[tahoe-dev] cleversafe says: 3 Reasons Why Encryption is Overrated
shawn-tahoe at willden.org
Wed Aug 5 17:54:20 UTC 2009
My two cents:
On Wednesday 05 August 2009 09:28:59 am Zooko Wilcox-O'Hearn wrote:
> So, I'm going to
> try to throw out a few short pieces which hopefully each make sense.
I think your comments were very clear.
> Third, I don't understand why Cleversafe documents claim that public
> key cryptosystems whose security is based on "math" are more likely
> to fall to future advances in cryptanalysis.
I don't see that you can say anything one way or the other. There are plenty
of examples of both trapdoor functions and traditional mixing and diffusion
ciphers that have fallen to cryptanalysis, and there are examples on both
sides of ciphers that have stood the test of time. Beyond that, speculation
about what sorts of mathematical tools are more likely to be invented in the
future strikes me as a fruitless exercise.
About the only useful comment I think you can make in this regard is that
either sort of breakthrough would defeat Tahoe's security, whereas Cleversafe
is only vulnerable to one of the two. In other words security(tahoe) =
min(security(rsa), security(aes)) while security(cleversafe) = security(aes).
Well, modulo key management/access control issues -- which are, in practice,
where real vulnerabilities are most likely to be found.
> Fifth, as I've already mentioned, the emphasis on cryptography being
> defeated due to advances in processing power e.g. reference to
> Moore's Law is confused. Advances in processing power would not be
> sufficient to crack modern cryptosystems and in many cases would not
> be necessary either.
Moore's law is irrelevant, because even if it could continue unabated forever
(and I don't think anyone believes it can, certainly not in its original
formulation, and not even in its popular formulation), such incremental
improvement would require lifetimes to even begin to threaten AES-256. That
said, there *is* a clear, well-known potential new technology which could
threaten RSA. A practical quantum computer of sufficient size could well be
an "advance in processing power" which would render Tahoe's mutable files
(and directories) insecure.
Personally, I have no concerns about the security of either system. What's
more interesting to me is the practical questions about ease of deployment
and management, performance, assurance of fairness, etc. If one project or
the other has a fundamental advantage in one of those areas, I'd like to hear
Oh, one other area I care about: Approachability and lack of arrogance of the
key developers. From where I sit, this measure strongly favors Tahoe :-)
More information about the tahoe-dev