1. 104
  1.  

  2. 25

    Let me say that among all crytography related blogs I have read, this is the only one where (I feel) I understand something, learn about the fact that cryptography cannot be improvised and that I don’t feel like a moron at the end of the post.

    When reading other resources often I feel it’s: “use AES/RSA/…”, “don’t roll your own crypto”, … and goes on with how bad it can gets, but never the stories around to actually “educate” readers.

    Once again, thanks and please continue!

    1. 14

      I remember Time AI. Holy-moly. +1 to the guy who said something.

      Great article :)

      1. 2

        Oh man, Time AI was hilarious. Can’t believe it’s been so long already. Good times.

        1. 2

          I just watched the part of that talk that’s on YouTube, and… Why didn’t more people say or do anything? Everything said was complete pure garbage so obvious even I recognized it, but a whole room of (presumably) cryptographers clapped afterwards? And nobody brought it up during the Q&A? And nobody even followed up after that one guy shouted out that it was an obvious hoax??

          1. 4

            This was at Black Hat USA, which has some security people but with a ticket price of >$2000 per head, most of the attendees are members of security vendors’ sales teams–which generally do not have specialized cryptographic knowledge and are unqualified to make these kinds of judgments.

            I suspect the security people were the ones sitting there with their arms crossed, frowning furiously while everyone else clapped.

      2. 7

        A rather interesting cluster of crackpot cryptography could be observed at the beginning of the NIST post quantum cryptography competition.

        What made this situation somewhat unusual is that the competition was open for everyone, and ultimately there needed to be some judgement on why to exclude algorithms, so people analyzed them. There were plenty of completely broken algorithms early in the competition, usually in all likelyhood noone would’ve looked at them.

        1. 2

          I didn’t really pay attention until Round 2 so I missed a lot of this context. Have you ever written anything about it? I’d love to read more if you have. :)

          1. 3

            No, unfortunately not. It was briefly mentioned in a talk by Dan Bernstein and Tanja Lange at CCC afair.

            I remember Lorenz Panny did a lot of the breaking, e.g.: https://twitter.com/yx7__/status/945283780851400704

            One of the authors of one of the algs had at some point in the past contacted me and wanted to tell me something along the lines of “all other cryptographers are idiots and my algorithm is the only pqcrypto that works”. His algorithm sounded weird, I ignored it, then later saw it again as one of the “easily broken” ones.

        2. 5

          Crackpots are often mentally ill/delusional, and they exist in every field. It’s nice to have some compassion, but preventing them from causing any harm is important too. Dunking on them (as in the linked email thread, and to some extent in the article) seems almost cruel, but I don’t know of a better way to prevent harm/trickery— if they’re advertising themselves, they can’t really be ignored.

          1. 3

            Jason Dodenfeld (WireGuard)

            It’s spelled “Donenfeld” :)

            1. 4

              Thanks, fixing

            2. 3

              This is bringing the Gell-Mann Amnesia Effect to mind. The author gives a bunch more examples of articles that get just everything wrong.

              1. 2

                nice article!

                1. 2

                  The TempleOS guy was a crackpot, the Crystalline guy just sounds like a dick who doesn’t want to learn anything.

                  1. 7

                    I think it’s a bit mean to call him a ‘crackpot,’ he suffered from some mental disorders but this in no way diminishes his value or his intelligence.

                    My understanding of ‘crackpot’ in this context is that it refers to people designing ridiculous things and then expecting people to trust them.

                    1. 15

                      I don’t think Davis ever made claims that templeOS was new technology or that it was better than everything else, although it’s possible. In his more lucid moments I remember him talking about how it’s an hobbyist OS that is not suited for everyday use. A crackpot usually will go around emailing academics and companies begging for recognition, usually out of some delusional self-importance.

                      1. 3

                        Yes, we agree :)

                        1. 1

                          Does that definition make Ted Nelson a crackpot?

                          1. 5

                            Hmm, maybe. Xanadu was vaporware for a very long time (and I think is still closed source) and makes wild claims about being “better than the world wide web”. Jack Parsons was also probably a bit of a crackpot, but he also furthered rocketry, so I don’t know.

                            1. 2

                              I think Ted had a set of ideas that were more separate from each other than he thought. Some of those ideas were extracted from his conception of Xanadu and have been extremely and indisputably influential. And he deserves recognition for those ideas and promoting them.

                              Continuing to insist that they were not separable, or to insist that his own implementation of Xanadu is better than the web we have today is more obviously crackpot, in my opinion.

                              1. 3

                                It is also entirely possible to be productive, skilled, and respected in one area, and simultaneously be a crackpot in others.

                                /me glances at Gwyneth Paltrow

                          2. 2

                            “Crackpot” isn’t a value judgement on his worth as a person, because I’m in no position to make such a judgement. But if the word doesn’t apply to him, it doesn’t apply to anybody. Crackpottery IMO is in one’s actions, not in their causes.

                          3. 2

                            Mr. Davis wasn’t a crackpot; God told him to build a Commodore x86-64, and he did.

                          4. 1

                            “You can break 128-bit ciphers in 2^{64} time.” I don’t understand where this is coming from. Or is this a statement about the quantum computer attack?

                            Also is there a guess that a quantum computer would take a day for 2^{56} operations because that’s what Deep Crack needed for DES? I don’t get the connection.

                            1. 4

                              “You can break 128-bit ciphers in 2^{64} time.” I don’t understand where this is coming from. Or is this a statement about the quantum computer attack?

                              Yes: Grover’s attack.

                              Also is there a guess that a quantum computer would take a day for 2^{56} operations because that’s what Deep Crack needed for DES? I don’t get the connection.

                              It’s based on the 24 hours for CloudCracker (from Moxie’s DEFCON 20 talk breaking MSCHAPv2).

                              If breaking 56 bits of security requires 24 hours, math says 64 bits requires 256 days.

                              The actual mechanics of a quantum-assisted attack might make this infeasible, but since practical quantum computers don’t currently exist, we don’t know what complications might arise with running Grover’s attack at scale. So I’m shoehorning in the known attack times in a very hand-wavy manner to gauge the minimum time it would take to break a 64-bit secure cipher (which is what Grovers’ reduces 128-bit AES to).

                              1. 2

                                Ok, seems like a big shoe-horn but thanks for explaining. :)

                            2. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                              1. [Comment removed by author]

                                1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                  1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                    1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                      1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                        1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                      2. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                    2. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                      1. 25

                                        You are, of course, entitled to your opinion, but asking why no one else is going to comment that furry is “cringey” is a bit of a weird frame for your initial comment. It’s like you’re assuming everyone else finds furry art cringey too. In my experience running this blog for almost a year, most people seem to not care either way.

                                        Observation: The entire concept of using “cringey” or even just “cringe” as a label can be loosely classified under the label “cringe culture”. Whether or not you personally identify with that crowd is unclear, but you’re speaking like one of them.

                                        In my opinion, cringe culture–especially as practiced by content creators who emphasize Internet memes–is incredibly toxic. I’m not alone in this opinion. (By the by: There’s also a significant queerphobic and ableist component to the extremes of their community, and that’s why it’s so often directed at furries.)

                                        If you don’t like my fursona appearing in my blog posts, I encourage you to block it at the DNS level. Then you can be spared the annoyance of reading my work. I will only ever publish on soatok.blog in the future, so this will be sufficient to remove it from your experience.

                                        However, I have no plans to change my blogging style–especially considering the fact that most people don’t mind it, and many people greatly enjoy it.

                                        1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                          1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                            1. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]

                                        2. [Comment removed by moderator pushcx: Nuking off-topic rehash of adults freaked out by cartoons.]