Let the Snake Oil Flow
There have been several purveyors of (potential) snake oil here. Predictably, critics have been drawn into "trying to break" these allegedly strong systems. Some of the purveyors are even saying things like [paraphrased, but with charming misspellings emulated]: "See, even the smarty-pants Cyphurpunks are unabble to brake ouir system! Our virtuel one-time pad, which converts 10 randumly picked bits into 1000 or 10,000 or even a bazillion!, by our patented processo of "entropy enhancemate," has defeated even immacarthy and metzger. Our system rulez!" And so it goes.... Predictably, others are asking/expecting "the Cypherpunks" to break their systems. Just as predictably, many of us are patiently (and impatiently) explaining that breakages cost money and resources. And so the "developers" gleefully respond that this proves the "Cyperpunks" [sic] are helpless before their software. Well, it seems to me that letting some real snake oil out there could be a Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone who puts valuable information into "PowerPads" and "Stream-of-Consciousness Ciphers" pretty much deserves what he or she gets. I am not losing any sleep that Snake Oil Enterprises is hyping a conceptually flawed system. A few highly publicized failures could be educational, and ultimately help to strengthen the Net. You don't get better bridges without some highly-visible bridge collapses. Raises consumer awareness of what good design really is. Personally, I'm much more worried about the behind-the-scenes goings on with key escrow, the pressures being applied to Netscape, Lotus, Microsoft, TIS, etc., than I am in Yet Another Clueless Crypto Product (tm). --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
All valid points, but when the likes of Nathaniel Borenstein & his cohorts use the failures of snake oil to discredit all cryptography, then we have a problem. (Not to say that Netscape is selling snake oil... but I figure that FV would capitalize on a snake oil failure to further their anti-cryptography agenda just as they have used the Netscape RNG bug) -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
Mark Allyn writes:
Please pass along this to anyone you know who has an email account! We need to have everyone take part in this protest!
Sophomoric idiocy. I can think of few actions that would marginalize the on-line community more than for a bunch of geeks to mailbomb the "white house". Some poor sysadmin will be stuck dealing with his filled-up mailbox, and that's it. Is anybody so seriously delusional that they imagine poor Bill Clinton having to work his way through all the mail with elm? Sheesh. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * I want more, I want more, m5@tivoli.com * m101@io.com * I want more, I want more ... <URL:http://www.io.com/~m101> *_______________________________
But if the sysadmin at the white house gets so busy and has to charge overtime, then it comes to the boss's attention and then the boss would know what is up. The boss would not see the individual email messages, but he would get the gist. I happen to be a sysadmin for a zillion servers and groups of machines on a big huge corporate network. I have had to deal with full email buffers. When I spend overtime fixing them, Gordon, my manager demands to know why. I will honestly tell him what is happening. If it was because of a protest, I would tell him. Knowing him, he would probably want to look at a sample of the emails. Mark
Hello: Please pass along this to anyone you know who has an email account! We need to have everyone take part in this protest! Mark
From silber Thu Feb 22 20:56:33 1996 Received: (from silber@localhost) by mark.allyn.com (8.7/8.7) id UAA00520 for allyn; Thu, 22 Feb 1996 20:56:20 -0800 (PST) Date: Thu, 22 Feb 1996 20:56:20 -0800 (PST) From: Andy Silber <silber> Message-Id: <199602230456.UAA00520@mark.allyn.com> From: Scott Bell <SBell@r2mail.r2.com> To: "Barry D. Ballard" <bballard@tonto.den.csci.csc.com>, Status: RO
NED_PUEV <NED_PUEV@HP-Loveland-om2.om.hp.com>, Radar <radar@itouch.net>, Denise HP TechSupport <sdm@hpuerca.atl.hp.com>, sgajar <sgajar@crosslink.net> Subject: FW: FWD>Bill O Rights Date: Wed, 21 Feb 96 14:27:43 PST Encoding: 120 TEXT X-Mailer: Microsoft Mail V3.0 Status:
---------- From: Dave Behrns To: MIS Mail Group Subject: FW: FWD>Bill O Rights Date: Wednesday, February 21, 1996 2:10PM
To whoever may read this,
This is not a typical letter, in that by passing it on to as many people as you can, you are taking part in what may yet become the world's biggest practical joke. The U.S. Government has rece ntly passed an act which enforces censorship on the internet. A group of internet users has now come together to kick back at this oppression, and have a bit of fun at the same time. >The aim of this exercise is to re-establish the United States as "The land of the Free", not a fascist state where freedom of speech and thought are curtailed. Communist Russia fell as a result of s uch limits being placed upon the minds of the general populus. On receiving this letter, please pass it on to as many friends or E-mail lists as you can. We predict that if everybody copies the lette r to 5 other addresses, by February 29th 1996, this letter should have reached in excess of 2 million people. That's when the fun begins........ >On February 29th, please send the message:
Dear Mr. President, Do you remember this:
And afterwards enclose the pre-typed copy of the Bill of rights. By sending the letter on the date above, you will contribute to either one huge petition for freedom, or else lead to a crash of the whitehouse server.Send all letters to: >President@Whitehouse.gov
Remember that solidarity is the key to success !!!!!
