Hacker News new | past | comments | ask | show | jobs | submit login

> I think he is intending to argue that the quality of the encryption should be tiered, that "consumer" comm crypto should be weaker than business operations crypto should be weaker than gov't crypto. If so, I think this is a bad policy.

I don't think this is strange, since this is how it works in physical. A home has a simple lock, a business a few better ones and a security system, and a military base has 24/7 armed soldiers on guard.

Impossible to do right now for encryption of course.




There are issues of scale that make that a poor analogy. You can't leverage a botnet to automate attempts to pick the locks of every home in the country. Nor can you pick a normal lock from thousands of miles away. Even if you get inside, you can't duplicate the entire contents of a house in a matter of seconds to rifle through later, and it's darn near impossible to break in and rummage around without being detected.


Indeed, and I suspect that's part of where the mentality comes from. One could argue that said simple hierarchy is appropriate for the threat model in most cases in the real world.

Where this falls down, is that if my threat model is different, rightly or wrongly, I can still change the locks on my home to something more fitting the threat model. If we were to try to fit the crypto policy that that Barr seems to want to real-world locks, then that could get problematic, quicky. I want to lock my hunting rifle's case with an Abloy, because using the toy locks from Home Depot is fucking irresponsible? Nope, not allowed. That's miltary-grade; civilians don't need military-grade tools. Requiring one be a business before one can get/use moderately-strong encryption could all too easily become a regulatory burden that causes a lot of small and medium businesses to become less secure, and further entrench the largest companies. And as the current top root-level comment points out, it would make getting blackmail on the rich and powerful that much easier.

I think it should remain impossible to do for crypto, because as another reply to you points out, the real world differs from the digital world in important ways. Trying to force the digital world to be more like the real world is likeable to make both suck more, not less.


If you put secret things in a military base. But then move them away and 5 years later the locks are broken there's nothing there anymore.

The physical world can't have all locks past, present and future broken simultaneously across the world, possibly without you knowing.

Knowingly and arbitrarily weakening encryption is risking those stakes for IMO not a good enough reason.

About the only things in common thinking about physical and digital security is the word security.


But that's just an artifact of the available resources. There is no law that prevents you from putting a better lock on your home or even hiring armed guards to protect your residence. Are you arguing there ought to be?


> I don't think this is strange, since this is how it works in physical. A home has a simple lock, a business a few better ones and a security system, and a military base has 24/7 armed soldiers on guard.

Yes, but this is not how it works in cryptography and there's no reason it has to. Should we deliberately weaken crypto systems so that they work similarly to some other arbitrary system? The question seems to answer itself.


That does seem to be the policy for copyright..




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: