SilasBarta comments on Cryptanalysis as Epistemology? (paging cryptonerds) - Less Wrong

11 Post author: SilasBarta 06 April 2011 07:06PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (42)
Tags: epistemology science cryptography

Comments (42)

You are viewing a single comment's thread. Show more comments above.

Comment author: SilasBarta 06 April 2011 10:43:44PM 1 point [-]

Could you explain if this was sort of an "aside continuation" re. the leetspeak comment or about encryption in general? In other words, are you saying that it doesn't help to add an "underlying" layer of additional encryption, or that encryption, in general, doesn't doe anyone much good?

First, just to make clear, those were separate events, far removed in space and time. Ciphergoth's remark was not directed at my leetspeak idea, but the principle applies just the same.

Encryption does accomplish the goal of raising the cost of accessing your messages to the point of infeasibility, and I wasn't trying to deny that. To expand on the point about the underlying encryption: generally, the published cipher you use to encrypt your data is far stronger than it needs to be to keep your data safe; any succesful method of attacking it would go after the implementation of it, and in particular the people that need to make it work. Hence this comic.

So let's look at your idea. Another relevant weakpoint of a cryptosystem would be the difficulty for the user of not messing it up, and this critically relies on you being able to access your (full) key. If you have to simultaneously do the work of remembering this secret language, this can mentally exhaust you and increase your rate of error in implementing the protocol -- so it adds a weakness to the weakest part of the system (the human) just to strengthen the part that's already the strongest (the encryption itself).

Does that make sense?

Comment author: jwhendy 06 April 2011 10:48:23PM *  1 point [-]

First, just to make clear, those were separate events...

Yup.

Also have seen that comic. So, you were basically saying:

  • encryption helps, and the actual encryption is the strongest point
  • the weak points are the people (prone to messing up) and (filling in my own list) things like leaving your computer on and unattended, only locking your screen vs. shutting down, having non-encrypted swap/var/etc, and the like.
  • further, trying to strengthen the weak points is generally accomplished via a method that further increases susceptibility to human error, whereas the encryption itself was fine as it its.

Sound good?

Comment author: SilasBarta 06 April 2011 10:52:05PM 2 points [-]

That's correct, except your last bullet (to be clearer, if this is what you meant) should say that you can strengthen the weak points by making the system less susceptible to human error.

Comment author: jwhendy 06 April 2011 10:55:52PM 2 points [-]

I was about to say no, but realize that I did write that incorrectly. To re-write, it would have redundantly said:

trying to strengthen the strong points is generally accomplished via a method that further increases susceptibility to human error (you have to implement "hand-done" encryption), whereas the encryption (the existing strong point) was fine as it was.

Does that help? I did have it wrong, thinking that implementing some form of hand-done encryption was an attempt to strengthen the weak points... but such activity would actually be in the "already-strong" category.

Comment author: SilasBarta 07 April 2011 01:22:23AM 0 points [-]

You have it correct now. :)

Powered by Reddit Powered by Reddit