Schneier on Bernstein factoring machine

Derek Atkins derek at
Wed Apr 17 10:51:21 EDT 2002

Russell Nelson <nelson at> writes:

> The union of the two sets of "cryptography users" and "paranoid
> people" is necessarily non-empty.  Who would bother to use
> cryptography sans a threat model?  And if you've got a non-empty
> threat model, then by definition you're paranoid.

I think it's really about degree.  I don't agree that having a
non-empty threat model implies you a paranoid.

You could have a threat model of "I don't want my sister or parents to
read this" which is very different than "I don't want the NSA or KGB
to read this".  I would certainly call both of these statements a
"non-empty threat model".  I would certainly call the latter threat
model "paranoid"; I would NOT call the former threat model paranoid --
I would call it a "normal teenager" :)


       Derek Atkins
       Computer and Internet Security Consultant
       derek at   

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list