[Cryptography] Well Known Bad Ideas, a summary

[John R. Levine]

On Tue, 8 Oct 2025, Henry Baker wrote:
> I am concerned that a number of you in this list appear to be "burned out"
> over these issues, and don't care about the billions of people still stuck
> with these less-than-optimal UX decisions.  That means many more years of big
> tears due to spamming and scamming.

I expect all of us have run into people who have invented a new unbreakable
crypto scheme. But when people with crypto experience look at it, they find it's
a one time pad created by a PRNG, or it's trivially breakable with a known
plaintext attack, or another WKBI. This isn't because the inventor is dumb, but
it is because he or she doesn't have experience with issues that cryptographers
have encountered.

It shouldn't be a big surprise that every kind of security design is like that.
There's a lot of painful experience, and a lot of approaches that look appealing
but don't work when tried at scale, or sometimes at all. I would hope we'd all
try to have some humility here, and realize that expertise in one area doesn't
necessarily translate into expertise in others.*

Also, while I would not make arguments from authority, I would keep in mind that
the people who run large mail systems see more malicious mail in a minute than
any of us see in a lifetime. They have very sophisticated security models,
heavily battle tested. So if a bunch of these large sophisticated mail systems
are doing something, and it seems like a bad idea, it's probably a good idea to
stop and consider whether perhaps their experience has told them something we
might have missed.

R's,
John

PS: Personally, I think I know just enough about crypto that I would never try
to invent a scheme, nor analyze one past those obvious sorts of flaws.

* - The financial world has a trope about selling investments to dentists.