[ExI] hacked email
anders at aleph.se
Fri Nov 28 08:45:27 UTC 2014
The problem with most schemes discussed here are, as Adrian pointed out, that anything that is inconvenient to use will get quickly abandoned - this is why PGP is not ubiquitous, despite having been around for 20 years. Developing a few healthy computer security habits is a good life skill for anyone, but unless you feel actively threatened they will not be far-reaching. Which is why getting a disruptive group member is usually a nasty surprise and too late to set up anything clever.
A system for authenticating that I am who I am is likely best done using encrypted signatures (the math is good) rather than attempts at hiding simple pieces of information in the messages, since the eavesdropping Eve will likely learn about it while listening to Alice and Bob. Signatures likely require proper public key crypto to actually work; I have not seen any non-PKI system that allows outsiders to verify my signature.
In the end, remember Bruce Schneier's warning in Practical Cryptography: "in the past decade, cryptography has done more to damage the security of digital systems than it has to enhance it." (!) Security can never be guaranteed by tech, it is a matter of human trust and resilience. Relying too much on ever so cool protocols will let you down when the assumptions of who or what is trustworthy turn wrong.
(Still, cool tech is cool. At my wedding party I met the head of Humanity+ Sweden who had an implanted bitcoin wallet chip. We discussed the possibilities for crypto-enhanced wedding rings - when the priest blesses the rings it is an ideal moment to generate and cross-sign private keys, with God as a witness to the transaction. )
Anders Sandberg, Future of Humanity Institute Philosophy Faculty of Oxford University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the extropy-chat