
2017 Levchin Prize for Real World Cryptography - ergot
https://www.linkedin.com/pulse/2017-levchin-prize-real-world-cryptography-max-levchin
======
niftich
Not OP, but I sense perhaps a limitation of HN; articles with comments where
the _comment_ is the submission get conflated with submissions about the
article itself.

(EDIT: the submission's URL has now been changed from a particular reddit
comment at
[https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlin...](https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlinspike_receives_rwc_levchin_price_2017/dc11s2h/?sh=c7c0de08&st=IXZ2E3ZY)
to a different announcement about the prize. The rest of my post as it
originally stood follows.)

Reproducing the subject matter of the submission for discussion's sake:

 _dionyziz says:_

 _I think Moxie decided not to be recorded for his acceptance speech. He said
something very nice during his speech however, and I 'll try to phrase it like
he did:

If you watch videos of politicians giving speeches in the 1930's, you observe
the fascist leaders who gladly accept an applause from the audience because
they have earned it. They feel they are responsible for it, that they are the
creators of history. On the contrary, if you observe a communist leader, they
will applaud with the audience in every chance. This is because they have a
different belief system, that of historical materialism, that history is a
force of its own, unstoppable and inevitable, that drives what is happening in
the world equipped with the momentum of what has happened in the past. These
leaders feel they are simply the bearer of history, the tool that history
chose to run its course, so they applaud together with the audience for
history.

Similarly, today, we have a similar force, and that is technology. I once had
the chance to meet Mark Zuckerberg. When I met him, a thought occurred to me:
I could, right there... kill him. [audience laughs] I never thought I would
get so close. But would that really change anything? Us technologists are the
bearers of technological momentum. We make things happen, because the time has
come for them to happen. And now is the time for strong encryption and crypto.

[audience applauds together with Moxie]_

~~~
woah
I shouldn't judge based on a remembered, secondhand, out of context quote, but
this sounds kind of... pretentious.

~~~
justinpombrio
You might have read it backwards: the message was very humble. Moxie was
saying that he didn't deserve credit for what he had built, because if he had
not built it someone else would have. So his work was best thought of as a
product of history, rather than a product of Moxie.

------
tptacek
Moxie Marlinspike and Trevor Perrin. Most of the novel cryptography in Signal
Protocol is Trevor's; it's good for people to know who he is.

Reprising a previous thread:

The prizes went to Joan Daemen, for AES and SHA-3 (on stage, Levchin pointed
out that his interest in cryptography had been piqued by a xeroxed copy of DES
when he was in school, and that it was an honor to present an award to one of
the people who replaced the DES), and --- more notably, I think --- to Moxie
Marlinspike and Trevor Perrin for their work on Signal.

Last year's winners were Phil Rogaway (a cryptographer of repute comparable to
that of Daemen) and the miTLS team (of Triple Handshake, SMACK, FREAK, Logjam,
and SLOTH fame).

~~~
dom0
Trevor Perrin also went on and created the Noise protocol framework (of which
some protocols are quite similar to Signal).

~~~
RRRA
Interesting, didn't know he was also involved with that one.

Has anyone seen a table comparing Noise, Axoltl & OTRv4?

~~~
tptacek
Those aren't comparable.

Noise is a metaprotocol, a framework of patterns for building secure
transports.

Axolotl is a cryptographic ratchet construction, for continuously modifying
encryption keys as messages are transmitted.

OTRv4 is a complete message cryptosystem, like Signal Protocol.

------
yeukhon
Always wondered how Trevor Perrin looks like:

[https://www.youtube.com/watch?v=8A9Eto9iqww](https://www.youtube.com/watch?v=8A9Eto9iqww)

------
tptacek
Mods: a more appropriate title is "Moxie Marlinspike and Trevor Perrin win
2017 RWC Levchin Prize for Signal", and a more appropriate link would be to
pretty much anything but an individual Reddit comment; how about this one?

[https://www.linkedin.com/pulse/2017-levchin-prize-real-
world...](https://www.linkedin.com/pulse/2017-levchin-prize-real-world-
cryptography-max-levchin)

~~~
sctb
Thanks! We've updated the link from
[https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlin...](https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlinspike_receives_rwc_levchin_price_2017/dc11s2h/?sh=c7c0de08&st=IXZ2E3ZY)
and the title from “Moxie Marlinspike Receives RWC Levchin Prize 2017 for
Signal Protocol Invention”.

