World Peace isn't insurmountable

Zenaan Harkness zen at freedbms.net
Tue Dec 19 16:14:03 PST 2017


On Tue, Dec 19, 2017 at 03:35:21PM -0800, Ryan Carboni wrote:
> What if the world isn't dysfunctional? What if it is so by design? What if
> all nonfeasance and misfeasance is really malfeasance? Isn't the difference
> between a democracy and a dictatorship a matter of active consent vs
> passive consent? If five hundred random people were stuffed into Congress
> and made the laws, would they run the country in the same way? Well, I
> suppose there are true heroes, like Litt who said that DES couldn't be
> cracked, and Clapper, who said a "truth" to Wyden who really should have
> known better.
> 
> 
> Anything exceptional that I pointed out is a product of pure deduction, a
> quality few possess, that the school systems intentionally attempt to
> deprive their students of.
> 
> 
> To perhaps parody Cloudflare's complaint about ARX-512 making ChaCha20
> nearly as fast as AES-NI, clearly Linux's /dev/random/ is not fully
> understood and should be avoided. For the entropy estimate only counts the
> entropy of individual events, but not the total combinatorial complexity.
> Since operating systems have no real time guarantee, and all entropy is a
> product of unobserved events, the order in which events occur certainly
> adds entropy. Given that combinatorial complexity is not factored in
> entropy estimates, the entropy estimate should be considered flawed.
> 
> In fact, this combinatorial complexity significantly impacts one's ability
> to manipulate the output of the generator


And/ or ability to predict the output of the generator. But in a
useful way from the perspective of the user seeking "secure" random
streams.


> without knowing the full state,
> and it might be dangerous for /dev/random/ to treat any source of entropy
> as 8 bits per byte.

If you think you got this from the code, you might be mistaken - just
because /dev/random mixes entropy as bytes, does not mean it makes a
determination that 8 bits of entropy are available from every byte.


> Perhaps only those capable of communicating in pure deduction can only be
> trusted by others capable of communicating in the same fashion.

Perhaps those who put out vague statements not directly referenced to
specific code, should advise themselves that doing so is less than
useful to the discussion on the cryptographic quality of the Linux
kernel's /dev/random stream.


> Of course the ability to deduce has long been regarded as the prerequisite
> to investigate or understand anything, and is the foundation of all logic
> and reason.

And the haughty presumptions arising from a misplaced certainty in
one's own capacity to know and to reason about reality (e.g. the
source code actually used to drive the Linux kernel's /dev/random, to
pick a totally, ahem, random example), may also arise from our
"modern" "education".


> In the end though, I must repeat someone else's observation, that Google
> could flip a switch, and 7% of all internet traffic will use a new protocol
> they devised. I would prefer, in the following order, MitM-vulnerable
> cryptography, backdoored forward secret ciphers, and then key length
> restrictions. Not... an impossible to design product, with the source code
> given to any government (Kaspersky gives their code to the US, IBM gives
> their source code to Russia)...
> Hmm.
> 
> You can make any software licensed under the GPL if you demand it I suppose
> (yet it doesn't stop bundling anything with proprietary code). So much
> happening right in front of your eyes, I doubt if you object to any of it,
> you can possibly stop it.

You have freedom within the limits of your personal capacity,
including the "right" to expand those limits to the extent of your
ability, limitations, and will.

Good luck,



> P.S. To expound upon my previous statement that what one says only has to
> be facially true, the argument barely has to justify itself, even using
> weak evidence the audience may very well accept what you say as truth. This
> makes anything you learn about debating to be a cruel waste of time.

Pick your audience.



More information about the cypherpunks mailing list