[3059] in cryptography@c2.net mail archive
Re: practical encryption
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Jul 24 01:13:03 1998
To: nelson@media.mit.edu (Nelson Minar)
Cc: cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 23 Jul 1998 13:49:53 -0400
In-Reply-To: nelson@media.mit.edu's message of Thu, 23 Jul 1998 09:43:58 -0400
nelson@media.mit.edu (Nelson Minar) writes:
>> Or is this horribly naive?
Unfortunately, I think so. I don't think we'll ever be able to
educate the general population on the subtleties of cryptographic
systems. When I'm working on a system, I know that if it's not easy
to use, it won't get used. People don't want to know how this stuff
works. OTOH, I don't get the feeling that people think that bad
crypto is worse than no crypto (there is the argument that people
might have a false sense of security, but I've never seen that in the
press).
I continue to believe that until someone experiences a serious, public
loss, we're all going to be perceived as marginal kooks who see danger
where there is none. As an analogy, consider seat belts. Many people
still don't wear them, and the issues there are far simpler than those
surrounding crypto.
Of course, the smart people will listen to us and encrypt their data,
strongly. The really big targets will get the government to make
exceptions for them, so they can export strong crypto. However, most
people just believe what the FBI tells them, for better or worse.
This is not something we can change ourselves.
Until someone compromises a serious financial, government, or
corporate system and causes serious damage (such as by stealing a
*lot* of money, or shutting down a major power grid, etc), and also
demonstrates that the failure was due to poor crypto, nothing will
happen. And even then, I bet our cries of "I told you so" will
probably be ignored. Of course, they'll still need us to clean up
after their mess....
Marc