---------------------------------------------------
THE BILL OF RIGHTS
Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Amendment II
A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.
Amendment III
No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Amendment V
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Amendment VI
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.
Amendment VII
In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.
Amendment VIII
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.
While I'd never disagree with my good buddy Tim, let me tell you all about the neatest medial hack since anesthesia, TMS, or Transcranial Magnetic Stimulation! This astounding use of magnetic fields can stimulate or deaden nerves through the skull! Its being used right now in research hospitals to create functional mappings of the human brain! An experiment I witnessed involved a volunteer who had his cold nerves turned off by placing a small probe over his head. He was completely unable to feel the cold of an ice cube placed on his bare skin! Snake oil? No. Its really out there, and is has real possibilites. But how is the lay person to tell? With a car, you can see if it turns on. With a replacement for anesthetics, you can decide if it works pretty easily. "Can you tell that I just cut your arm?" But with crypto, you need to wade through the excellent, but quite long, sci.crypt FAQ, if you even find a pointer to it. Altavista comes back with 48000 hits when asked for Crypto. "Introduction to cryptography" is a more tolerable 100 documents, but how to know which are good, and which are snake oil? The reputation software to help filter is lacking. So, I see a value to flaming the snake oil salesmen loudly, today. Not that we shouldn't let the market handle the situation, but part of that market is that crypto enthusiasts (aka cypherpunks) will flame the snake oil salesmen. Not that other issues you mention (such as the behinds the scenes deals) aren't important, but in the face of no information, we can't discuss that much. Adam Timothy C. May wrote: | Well, it seems to me that letting some real snake oil out there could be a | Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone | who puts valuable information into "PowerPads" and "Stream-of-Consciousness | Ciphers" pretty much deserves what he or she gets. I am not losing any | sleep that Snake Oil Enterprises is hyping a conceptually flawed system. -- "It is seldom that liberty of any kind is lost all at once." -Hume
tcmay@got.net (Timothy C. May) writes:
Predictably, others are asking/expecting "the Cypherpunks" to break their systems. Just as predictably, many of us are patiently (and impatiently) explaining that breakages cost money and resources. And so the "developers" gleefully respond that this proves the "Cyperpunks" [sic] are helpless before their software.
Which is patently silly, of course. Unless some TLA writes me an obscenely large check, I am unlikely to try and break anything that hasn't achieved significant market penetration and widespread use, whether it is an operating system, or an application which utilizes encryption. I'm not even interested in breaking the individual building blocks of such things, such as block ciphers and RNGs, outside of the context of their use in a specific application. Unless something is obviously braindead on delivery, it makes little sense to attack it in the abstract, and the nicest weaknesses in systems often depend upon the little details, as the Netscape and Kerberos folk have discovered. All of this means that challenges by the snake oil peddlers, and even well-advertised public floggings of new ciphers, like RC5, really don't do much to discover design flaws or weaknesses. It's like the ten people who post "I have invented an unbreakable cipher" to sci.crypt each week, and when no one cares, proudly declare victory and go home.
A few highly publicized failures could be educational, and ultimately help to strengthen the Net. You don't get better bridges without some highly-visible bridge collapses. Raises consumer awareness of what good design really is.
Yes - one neat hack against Netscape or Microsoft is worth an infinite number of dull papers in "Cryptologia" as far as public relations are concerned.
Personally, I'm much more worried about the behind-the-scenes goings on with key escrow, the pressures being applied to Netscape, Lotus, Microsoft, TIS, etc., than I am in Yet Another Clueless Crypto Product (tm).
Let a thousand Clueless Crypto Products bloom today. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
participants (6)
-
Adam Shostack -
m5@dev.tivoli.com -
Mark Allyn 860-9454 -
mpd@netcom.com -
sameer -
tcmay@got.net