[ExI] openness again

John Clark johnkclark at gmail.com
Mon Apr 4 22:28:16 UTC 2016 

On Sun, Apr 3, 2016  Anders Sandberg <anders at aleph.se> wrote:

​>> ​
>> ​I presume that wouldn't include the entire world knowing ​my credit card
>> number.
>
>
> ​> ​
> The problem with credit card numbers is that currently we use security by
> obscurity: much of your protection comes from me not knowing your number,
> rather than restrictions on how I can use it. A good authentification
> system would make knowing your card number useless to me, just as me
> knowing your email address doesn't allow me to hack your mail server
>

​But if you knew all there is to know about my mail server including
passwords and private encryption keys you could hack it. ​


> ​> ​
> Now imagine a 100% surveillance world. In this world there would not be a
> need for a passwords or codes, since in principle whenever you wanted to
> use your card the system could just trace you back to the moment you got
> the card at the bank years before.
>

​And if somebody ​knew all there was to know about "the system" they could
hack that too and successfully pretend to be me.



> ​> ​
> Personal continuity makes for a great authentification system.
>

​Provided people trust it, provided they believe that the continuity the
system displays is the truth. Should they believe the system if everybody
can hack it? And if the system is secure because it keeps passwords and
encryption keys secret can I also keep passwords and encryption keys
secret?

​> ​
> Note that a transparent intelligence agency in a less than 100%
> transparent world doesn't necessarily have to reveal all it knows. It can
> reveal that it monitors the world, but not the information it has gathered.
>

​So the system can keep secrets from me but I can't keep secrets from the
system.​

​Sounds like a one way mirror to me.​

​> ​
> you cannot make a cryptosystem/intelligence system much safer by hiding
> the principles of its operation
>>

​I agree but I'm not talking about general principles, I'm talking about
keeping specific passwords and ​encryption keys hidden.

 John K Clark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20160404/c9e011a2/attachment.html>

More information about the extropy-chat mailing list