Linear improvements in compute power can't stand up to exponential improvements in difficulty.
Anonymous
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Anonymous
The law does not allow me to testify on any aspect of the National Security Agency, even to the Senate Intelligence Committee.
Lt. General Lew Allen Jr., Director of the NSA. (Probably from The Puzzle Palace by James Bamford.)
The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and they have to start all over.
Andrew Carol
Am I being overly harsh or do others think that the multi-thousand bit key is about sowing fear, uncertainty, and doubt for commercial gain? DES? Not big enough! Triple DES? Not big enough! IDEA? Not big enough! What you need is Dr. Phineas P. Snakeoil's mystery elixir! Filled with matrices and Galois fields to improve the digestion of dyspeptic managers everywhere! Step right up and get a whole case full! Don't ask what's inside ladies and gentlemen! It's a patent medicine that is only available here.
Stephen M. Gardner
The NSA regularly lies to people who ask it for advice on export control. They have no reason not to; accomplishing their goal by any legal means is fine by them. Lying by government employees is legal.
In cyberspace everyone will be anonymous for 15 minutes.
Graham Greenleaf
Cryptography, at least in its public embodiment, is finally, slowly, and painfully becoming a science. Part of that evolution is the dawning of an understanding of exactly what cryptographic guarantees mean, and how delicate they can be. I think it's safe to say that not a single cryptographic claim made in any paper published before, oh, 1985 or so (perhaps even as late as 1990) could be fully justified today. (Of course, the better work was usually almost correct, but the theoretical underpinning was simply not there to even state the claims in a way that could be properly formalized.)
Jerry Leichter
BTW, I learned a lovely new acronym today: "Law Enforcement Agency Key" -- LEAK.
Charles H. Lindsey
The notion that an anonymous posting needs to be traceable to its source is a product of the unification of the old time conservative desire to squelch free speech with the new fangled politically correct liberal desire to squelch free speech.
Perry E. Metzger
The right to speak PGP is the right to speak Navajo.
So we must see that the balance we strike when we destroy all control over encryption is rather more complicated than the policemen let on when they talk about the crimes they would not have prevented without wiretapping. It is also about the crimes we will prevent when people may speak freely, everywhere, all the time. The good that will come from that is hard to overestimate.
How long before we Americans are reduced to doing crypto with a deck of cards? (See Bruce Schneier's Solitaire).
Mordy Ovits
Note to amateur cryptographers: simple analysis is a good thing, if it doesn't weaken the cipher. ... It's better to be able to prove that an attack won't work than to have to guess that it won't because it's too much work.
Colin Plumb
The wire protocol guys don't worry about security because that's really a network protocol problem. The network protocol guys don't worry about it because, really, it's an application problem. The application guys don't worry about it because, after all, they can just use the IP address and trust the network.
There is a parallel between designing electronic commerce infrastructure today that uses weak cryptography (i.e. 40 or 56 bit keys) and, say, designing air traffic control systems in the '60s using two digit year fields. ... Just because you can retire before it all blows up doesn't make it any less irresponsible.
Arnold G. Reinhold
In the design of cryptosystems, we must design something now for use in the future. We have only the published facts of the past to stand against all the secret research of the past and future for as long as a cipher is used. It is therefore necessary to speculate on future capabilities. It is not acceptable to wait for a published attack before a weakness is considered in cipher design. It is instead necessary to try to perceive weaknesses which have not yet contributed to full attacks, and close them off.
Terry Ritter
Key escrow to rule them all; key escrow to find them.
Key escrow to bring them all and in the darkness bind them.
In the land of surveillance where Big Brother lies.
Peter Gutmann
Mary had a little key (It's all she could export),
and all the email that she sent was opened at the Fort.
Ron Rivest
Mary had a little key - she kept it in escrow,
and every thing that Mary said, the feds were sure to know.
Sam Simpson
Crypto is not mathematics, but crypto can be highly mathematical, crypto can use mathematics, but good crypto can be done without a great reliance on complex mathematics.
W T Shaw
Child pornography -- I never heard of it as a problem five years ago, but now it's brought up constantly. I think it's the new Red-baiting. The people in Burma don't understand how it is that we are focusing our whole crypto policy on catching child pornographers. If you think that cryptography is good for society you have to apologize and say that you are against child pornography... The fact that I even have to say that is an indication of how effective this Red-baiting is... I think that we can't let our civil liberties for the society at large be determined by government policy towards a tiny segment of the criminal population.
I should be able to whisper something in your ear, even if your ear is 1000 miles away, and the government disagrees with that. [GQ magazine in England] quoted me on that -- they changed one letter. It said I should be able to whisper something in your car, even though I am 1000 miles away. I wonder what the people in England think of me.
With PCs 1,000 times more powerful than they used to be, our encryption keys can and should be 1,000 times bigger too. That means cryptokeys of at least 56,000 bits.
Seen on developer.com
If you believe cryptography solves your problem, you probably understand neither cryptography nor your problem.