------
dlevine
should be "RWC Levchin Prize" (the reddit article is also incorrect).

------
Unman
While applauding the stated mission of Open Whisper Systems to make
cryptography usable by large numbers of people I think it is fair to hold
Moxie & Co. to the same high standards to which they held PGP:
[https://moxie.org/blog/gpg-and-me/](https://moxie.org/blog/gpg-and-me/)

    
    
        The journalists who depend on it struggle with it
        and often mess up (“I send you the private key to
        communicate privately, right?”), the activists who
        use it do so relatively sparingly (“wait, this thing
        wants my finger print?”), and no other sane person
        is willing to use it by default. Even the projects
       that attempt to use it as a dependency struggle.
    

Breaking this up into constituent parts and trying to guess whether those
standards are met seems to leave us somewhere in this territory:

1) Journalists communicating with WhatsApp struggle with it and mess up.

Given the confusion around under what circumstances one can communicate
securely with WhatsApp ("Is it OK if I have two checkmarks? Is it OK because
Facebook would never let a government have access to the RedPhone part?")

2) Activists who use WhatsApp do so relatively sparingly. I have no idea on
this one. I hope they're using Signal and/or GPG with all their attendant
bother, complexity and confusion though.

3) No other sane person is willing to use WhatsApp by default. Hmmm.. more
confusing value judgements. Is someone that uses a communication method open
to abuse by corporations and governments "sane"?

4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp
because it's proprietary and closed. So the user base can't scratch their own
itches. OK, so what about Signal? Sounds like the dependency on Google Cloud
Messages and Play Services can be hacked around with great difficulty.

I dunno. Fair play to Moxie and Perrin for what they've done, but so far GPG
looks like a better bet for actual secure end-to-end communication, using an
already existing, widespread distribution mechanism which is widespread and
redundant: email.

Reports of GPG's death may have been grossly exaggerated.

~~~
tptacek
Can you find a single practicing cryptographic engineer who will go on the
record as saying that PGP (in any of its incarnations) and email is better
than Signal Protocol for message encryption?

~~~
ethbro
If one is going to be paranoid, then one should at least be consistently
paranoid.

v1 of the internet as used now seems wildly naive of state surveillance.

v2 may be better, but if most traffic goes encrypted, then there are going to
be a lot more attacks (both legal and extra-legal) against the nuances of
implementations.

v2 is certainly an improvement on v1. But one of the reasons v1 was deployed
is because we believed things like "The US government would never tap traffic
at the backbone" or "The US government would never tap private links between
data centers."

Valuing both, I think it's important to keep eyes on the future so in 10 years
we don't look back on statements like "The US government would never compell
Google / Microsoft / Facebook / Whisper to distribute a poisoned version of
their application" with the same amount of surprise.

~~~
tptacek
I don't understand what this has to do with whether we should use risky, leaky
cryptosystems like PGP over things like Signal that were designed specifically
to deal with these threats.

~~~
ethbro
I'd agree with the top of Unman's comment about striving for more, while
disagreeing with the bottom.

Signal is better than PGP.

Running crypto without PFS in this threat environment is an irresponsible bet
to make with data.

My point was that failing to continue to maintain vigilance, even if it sounds
paranoid, is also irresponsible. Unless one is willing to be that we have a
perfect crypto system, some amount of humility (as evidenced by Moxie's
speech) is warranted. Else we'll be talking about Signal in 20 years in the
same way we're talking about PGP.

