[tahoe-dev] cleversafe says: 3 Reasons Why Encryption is Overrated

Shawn Willden shawn-tahoe at willden.org
Wed Aug 5 17:54:20 UTC 2009


My two cents:

On Wednesday 05 August 2009 09:28:59 am Zooko Wilcox-O'Hearn wrote:
> So, I'm going to
> try to throw out a few short pieces which hopefully each make sense.

I think your comments were very clear.

> Third, I don't understand why Cleversafe documents claim that public
> key cryptosystems whose security is based on "math" are more likely
> to fall to future advances in cryptanalysis.

I don't see that you can say anything one way or the other.  There are plenty 
of examples of both trapdoor functions and traditional mixing and diffusion 
ciphers that have fallen to cryptanalysis, and there are examples on both 
sides of ciphers that have stood the test of time.  Beyond that, speculation 
about what sorts of mathematical tools are more likely to be invented in the 
future strikes me as a fruitless exercise.

About the only useful comment I think you can make in this regard is that 
either sort of breakthrough would defeat Tahoe's security, whereas Cleversafe 
is only vulnerable to one of the two.  In other words security(tahoe) = 
min(security(rsa), security(aes)) while security(cleversafe) = security(aes).

Well, modulo key management/access control issues -- which are, in practice, 
where real vulnerabilities are most likely to be found.

> Fifth, as I've already mentioned, the emphasis on cryptography being
> defeated due to advances in processing power e.g. reference to
> Moore's Law is confused.  Advances in processing power would not be
> sufficient to crack modern cryptosystems and in many cases would not
> be necessary either.

Moore's law is irrelevant, because even if it could continue unabated forever 
(and I don't think anyone believes it can, certainly not in its original 
formulation, and not even in its popular formulation), such incremental 
improvement would require lifetimes to even begin to threaten AES-256.  That 
said, there *is* a clear, well-known potential new technology which could 
threaten RSA.  A practical quantum computer of sufficient size could well be 
an "advance in processing power" which would render Tahoe's mutable files 
(and directories) insecure.

Personally, I have no concerns about the security of either system.  What's 
more interesting to me is the practical questions about ease of deployment 
and management, performance, assurance of fairness, etc.  If one project or 
the other has a fundamental advantage in one of those areas, I'd like to hear 
it.

Oh, one other area I care about:  Approachability and lack of arrogance of the 
key developers.  From where I sit, this measure strongly favors Tahoe :-)

	Shawn.



More information about the tahoe-dev mailing list