The countries that trusted bugged Swiss encryption devices

grarpamp grarpamp at
Fri Aug 13 03:06:14 PDT 2021

> I heard people recently talking about using _multiple_ OTP's.
> Not sure how that helps anything but it sounds nice and paranoid.

That's probably describing "multiple encryption",
cascade, or composition.

In the case of properly used OTP's with TRNG's,
multiple doesn't help anything since the info theoretic security
of that system has been proven.

But for all other classes of algos such as the common
asym/symm/hash, multiple can be used as a safety
backup in case a sole use algo might be broken,
but is no good if they all are fail...
ie: md5 + sha1 != good
or if use of all N of them was poor, thus = fail too.

PS: Now for the more interesting thing in this note...

Notice how GoldBug et al happened to sneak
themselves onto that page too.
Someone really needs to start a formal project to
publicly investigate and debunk or clear their
software claims and fishy methods once and
for all, for any user's sake since they can get hurt.

Is GoldBug yet another example like the bugged
"Swiss encryption devices", an exploit that should not
be trusted? Journalists, activists, human rights work,
etc would probably want to know.

More information about the cypherpunks mailing list