
This war on math is still bullshit - jonbaer
http://techcrunch.com/2016/03/26/this-war-on-math-is-still-bullshit/
======
nickpsecurity
Saying that cryptography restrictions are a war on math is like saying
explosive restrictions are a war on physics. It's ignorant. What we're really
talking about is if a man-made construct should be free, regulated, banned, or
some combination depending on context. We're then talking cost-benefit
analysis of that. Then, my side argues against such restrictions given they
imply huge, potential costs with virtually no benefits to the public.

Much more reasonable.

~~~
thescriptkiddie
Call me biased, but that analogy doesn't work.

Explosives aren't made from physics. An understanding of the physics involved
is insufficient to manufacture them. They aren't just a man-made construct,
they tangible objects. You can't will an atomic bomb into existence by drawing
up plans for one.

Cryptographic functions, on the other hand, _are_ pure math. The concept and
the implementation are one and the same. They are nothing but a mental
construct built from basic mathematical principles. If even one human
understands cryptography and shares that knowledge, nothing can stop the whole
planet from using it.

So, is there a war on math? If there is a war on cryptography (I don't think
there is any more, we won that war years ago), then yes, there is a war on
mathematics.

~~~
nickpsecurity
"Explosives aren't made from physics. An understanding of the physics involved
is insufficient to manufacture them. They aren't just a man-made construct,
they tangible objects."

"Cryptographic functions, on the other hand, are pure math."

Oh, wow, you're living up to your name in this one. The bomb works through
physics. The crypto works through math. The purpose and result come through a
specific configuration. And, no, cryptographic functions are not "pure math:"
they're instruction sequences trying to implement math on computers powered by
the physics of electrical engineering. Next you'll be telling me side channels
don't exist because they're not in the math.

"Don't Trust the Math"
[https://www.schneier.com/blog/archives/2013/10/friday_squid_...](https://www.schneier.com/blog/archives/2013/10/friday_squid_bl_396.html#c2056522)

~~~
pixl97
>The bomb works through physics

So I can take a box of physics and make a bomb? No. Bombs require chemicals
and they can be regulated.

>The crypto works through math.

Yes, as in you don't need the computer hardware to actually do the encryption.
You could do it on paper if you wanted (and had an unlimited amount of time).
The encryption is agnostic of the actual hardware it runs on.

~~~
nickpsecurity
So, I can take some math equations and I have working SSL deployment? No, they
require machine instructions on electrical equipment. Both can be regulated.

And your model requires user to have unlimited amoumt of time? I dont know
many crypto deploymemts supporting that. Your model gets even further from
reality.

~~~
thescriptkiddie
You can't regulate machine instructions, dude. Are you gonna build a computer
that can run any sequence of instructions _except_ the ones that implement a
cryptographic algorithm?

~~~
nickpsecurity
"You can't regulate machine instructions, dude."

It's already done in a number of countries with people serving time for using
it or not handing over keys. Many of those countries are implementing dragnet
surveillance to get more control and detect more crypto. Or are you also
myopically focused on just the math and numbers getting into the computer or
pencil/paper part? Models and math don't mean crap without considering real-
world requirements and implementation. In real world, those ciphertexts will
go over a wire, radio, or couriered object. Two are easily detected by
surveillance with randomness checks while one is harder but has human and
technical means available.

So, yes, you can regulate the use of a specific configuration of math on
computers and/or the Internet. You can hack those systems then bypass the math
using implementation bugs. You can bypass the math using its electrical
properties (a la side channels). The "math" won't save you if it doesn't
reflect reality and can be banned in implementation while other math stays
legal. _Has_ which you all keep ignoring.

EDIT: Privacy isn't a math problem. It requires political action by citizens,
math constructs, correct design of systems, mitigation of electrical issues,
and tamper-resistant tech. It's a _hard_ problem. Political part is most
important as mandated backdoors or jailtime for unbreakable crypto counters
all the rest easily.

------
jhbadger
The problem with saying that the whole thing is bullshit because encryption is
just math is that it ignores that laws really would prevent _companies_ from
putting encryption (useful forms of it anyway) on phones. Yes, elite hackers
(and perhaps terrorists, but they are not usually very bright people) could
encrypt their phones anyway, but the vast majority of non-technological people
wouldn't if it was difficult and/or involved breaking laws.

------
cmdrfred
What happens when crypto is banned and the 'terrorists' have a copy of
openPGP.js or sjcl.js saved somewhere?

------
mobiuscog
This whole 'war' is actually about convenience and nothing to do with privacy
(or 'math').

If you want your information to be private, don't store it on a device that
cannot guarantee that privacy. If you _have_ to use that device, encrypt the
data first, yourself.

Oh, but wait, that takes time and is hassle - I like the device manufacturer /
network provider / etc. to do that for me so I DON'T HAVE TO WORRY ABOUT MY
PRIVACY.

If it's that important to you, ensure it happens. If it's too inconvenient,
it's obviously not really that important.

Of course, that's what 'smart' phones are in the first place - money & privacy
in exchange for convenience.

 _shrug_

