Re: Meganet strikes back
From: Mok-Kong Shen (mok-kong.shen@t-online.de)
Date: 02/17/03
- Next message: Peter Gutmann: "Re: The Crypto Gardening Guide and Planting Tips"
- Previous message: Wolfgang Tork: "RNG and TRNG"
- In reply to: Douglas A. Gwyn: "Re: Meganet strikes back"
- Next in thread: Douglas A. Gwyn: "Re: Meganet strikes back"
- Reply: Douglas A. Gwyn: "Re: Meganet strikes back"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mok-Kong Shen <mok-kong.shen@t-online.de> Date: Mon, 17 Feb 2003 13:55:29 +0100
"Douglas A. Gwyn" wrote:
>
> > There is thus no point of saying anyone having fantasy.
>
> Yes, there is. Silence could be misconstrued as
> agreement. False claims that could have practical
> ramifications need to be challenged (not necessarily
> disproved).
Who knows that it isn't you who has the fantasy and
not the other guys? You would never be able to establish
anything 'definite', just like in all religious debates.
(Or maybe you have never experienced such a debate?)
Proofs are hard to come by in all matters that don't
allow public access from the outset. We know also
that even in situations with official audits, e.g. in
the finance of public utilities, there are often grave
misconducts of employees (corruptions etc.) that remain
undiscovered. (Finding truth in real-life is not the
same as checking a solution of a math equation thru
substitution.)
>
> > (We unfortunately even couldn't 'prove' rigourously
> > that a given 'practical' cipher is 'unbreakable'.)
>
> While that has nothing to do with the issue at hand,
> you're quite wrong about that, to the extent that a
> properly designed cipher is operated as intended.
> For example, true OTP systems with true flat-random
> key streams have in fact been used in practice. As
> should be demonstrated in Cryptology 101, those are
> provably unbreakable when used as designed.
We went over that many and many times. An 'ideal' OTP
is fine but not practically obtainable. What is
obtainable is approximations. The problem is how good
is the approximations. There is no 'rigorous' evaluation
of that that satisfies 'everybody'. Hence there must
remain some 'subjectivity' in assessing any 'practical'
OTP.
> > Note that aids are killing a whole continent (Africa)!
>
> It's actually a global problem; and you have exaggerated
> the impact on Africa in a couple of respects.
Well, isn't an evil that is global is much worse
than one that is local? Africa is far from you and
me. (Hence why should we care? Right?)
>
> > Obviously that seems to be not important at all to the
> > top politicians of the world who have eyes only on
> > economical interests.
>
> Apparently you paid no attention either to the news
> nor to my previous postings in this thread. The *top*
> politician in the world (by many measures) recently
> announced a plan to spend hugely on AIDS research and
> treatment and prevention in Africa. Unfortunately the
> spread of AIDS is largely due to social/cultural
> factors, which makes it especially hard to control.
They talked and talked and talked also about suppressing environment
pollutions, abandonment of land mines, etc.
etc. etc. ad infinitum.
>
> > One has to use one's own 'subjectivity' and one's own
> > experiences in life to 'guess' what is more 'likely'
> > to be true.
>
> Only to the extent that *every* evaluation is inherently
> one of likelihood, even if the likelihood is 100% minus
> epsilon. The big difference here is in one's access to
> relevant information.
Do you have access to the 'relevant' information? I doubt
that. But even if you do, how are you going to 'convince'
others that you do have that access and that you are also
telling the truth? That's like sort of an undecidable
problem in CS.
BTW, your phrase 'access to relevant information' also
reminds me of something that I talked recently with
someone in e-mail. Decades ago a tragedy that was very
much discussed in the world was President Kennedy's
death. The results of official investigations were said
to be kept secret and to be released to the public in
25 years. That period should have ended, if I don't err,
but it seems that people don't yet have access to the
documents. Does anyone happen to know more about that?
>
> > Thus the only thing useful ... is that they call our
> > attention to the 'inherent' risks of (1) unencrypted
> > or non-stego communications and (2) purchasing
> > proprietary crypto products.
>
> Of course there is an obvious risk in using a protection
> service provided by somebody else, or no protection at
> all. However, there could be an even bigger risk in
> relying on a protection system of your own devising.
> The best advice in this regard seems to be to acquire a
> system designed by experts, while applying one's own
> informed evaluation and verification of the design and
> operation.
Right. One should use algorithms and protocols that
have been well scrutinized by the experts in the public
but one should also excercise every care in examining
the sources that one takes over in case one doesn't
do one's own programming and avoid using foreign
executable. One should also consider feasibility
of achieving better strength through e.g. multiple
encryption. (A recent post of David Wagner expressed
a favourable viewpoint about triple encryption.)
M. K. Shen
- Next message: Peter Gutmann: "Re: The Crypto Gardening Guide and Planting Tips"
- Previous message: Wolfgang Tork: "RNG and TRNG"
- In reply to: Douglas A. Gwyn: "Re: Meganet strikes back"
- Next in thread: Douglas A. Gwyn: "Re: Meganet strikes back"
- Reply: Douglas A. Gwyn: "Re: Meganet strikes back"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
