Cpunks Lauded

Sat Jan 5 18:51:40 PST 2002

On 5 Jan 2002, at 7:58, John Young wrote:

> 
> This crypto demonization may well intensify as investigations 
> proceed into the government, military and intelligence failure to 
> prevent 911. Whether crypto actually played any role in the 
> attack may be seen as unimportant so long as a convincing
> story can be promoted that it must have been.
> 

I don't think anyone claims that it "must have been".  Rather,
the idea that it might have been, or might be useful for future 
terrorists, is sufficient to demonize it.  Similarly, the 9/11
terrorists didn't use guns, but everyone knows terrorists use guns,
The idea of cryptography as munitions isn't just metaphor or,
if it is, it's a really really good metaphor.

> Tim is right that Diffie, Hellman, all the PK early developers,
> deserve all the credit for making PK public and the British
> deserve none for their compulsive secrecy. And it may be
> only academic as to who invented PK. Still, it is worth learning
> what the possibilities are for attacks on PK, especially in the
> light of its unparalleled reputation for public use, or, as
> David Kahn said, its value as "the single most important
> invention in the history of cryptography."
> 

I'd rank it number 2, after key based encryption. But the concept
of key-based encryption seems to me to be relatively obvious
(I could have invented it myself if it hadn't been invented already)
whereas the idea of public key encryption seems
(to me at least) to be counterintuitive and utterly brilliant.

> That sort of language makes me nervous about what lurks
> in the heart of PK, its invention, its leak, its liberation, its
> widespread public use, its seeming impregnability. A fair
> amount of the reputation of PK is comparable to a sophisticated
> sting -- the kind Kahn richly documents throughout the history
> of cryptography.
> 
> If liberation of cryptography is a sting, what role of cpunks
> in that? What role vainglory in falling for the allure of anti-
> authority as the sting unfolds. Levy has words about this,
> although I have no reason to believe his early vaunting of
> cypherpunks was part of a wider scheme, nor his recent
> book. But, still, wizened cryptographers, as Kahn documents,
> claim you cannot ever be too paranoid.
> 

To the extent that paranoia represents a genuine disorder, 
paranoia refers not to an excessive amount of distrust or precaution-
taking, but rather an unrealistic assesment of risks. Carrying a gun
around alll the time isn't paranoid.  Carrying around cobra antivenom
is (assuimng you have no particular reason to expect cobra 
attacks).

The idea that there could be a back door in something as basic as 
the CONCEPT of public key encryption strikes me as being absurd.

> Whatever NSA releases on pre-Diffie PK, it will not be
> the truth but probably convincing to the believers in fairy
> tale crypto protection. The Brits way of leaking PK history 
> to accomplish a hidden task or ability is similarly suspicious.
> 
> 

I'd call it "irrelevant" rather than "suspicious".  Any time an 
academic cryptologist discovers something (PK encryption,
linear cryptanalysis, differential cryptanalysis..) there's always
some spook there claiming he knew about it years earlier.
Maybe it's true, maybe it isn't, who cares? If you make a discovery 
and hide it, you may as well not have made it, and that really
is all there is to say on that particular issue.

George