Neal Koblitz critiques modern cryptography.
James A. Donald
jamesd at echeque.com
Tue Sep 4 19:56:18 EDT 2007
Victor Duchovni wrote:
> This part is not too radical. The more specific
> skepticism of security proofs (I am reluctant to agree
> that these are actively harmful), seems to be a
> combination of the peer review issue above, and
> (often?) lack of tight bounds that make the proofs
> applicable to realistic parameter sizes.
"Proof of security" is actively harmful, for the best
proofs of security are not worth much, and merely by
existing, they give license for people to produce proofs
that are amazingly worthless. As "proofs" of ever
diminishing value multiply, it becomes difficult to
distinguish the multitude of utterly worthless "proofs"
from those proofs that have some limited value.
While it is possible to produce a proof that is actually
worth something, lots of morons glibly churn out large
numbers of proofs that are as stupid as they are
worthless.
Even the best "proofs" of security involve some
misdirection and a lowering of our standards about
proof, whereupon one thousand idiots gleefully point at
that subtle lowering of standards as justification to
lower standards a great deal further - snake oil wearing
the decorations of mathematics.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list