On Saturday, April 26, 2003, at 11:41 AM, Eric Cordian wrote:
Tim May wrote:
You don't need to take our word for it--you need to see why modern cryptography avoids trust issues almost completely.
Like mathematicians saying "Trust Us, no algorithm exists which can factor the 309 digit product of two large distinct odd primes in a few seconds on a cheap PC?"
Perhaps I'm missing something, but it seems to me that public key cryptography is fundamentally a trust-based system. With the rise of the Internet, and almost all crypto being done by people who do not physically meet to exchange keys, almost all crypto is public key crypto.
Therefore, almost all cryptography (at the present moment) is based on trust.
And it's trust based on the "It doesn't exist, because if it did, I'm so smart I would have found it by now" paradigm, which I've never regarded as being particularly reliable. (Insert comments about simple algorithms whose direct derivation lies just slightly beyond the limits of human ingenuity here.)
I'm surprised at you for thinking trust is some number that is either 0 or 1. All crypto is economics, and so is all trust. Consider two situations: Situation 1: "I have generated a key for you and will send it securely. You can trust me not to look at it and not to reveal it to anyone else....Well, not unless Saddam's men force me to, or not until John Ashcroft threatens to hold me as an illegal combatant if I don't cooperate. Or not until someone offers me $500 cash, no questions asked, for just a peek. Or not until I realize that this key is being used to further right wing Nazi causes. Or..." Situation 2: "Determining your private key requires an attacker to either monitor your keystrokes and bug your computer, so you'd better secure it, or it requires factoring a 309 decimal digit number associated and derivable from your public key. So far, the best algorithms have only factored a 137-digit number [for example] and no mathematicians have yet found cleverer ways. Great fame would await anyone who found a significantly faster method, even a Fields Medal, and yet no one has yet revealed one." Now I maintain there is a huge difference in the valuations placed on the "trust" in these two cases. If you wish to believe that Joe Sixpack saying he promises to keep your private key secret is on the same footing as the apparent difficulty of factoring very large numbers (and if 309 digits is deemed too small, only a tiny increase in key generation effort and later use to go to 500 decimal digits or even 1000) then you are of course welcome to your delusion. All crypto is economics. All trust is economics. --Tim May "In the beginning of a change the patriot is a scarce man, and brave, and hated and scorned. When his cause succeeds, the timid join him, for then it costs nothing to be a patriot." -- Mark Twain