A query was made:
I'm trying to learn more about practical cryptography in general and PGP and similar programs in particular. Any advice? A response:
@article{Nathan92, author = {Paco Xander Nathan}, journal = {Fringeware Review}, month = {July},
To which Perry Metzger wrote:
Rather than pointing people to strange publications we've never heard of written by authors without credentials, might I suggest...
1) The PGP docs themselves are very good and far better as a tutorial on cryptography than any of the "PGP tutorials" that have appeared in the fringe literature. They are also free.
2) Read a real text on cryptography. It isn't a childrens game. Its a real branch of math and computer science, and really bright people devote their lives to it. If you wanted to learn about medicine, would you pick up a professional medical text, or something written in a 'zine by people you hadn't heard of?
And then Peter Davidson responded: : 1,2 deleted : 3. If you've never seen the article mentioned, and know nothing of : the author, on what basis do you claim that the author is without : credentials? Because he publishes in a magazine with "Fringe" in : the title? You're obviously prejudiced, Perry. : 4. Does it require an advanced degree in mathematics to write a clear : and lucid tutorial for those interested in using PGP? : 5. Is reading "a real text on cryptography" necessary in order to : learn to use PGP? Your remark suggests it is, which is likely to : discourage people from using PGP rather than encourage them. I agree with Perry. The original query was not 'how can I be cool and use PGP to write secret notes?' It was a serious enquiry about PGP and *other* similar systems. Reading a fringe popularization about PGP will not do much. (And I consider Paco to be a competent general writer.) Using PGP is about as easy as using DOS. Understanding PGP, its capablities, its strengths, how it relates to other crypto systems, and evaluating it and other systems is not so easy. It doesn't require 'an advanced degree in mathmetics,' but just high school algebra won't do it either. I have seen FringeWare and, while the treatment is PGP is fine as a tutorial, it is not an introduction to public key cryptography. It wasn't meant to be. There is a big difference between having people just use PGP and having them understand it. I know since I have worked several pieces to explain public key crypto for a general audience. If someone really wants to learn about the subject, the PGP docs are the best place to begin. From there, the sci.crypt FAQ, and then, if you are serious, Denning's _Cryptography and Data Security_. A deep and complex topic like cryptography requires as deep and complex study as the scholar wish to apply. That can mean a lifetime. A fluff, yet hip, article in a cool, yet sophisticated fringe journal is *not* the place to begin. Perry doesn't need my defense, but I will add that this mostly-lurking cypherpunk doesn't think he is an asshole. He is brutally honest and declares his opinion. I respect that. While he is often a bit wired, I have yet to see any hostility to those who didn't deserve it. ( cf recent extropians/pagans love-in or alt.binaries.pictures.erotica.children) I apologize for excessive re-quoting, and hope someone will forward a good crypto reference list to the original inquirer. I would, but I can't find it. A. Techno-Anarchy.Neophilia.Economic Freedom.Cryptography.Anti-Statism.Personal Liberty.Laissez-Faire.Privacy Protection.Libertarianism.No Taxes.No Bullshit. ********** Liberty BBS 1-614-798-9537 ********** ********** Dedicated to Freedom. Yours. **********
Cypherzens, Andrew Hall writes:
Perry doesn't need my defense, but I will add that this mostly-lurking cypherpunk doesn't think he is an asshole. He is brutally honest and declares his opinion. I respect that. While he is often a bit wired, I have yet to see any hostility to those who didn't deserve it. ( cf recent extropians/pagans love-in or alt.binaries.pictures.erotica.children)
Well, Perry didn't give the same response *I* would have given, but then I didn't give a response at all, so I can hardly complain. (Reading lists have been sent out before, and some basic materials are contained in the pub/cypherpunks archives at soda.berkeley.edu, including a glossary of terms, the various PGP files (including the nice docs that Perry mentioned), and various "rants" by several of us. This is a good place for newcomers to browse to get a feel for what Cypherpunks is all about.) It turns out that I was smack in the middle of both events Andrew just referred to, and I can tell you first-hand that folks on the Net are getting too freaked out over the views of others. I posted the fake PGP-GIF in a.b.p.e.c., which provoked huge outcries of "Thoughtcrime!!" And on the "Extropians" mailing list I was challenged by Eric Raymond, the fellow who volunteered to write the Cypherpunks FAQ on his first day on this list, to study various writings on Paganism, Druidism, Shamanism, and Witchcraft and then judge it "rational" or not (I won't bore you with the details). When I judged it "not rational" and "inconsistent" with the technophilic emphasis of the Extropians list, all hell broke loose (figuratively, and perhaps literally if Eric's witchly connections are as he advertises!). In fact, that List (Extropians) is so contentious and polarized that I have temporarily unsubscribed for the rest of the summer (and perhaps longer, depending on how I feel in the fall). The advantage of smaller groups like Cypherpunks and Extropians, as mailing lists, is that people can come to know each other and thus better avoid flaming. Even better are in-person meetings, even if this contradicts the "jacked-in," "wired" image of cyberpunks and console cowboys! The Cypherpunks physical meetings in Mountain View are friendly, helpful, and not at all rancorous. Likewise, the Extropians events I've attended in the Bay Area (Thursday lunches, a couple of lectures, and some parties) have been friendly and free of divisiveness and flaming. This aspect of the in-person contacts has not been adequately duplicated on the Net. But small groups like ours, where reputations matter and where flamers can and should be simply expelled, are one major hope. I, for one, don't want David Sternlight on our List. (However, this could happen, as we have no membership screening process. Still, we can hope that the flame wars that rage unchecked on the Net as a whole can be limited to just small brush fires on our List.) I'd hate to see our List degenerate into the kind of flaming so common throughout the Net world. We've had a few minor flame wars, but have pulled back from the abyss each time. We ought to try to keep it that way. Cheers! -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
Andrew S Hall says:
.................From there, the sci.crypt FAQ, and then, if you are serious, Denning's _Cryptography and Data Security_.
Oh, come on. With all due respect (:-) I have to disagree. Why on Earth have you to select this book?! Maybe you don't like A. Konheim "Cryptography: A Primer" Or maybe you don't feel, that Meyer & Matyas "Cryptography. A New Dimension in Data Security" covers enough of the field, at least for a beginner? Or maybe there are no new goodies like G. Simmons "Contemporary Cryptology" with lots and lots of annotated bibliography?
A deep and complex topic like cryptography requires as deep and complex study as the scholar wish to apply. That can mean a lifetime.
Indeed. One more reason to start with a real stuff (:-). [Oh, of course, all the proper apologies for exhaling the smoke and fire, and for misquoting (slightly, I hope) the exact names of the books. :-] -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>
From cypherpunks-request Thu Jul 15 23:20:05 1993
participants (3)
-
Andrew S Hall -
tcmay@netcom.com -
uri@watson.ibm.com