From: MrD on
Tom St Denis wrote:
> Most people don't actually need privacy or non-repudiation on their
> emails. And people who truly need it will tend to use it.

Conversely, non-repudiation could actually be the opposite of what
someone wants. I do not want all of my email rendered proof against
repudiation. I might one day want to send a single, non-repudiable
email; but that occasion hasn't arisen yet. No-one that I deal with that
needs non-repudiable documents from me (bankers, lawyers) is
organisationally capable of accepting them by email.

By systematically encrypting all my email, I create a store of documents
that might be used to *prove* I said such-and-such to so-and-so on yea
date. I can't see into the future, and I can't be sure that the ready
availability of such proof might not be against my interests at some
future date. Hell, I don't know what's in my mailstore - it goes back 15
years.

So while I'm broadly in favour of "pervasive encryption", I don't
encrypt email bodies. However my mailserver will use crypto on the wire
with crypto-enabled peers. That doesn't seem to me to present the same
order of threat; in fact I can't conceive of any way that could harm me
at all.

--
MrD.
From: Francois Grieu on
On 09/07/2010 15:35, Tom St Denis wrote:
> On Jul 9, 9:32 am, Globemaker <alanfolms...(a)cabanova.com> wrote:
>> Here's an idea, use a stable website as keying material. Find a
>> website that has a text story of about 20 kilobytes. The text must
>> remain unchanged for years. Use that as a one time pad OTP to XOR with
>> the message. The message has a plaintext preamble that give an offset
>> number that defines which character is the beginning of the OTP. The
>> preamble also gives the URL of the website.
>>
>> As an example, look at the "web archive dot org"http://web.archive.org/web/20060708173816/www.reliefglobe.com/index.html
>> There are many stable archived stories on that giant website. That is
>> simple.
>
> And you want to publish a blog on cryptography that people are
> supposed to read?

To decipher what Tom said: it is a critic masquerading as a question.
Globemaker's algorithm is beyond weak, to the point that proposing it
demonstrate ignorance of the basics of cryptography:
- the material on that stable website is public, hence unsuitable
as a key for a symmetric cipher (including an OTP);
- the material on that stable website is not uniformly random,
thus unsuitable as an OTP;
- reuse of the OTP, a well documented sin as demonstrated by
important historical breaks, seems encouraged or at least not
prohibited.

Francois Grieu
From: Mok-Kong Shen on
Globemaker wrote:
> I have no valuable secrets to communicate to anyone
> using crypto.

So you shouldn't care about crypto, I would surmise.

Lest there be misunderstanding, I like to say that my
theme implies also that ideally all encryption algorithms
used will be simple ones, since the complexity are not
'necessary'. Note that in cases where specially high security is
needed, one could achieve that with e.g. multiple encryptions.

M. K. Shen
From: Tom St Denis on
On Jul 9, 1:59 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> Globemaker wrote:
> >  I have no valuable secrets to communicate to anyone
> > using crypto.
>
> So you shouldn't care about crypto, I would surmise.
>
> Lest there be misunderstanding, I like to say that my
> theme implies also that ideally all encryption algorithms
> used will be simple ones, since the complexity are not
> 'necessary'. Note that in cases where specially high security is
> needed, one could achieve that with e.g. multiple encryptions.

RSA, ECC, AES, etc aren't really that complicated if you don't care
about performance.

Tom
From: Maaartin on
On Jul 9, 7:59 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> Lest there be misunderstanding, I like to say that my
> theme implies also that ideally all encryption algorithms
> used will be simple ones, since the complexity are not
> 'necessary'.

You miss the point. Most people don't care about the complexity of an
algorithm, most of them even have no clue what an algorithm is. And
they won't understand it, be it you alg or AES or whatever.

They don't care and they needn't to. The majority of computer users is
hardly capable of sending emails, if they get it preset so that it's
PGP encrypted and they're smart enough not to give the password to
everybody, everything's fine.

I'd never use an encryption schema of yours or mines, simply because I
don't need to. You can't make it more comfortable to use since it's
nearly perfect. You can't make it more secure, since you can't hire
dozens of cryptographers to analyze it. You can't make it noticeably
faster since I don't notice the time it takes at all.

> Note that in cases where specially high security is
> needed, one could achieve that with e.g. multiple encryptions.

Sure, but e.g. PGP is much more secure than my computer or my
password, and I'm not gonna put a stronger lock on my door when the
window is open.