managing and protecting nyms...

Dave Howe DaveHowe at gmx.co.uk
Sun Nov 8 08:22:06 PST 2009


John Young wrote:
> Cypherpunks should be the last place to disclose a protection
> methodology except, perhaps, only perhaps, as a ploy to deceive.

Isn't that the procedural equivalent though of saying "you should always
keep your cryptographic algorithm secret and only disclose an algorithm
as a ploy to deceive"?

Any good methodology, be it technological, cryptographic, or procedural,
consists of elements which *must* be kept secret (the fewer the better),
and elements which need not be. Disclosing the latter makes it easier to
get peer review, encourages other people to use the same methodologies
(which at worst increases the value of a break to an attacker, and at
best allows the original poster's traffic to be "lost in the noise"
amongst a larger amount of similar) and allows other people to build on
that base and present different (and potentially better) methods.

as Schneier has said repeatedly, any idiot can design something he can't
figure how to break himself. Getting peer review of anything you might
end up betting your life on, has to be worth its cost.





More information about the cypherpunks-legacy mailing list