[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)

Michael Powers michael at mpowers.net
Sun Mar 16 17:33:58 EDT 2014 

This:

> The successful winner of this competition won't be perfect, it won't
> guarantee that the NSA cannot subvert it, it wouldn't even guarantee
> that it'll be widely used in practice, but it would be a foundation
> for the mammoth task that lies before us, to take back the internet.


is what we're trying to achieve with the Trsst Project. 

If I could take this moment to bump my request from yesterday (Subject "Encryption in Trsst") for an initial review of at least the encryption part I posted, I'd really appreciate any course correction or validation.  

Much obliged.

On Mar 16, 2014, at 10:57 AM, Ralf Senderek <crypto at senderek.ie> wrote:
> 
> It seems to me that it might make sense to get an open competition
> going to elect a process of building trust in crypto that actually
> works in practice and gets us out of the situation we're stuck in today:
> 
> The challenge is this:
> 
> "Show me the whole practical process anyone on this planet can use to
> have a secure online communication with someone else."
> 
> The proposals must not be reduced to technical specifications but need to
> show how exactly we can achieve the results of trust building. In this
> process individuals must play an important role. As a precondition the
> process must be entirely comprehensible and verifiable, so that a variety
> of smart people - including the President and the God King - can expose
> themselves to say "Yes, I've checked this approach, I know of N capable
> colleagues that I know have scrutinized the code and the inner workings.
> I might be wrong, but I sincerely would recommend to use this to my wife."
> 
> The successful winner of this competition won't be perfect, it won't
> guarantee that the NSA cannot subvert it, it wouldn't even guarantee
> that it'll be widely used in practice, but it would be a foundation
> for the mammoth task that lies before us, to take back the internet.
> 
> Including the personal aspects, the need for a reliable framework that
> shows all checks have actually been done in a way people can understand
> might make this approach a success. I hope this can help to get the
> ship going again, and I'm sure others will have much better ideas how
> to achieve trust in crypto. Don't keep them to yourself.
> 
>    --ralf
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list