SJain– A small addition to Beneroth: It is never a good idea to write your own implementations of encryption algorithms if that can be avoided: it is safer to use publically available code used by and checked by many others. Picolisp has good interfaces to various libraries, which makes that straightforward. Shaughan
Sent from ProtonMail mobile -------- Original Message -------- On May 21, 2021, 10:44 AM, wrote: > Hi SJain > > There is no meaningful difference. It doesn't matter if you have a write-able > text file or a write-able binary - yes of course text is easier to edit than > binary, but that is security by obscurity at best (which is not security). > All meaningful cryptographic algorithms are designed to not be weak even if > you know everything about the running system - except the encryption > keys/parameters, that is. Algorithms which derive their security from an > attacker not knowing their inner workings are again basing their hopes on > security by obscurity, which is an illusion. > > You talk about the security of a running system. If a malicious actor has > access on a system, be it with an account which has more permission rights > than it should have (or ways to break out of those restrictions), or even > physical access, then nothing can stop an determined attacker. You already > lost when the attacker obtained this level of access and you cannot trust the > system anymore (= you should wipe and re-install it). > > A main problem with crypto is not weaknesses in the algorithms (though such > are hard to find, and sometimes only found by mathematicians after many years > of analysis), but often implementations have mistakes or the programmer > didn't understand the use of the algorithm correctly and missed some > fundamental detail. A language which makes understanding of the > implementation easier to grasp through having less language concepts, shorter > code to read and understand, and less "accidental complexity" (complexity > stemming from the implementation and not the task, e.g. manual memory > management) will be easier to check for implementation mistakes and easier to > correct them. So from that aspect, I think PicoLisp is probably better fitted > than a complex C++ implementation with a lot of accidental additional > complexity. > > Another aspect is, that cryptographic computation is mostly numeric > computation, and that is not really the strength and intention of PicoLisp. > So with that in mind, PicoLisp is not so well suited for crypto calculations, > especially if you want to optimize for performance - but not all crypto use > cases desire performance, so it depends. > > Regarding blockchain.. well the sole purpose of blockchain is to operate a > distribute database AND operate it by different people who actively mistrust > another. This makes it somewhat suited for crypto currencies like bitcoin, > but there is not really any other meaningful application. In nearly all > real-world scenarios, people can agree on a single group to be the masters of > a database and be trusted. Surely such a system warrants checks and balances, > but still you can then setup a central database operated by a single actor, > and this has just better performance, lower operating costs, lower > maintenance costs, just easier and better in all aspects. We have this with > all sorts of systems in private companies and on government levels, and even > on international agreed level even when the member parties not trust each > other but trust an institute they operate together and keep each each other > in check all the time. > > So in my humble opinion, any real world application of blockchain technology > outside of anti-governmental currency is complete bullshit and usually just a > scheme to get money from fashionable investors and computer-illiterate > governments. Or a pet project for developers to feel clever about themselves > while wasting intelligence and energy on stock market games instead of > increasing quality of life for humanity. > > Some believe they can do meaningful blockchain applications. I think they're > wrong. But even those people are completely dominated by > get-rich-quickly-schemers, see this twitter link and it's discussion by > insiders: > > - https://twitter.com/jonsyu/status/1389635626698297344 > > - tl;dr: it's all just scammers and inside traders. > - https://news.ycombinator.com/item?id=27061700 > > - tl;dr: confirm. > > Kind regards, > - beneroth > > On 21.05.21 18:43, SJain wrote: > >> There was a mail regarding picoLisp for blockchain. I am No expert in >> software, but I would have thought a compiled language with encryption, with >> full source code available, would be a more secure application than a >> interpreted language, requiring source code in readable and writable text >> file, such as picoLisp, despite all it's charm. >> I would appreciate any thoughts on this. >> Regards, >> >> SJain >> India
