Eric Hughes wrote:
Paranoia is cryptography's occupational hazard.
From the outside these two states of mind are difficult to distinguish. Both use crypto, both acknowledge the existence of
Yes, that is indeed the nature of it since many of the protocols are designed to work admist mutually distrusting parties. A degree of suspicion/ paranoia is necessary - for example, digital cash. Paranoia is not necessary for protocol analysis. While it is not totally ineffective, it is certainly much less useful than understanding the invariants of the protocol, for example. Proof is much more powerful than paranoia. Evaluating the risks of a situation, even the ones of low probability and large effect, is not paranoia. The person who considers that there might be people who want to listen it and uses cryptography because the cost of deployment is less than the perceived risk (and all risk is perceived risk) is not paranoid but prudent. The person who merely thinks there are people listening in and uses cryptography to defend against them is just paranoid. people who wish to harm other people. Yet the paranoid has identified with the victim. An indicator of paranoia is an unsupported claim about a state of affairs in which the speaker is a target. This is what happen with the penet id assignments; some people implicitly asserted the existence of malicious individuals. Those who merely brought up their _potential_ existence. The evidence for this distinction is speech-acts, not the most reliable indicator. Therefore my advice about paranoia is more directed to individuals pondering their own states of mind than to the examination of the behavior of others. Sometimes you may learn that another person actually is paranoid. You cannot, however, usually tell just from the use of cryptography whether or not a person is paranoid. To summarize my original claim in light of the foregoing, the paranoid does not do protocol analysis as well because of a misdirected focus on certain risks and not others. example, a non-suspicious person may be tricked into digitally signing anything (by getting them to sign a blinded document). And for this reason, keys used for blind-signing should not be the same as for email signing. But this is a different discussion. I think I follow most of what you are saying; all the same, in this case, technical error or not, malicious person or not, the paranoia is justified. To assert the possible existence of the malign is acknowledgement. To assert the possible existence of the malign in some current situation is suspicion. To assert the actual existence of the malign without good evidence is paranoia. I don't think you use the word "paranoia" as I do above, which I would term suspicion. Eric