[Cryptography] Email is unsecurable

Wed Nov 27 16:20:07 EST 2013

On Nov 27, 2013, at 1:18 PM, Arnold Reinhold <agr at me.com> wrote:
>> Fortunately, there is a solution that we have long been aware of, which
>> is smart cards....
> With the maker movement, open hardware, Adruino, et al, the barrier to entry for hardware has dropped dramatically.... Simple hardware systems have less space to hide backdoors.  I don't want to dump on the people trying to improve existing e-mail protocols and infrastructure, but maybe we should explore different, simpler paths at the same time. 

Ah, the irony.

NSA was for years resistant to software-based cryptography.  The DES initial and final permutations were trivial in hardware, a pain in software.  It's long been thought that they were in the algorithm exactly to slow software implementations.  FIPS and similar standards, whose form was clearly influence by NSA, to this day, have a bias toward hardware, to the point where parts of them have to be really stretched to even make sense for software.

To this day, NSA seems to be big on smart cards and encryption "black boxes" rather than software on general-purpose machines.

It was fashionable for years to dismiss that NSA mindset as just a hold-over from the past - we in the software world knew better.

Well ... maybe we didn't.  :-(
                                                        -- Jerry