense of security" argument holds up: people
don't realize that unencrypted email isn't private in the first place.
Sure, they know that if someone gets into their mailbox, their mail
can be read, but they don't know how mail gets from the sender to the
recipient.  It's just some network magic, and it happens so quickly
that nobody could possibly snoop.

Of course, I'd like to see everyone using good encryption, but a close
second (and, I believe, more achievable) goal is to have everyone
using _at_least_ shitty encryption.  (More achievable because there'd
be fewer governmental roadblocks; the big hurdle would be overcoming
people's innate and dearly-held stupidity.)

d.

Prev by Date: Re: weak encryption
Next by Date: NYT Account Request
Prev by thread: Re: weak encryption
Next by thread: Re: weak encryption
Index(es):
- Date
- Thread