[Cryptography] On simple and public cryptography

mok-kong shen mok-kong.shen at t-online.de
Fri Mar 25 17:08:47 EDT 2016


A recent article of Bruce Schneier, "Cryptography is harder than it
looks", ends with the sentence "our best chance is to make the
cryptography as simple and public as possible." That "simple" and
"public" criterion is astonishingly violated IMHO nowadays by almost
all open-source IT-security software in common use, because they are
too big and/or not sufficiently documented so as to attract or enable
experts to voluntarily examine them.

I believe there is not much good chance that this state of affairs
would be ameliorated in some near future, say within a few decades. On
the other hand, IMHO at least for personal communications of the common
people, simple and secure end-to-end encryption is nowadays in fact not
difficult to achieve, one reason of which being that high processing
efficiency is in this special case unessential, so that the codes can
be fairly small and very clear in the programming logic and
consequently easily to be examined by experts and even knowledgeable
laymen and certified by national standardization bodies and/or
IT-professional associations of diverse countries of the world. If a
software could thus obtain a sufficiently large number of independent
certificates, it's trustworthiness would certainly be higher for the
common people to confidently employ it. This kind of end-to-end
encrpytion being self-sufficient for security, one could simply
entirely ignore what the other security protection software along the
path from senders to receivers "claim" to provide. Certainly this would
be merely a minute achievements in the whole scenario of IT-security
applications (part of which may indeed justify stringent requirements
on processing efficiency), but a badly needed and valuable achievement
nonetheless.

M. K. Shen


More information about the cryptography mailing list