Schneier on Bernstein factoring machine

Russell Nelson nelson at
Wed Apr 17 12:03:37 EDT 2002

Dan Geer writes:
 > >   The union of the two sets of "cryptography users" and "paranoid
 > >   people" is necessarily non-empty.  Who would bother to use
 > >   cryptography sans a threat model?  And if you've got a non-empty
 > >   threat model, then by definition you're paranoid.
 > Uh, I don't have to run faster than the bear I just have
 > to run faster than you ?

But a bear is a decidedly non-empty threat model.  Here's two of my
favorite quotes (I made 'em up, myself, so natch I like 'em):

    "Crypto without a threat model is like cookies without milk."
and "Security is never without cost."

I think that the reason that the vast majority of computer users don't
use cryptography is because the value of cryptography in addressing
their threat model is lower than the cost of dealing with cryptography
(user interfaces ++ key management ++ not leaking information ++
secure storage).  Okay, so some people might say "But if it weren't
for the NSA opposing widespread crypto use, it *would* be easy to
use".  Dealing with the NSA's opposition is part of the cost of
dealing with cryptography.

-russ nelson     | Economic ignoramuses find
Crynwr sells support for free software  | PGPok | economics easy to criticize,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | because none of it makes
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | any sense to them!

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list