At 9:29 PM 2/23/96, Alan Olsen wrote:
There are companies out there that are trying to build good products. These people can be instructed on the ways of implementing good crypto. Unfortunately, I have seen a number of them pushed up against the "Wall of Attitude" when they do ask for help. Cypherpunks, for good or for bad, have a reputation for being experts in the field. People come here to ask questions because "Cypherpunks know what Good Crypto tastes like". What is happening though is that they are also getting a reputation as people who flame first and give answers later, if ever. This is not a "good thing". If you want strong crypto to exist, you have to make the people who are trying to put it into place able to understand what it is in the first place. Giving them grief when they try to find out the flaws in the ideas (and are willing to learn) is not helpful to the community as a whole.
I disagree. There are several points to keep in mind: 1. There are many sources of information on crypto, including excellent books on cryptography and information theory, and several FAQs readily available. There are frequent pointers to these FAQs, books, journals, and newsgroups. 2. Most of the "harsh criticisms" come when people do one or more of the following: a. announce an amazing new discovery, but refuse to give details ("we have applied for patents on our amazing new discovery") b. show an unawareness of basic facts which any competent cryptologist should at least be familiar with c. expect "the Cypherpunks" to provide free consulting and educational training (this same issue comes up on sci.crypt all the time, too, with people announcing some new cipher--which is usually some variant of a well-known cipher--and expressing frustration that "nobody will help me try to break it.") 3. "The Cypherpunks" is not a freelance consulting group, doing "Underwriter's Laboratories" (as in "UL Approved" on your electrical appliances) tests on proposed new systems. Even weak ciphers take time to break. See above. Or see the many comments to this effect in sci.crypt (in fact, I recall that it's in the FAQ for sci.crypt.) 4. In any case, with 1000 or more subscribers, and no consensus mechanism (no official position), nearly any proposal is going to be met with some negative comments from _someone_. Welcome to the real world. Anyone whose skin is so thin as to be scared off from posting because he fears that _someone_ will criticize his idea is a hopeless case. 5. Genuinely good ideas, or ideas that appear to come from someone who has done some real research and thinking, are usually responded to pretty favorably. I could cite the work on MixMaster, Crypto++, Blowfish, etc.
I know of one developer who is trying to implement a strong cryptosystem in his app. He is unwilling to post his questions/concerns here because he is afraid of getting his ass shot off on the first query. Judging by some of the responses I have seen, I do not blame him! I can understand intolerance of the sales droids who push crap. I do not have much tolerance for them either. It bothers me when I see people who are not experts in the field AND ARE TRYING TO LEARN getting "blowed up real good" because they are not experts.
Cypherpunks not only need to teach, they need to be willing to teach.
There's a huge textbook on crypto: Schneier's book. Also, numerous books by Koblitz, Denning, Meyer and Matyas, and on and on. If your friend has a system which builds on basic principles, he won't be "shot down." If his ideas are good ones, he'll be embraced as a colleague. If he hasn't absorbed the standard theory, he'll be dismissed curtly. As it should be. Breaking a system, even one based on good principles, takes real work. Few people will volunteer to put free time and computer resources into testing the strength of unknown systems. Think about it. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."