Tim May wrote:
In other words, it's time to get crypto out of the math and computer science departments and put it in the engineering departments where it belongs.
Tim's complained for a while that the cypherpunks meetings and discussions have declined in quality, partly because we've tended to rehash old material rather than doing new and interesting work, and partly because we've tended to have fewer talks on new stuff people are doing and more on some commercial business (maybe or maybe not run by cypherpunks) doing their product or non-technical talks by EFF lawyer types. While I'm not disagreeing with him here, I think a lot of this is _precisely_ related to the movement of crypto out of math and CS areas and into engineering. Mojo Nation, for example, is partly interesting because it's not just Yet Another Encrypted Music Sharing Product - it's mixing the crypto with economic models in ways that are intellectually complex, even if they're somewhat at the hand-waving level rather than highly precise. At 02:42 AM 12/26/00 -0500, dmolnar wrote:
There's some hope. There was a workshop on "Design Issues in Anonymity and Unobservability" this past summer which brought people together to talk about these issues. The Info Hiding Workshops are still going strong. With luck, this year's IHW may have a paper on reputations in it...
Cool. Are the proceedings on line anywhere? (Or is it only for people who know the secret keys...)
On the other hand, we can oppose this to the fact that we have a bunch of remailers, and they seem to work. They may be unreliable, but no one seems to have used padding flaws to break a remailer, as far as we know.
Arrgh! Dave, just because nobody's known to have broken them doesn't mean that nobody's succeeded in breaking them (without us knowing they've succeeded), or that anybody's put serious effort into an attack. The basic remailer network is known to be breakable by anybody doing a thorough eavesdropping attack, because you can learn a lot from message sizes. Mixmasters are much safer, because message sizes are constant (though message counts aren't), but it's not clear whether they're good enough, given a good attack. Pipenets are probably secure enough against most attacks, but they're annoying economically - not surprising that Zero Knowledge's initial service didn't fully implement them. The reason remailers have been Good Enough so far is that as far as we know, nobody's had the motivation to do a proactive eavesdropping attack on them, or a proactive deployment of untrustworthy remailers the attacks have either been after-the-fact attempts to get information that wasn't logged (they're strong enough for that, if run by trustable people on uncracked machines), or proactive attempts to close the remailers (many of those attacks have been successful.) Small numbers of remailers (there are typically about 20) aren't good enough to resist shutdown-forcing attacks. The cool thing about Zero Knowledge was that they had a business model they thought could get large numbers of service providers to support, which increases the security against loss of individual remailers as well as reducing the likelihood of an individual remailer shutting down. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639