Yes, I think that’s a fair representation of my position, and let me say a few words in defense of it.
I think you’ve done well at that, and it makes sense. As a result… I’m just not sure I know at present how one might apply these principles to eliminate any forms of encryption and make anything in nature useful for improving prediction!
One of my goals in learning crypto is to know if and when this actually would improve security, and as best as I can tell, it doesn’t—as ciphergoth suggested to me, it makes your cryptosystem weaker where it’s already the weakest and stronger where it’s already strong enough. And it’s the weakest link that matters.
Could you explain if this was sort of an “aside continuation” re. the leetspeak comment or about encryption in general? In other words, are you saying that it doesn’t help to add an “underlying” layer of additional encryption, or that encryption, in general, doesn’t doe anyone much good?
Could you explain if this was sort of an “aside continuation” re. the leetspeak comment or about encryption in general? In other words, are you saying that it doesn’t help to add an “underlying” layer of additional encryption, or that encryption, in general, doesn’t doe anyone much good?
First, just to make clear, those were separate events, far removed in space and time. Ciphergoth’s remark was not directed at my leetspeak idea, but the principle applies just the same.
Encryption does accomplish the goal of raising the cost of accessing your messages to the point of infeasibility, and I wasn’t trying to deny that. To expand on the point about the underlying encryption: generally, the published cipher you use to encrypt your data is far stronger than it needs to be to keep your data safe; any succesful method of attacking it would go after the implementation of it, and in particular the people that need to make it work. Hence this comic.
So let’s look at your idea. Another relevant weakpoint of a cryptosystem would be the difficulty for the user of not messing it up, and this critically relies on you being able to access your (full) key. If you have to simultaneously do the work of remembering this secret language, this can mentally exhaust you and increase your rate of error in implementing the protocol—so it adds a weakness to the weakest part of the system (the human) just to strengthen the part that’s already the strongest (the encryption itself).
First, just to make clear, those were separate events...
Yup.
Also have seen that comic. So, you were basically saying:
encryption helps, and the actual encryption is the strongest point
the weak points are the people (prone to messing up) and (filling in my own list) things like leaving your computer on and unattended, only locking your screen vs. shutting down, having non-encrypted swap/var/etc, and the like.
further, trying to strengthen the weak points is generally accomplished via a method that further increases susceptibility to human error, whereas the encryption itself was fine as it its.
That’s correct, except your last bullet (to be clearer, if this is what you meant) should say that you can strengthen the weak points by making the system less susceptible to human error.
I was about to say no, but realize that I did write that incorrectly. To re-write, it would have redundantly said:
trying to strengthen the strong points is generally accomplished via a method that further increases susceptibility to human error (you have to implement “hand-done” encryption), whereas the encryption (the existing strong point) was fine as it was.
Does that help? I did have it wrong, thinking that implementing some form of hand-done encryption was an attempt to strengthen the weak points… but such activity would actually be in the “already-strong” category.
I think you’ve done well at that, and it makes sense. As a result… I’m just not sure I know at present how one might apply these principles to eliminate any forms of encryption and make anything in nature useful for improving prediction!
Could you explain if this was sort of an “aside continuation” re. the leetspeak comment or about encryption in general? In other words, are you saying that it doesn’t help to add an “underlying” layer of additional encryption, or that encryption, in general, doesn’t doe anyone much good?
First, just to make clear, those were separate events, far removed in space and time. Ciphergoth’s remark was not directed at my leetspeak idea, but the principle applies just the same.
Encryption does accomplish the goal of raising the cost of accessing your messages to the point of infeasibility, and I wasn’t trying to deny that. To expand on the point about the underlying encryption: generally, the published cipher you use to encrypt your data is far stronger than it needs to be to keep your data safe; any succesful method of attacking it would go after the implementation of it, and in particular the people that need to make it work. Hence this comic.
So let’s look at your idea. Another relevant weakpoint of a cryptosystem would be the difficulty for the user of not messing it up, and this critically relies on you being able to access your (full) key. If you have to simultaneously do the work of remembering this secret language, this can mentally exhaust you and increase your rate of error in implementing the protocol—so it adds a weakness to the weakest part of the system (the human) just to strengthen the part that’s already the strongest (the encryption itself).
Does that make sense?
Yup.
Also have seen that comic. So, you were basically saying:
encryption helps, and the actual encryption is the strongest point
the weak points are the people (prone to messing up) and (filling in my own list) things like leaving your computer on and unattended, only locking your screen vs. shutting down, having non-encrypted swap/var/etc, and the like.
further, trying to strengthen the weak points is generally accomplished via a method that further increases susceptibility to human error, whereas the encryption itself was fine as it its.
Sound good?
That’s correct, except your last bullet (to be clearer, if this is what you meant) should say that you can strengthen the weak points by making the system less susceptible to human error.
I was about to say no, but realize that I did write that incorrectly. To re-write, it would have redundantly said:
Does that help? I did have it wrong, thinking that implementing some form of hand-done encryption was an attempt to strengthen the weak points… but such activity would actually be in the “already-strong” category.
You have it correct now. :)