On 8/1/2012 6:13 PM, ved...@nym.hush.com wrote: > These users are *trusting* you with their sensitive information, > but are *blind* as to the problems that may occur. > > It is far, far worse to communicate using encryption, expecting > that privacy will be maintained, when unknown to the user, it may > not be, than not to communicate at all.
I would say that it "may be far, far worse," but with that minor quibble I could not agree more. ===== By itself, GnuPG is useless. It may even be worse than useless. In the best case GnuPG can be an effective tool for ensuring the confidentiality and integrity of messages, but in the worst case it's just cryptographic fairy dust: people think that if they just do X followed by Y and Z, they will somehow magically be secure. Feynman warned against this thinking in science. He called it "cargo-cult science," after the South Pacific islanders who built incredibly intricate religions based on imitating the forms of airplanes, airbases and other things they saw during World War Two. But no matter how accurate the bamboo mock-up of a DC-3 cargo plane is, without an understanding of Bernoulli's Principle, the Navier-Stokes equations, fluid dynamics, mechanical engineering, Newtonian mechanics and the like, you can't make a real DC-3 and your bamboo mock-up will remain something that *looks* like a DC-3 while missing absolutely everything that makes a real DC-3 what it is. Cargo-cult cryptography is the exact same thing, just done with software instead of bamboo. ===== What makes cargo-cult DC-3 airplanes safe is the fact they never get airborne. We know they are clearly, obviously, defective from the get-go, and so we never trust them. We might fool ourselves into thinking we're on the right track and next year's bamboo DC-3 will be able to take off to fly to John Frum [1] for sure, but this year's plane is just not working. Nobody really gets hurt. But cryptography is not like an airplane, where the fake stuff becomes evident very early on. Cryptography is more like an ejection seat. When you need it, it has to work right, the first time, even while the aircraft is on fire, breaking up, and about to explode... and even then, if you go into it without training, you'll probably be dead before you hit the ground. The popular understanding of an ejection seat -- "pull the D-rings and enjoy the ride" -- is completely wrong. Pilots have to train for ejection because there are so many things that can screw up. You have to get into the right position for ejection because otherwise you'll shatter your spinal column from the 35+ Gs of acceleration. And once you've ejected, with your vertebrae cracked and/or broken, you have to consider the possibility you may be on fire. (Seriously. You were sitting on top of a rocket motor inside an aircraft that was on fire and about to explode. You may be on fire.) What do you do then? Your shroud lines may get tangled. How do you untangle them? How do you untangle them with a broken spinal column and your boots on fire? You may be about to land in hostile territory, injured, and with an army hunting you. How do you hide and how do you evade? The purpose of training is not to give you rote tools. The purpose of training is to teach you how these rote tools work, how to use them in concert, when one tool is disadvised and another is strong, when two tools can be combined in creative ways, and so forth. It is to give you the ability to improvise highly effective solutions to the demands of a chaotic and ever-changing world. Pilots call their training "training," and call their knowledge of how to use their training "the Right Stuff." In communications security, knowing how to use training is called "tradecraft." [2] ===== Whenever I hear someone say that GnuPG is too hard to use, well, I sympathize with them. GnuPG is very hard to use. It has a learning curve like the Matterhorn. I have no disagreement there. But when I hear people say they have a great idea that will allow people to keep secure against dedicated, serious adversaries while requiring very little training or knowledge on the part of the user, well... There is no replacement for tradecraft. There will never be a replacement for tradecraft. Tradecraft is always a hard skill to acquire. (I am a rank amateur, and I doubt many people on this list are better.) And you can rely on a dedicated, serious adversary having excellent tradecraft of their own. [1] http://en.wikipedia.org/wiki/John_Frum [2] http://en.wikipedia.org/wiki/Tradecraft _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users