Alec Muffett Profile picture
everybody deserves good security. see also: @alecmuffett@mastodon.social

Jul 27, 2018, 15 tweets

HEREWITH: a _different_ argument about why it's easier to put a man on the moon than to have backdoorable cryptography at scale. This fine article got posted by Techdirt a couple days ago…

And it has received reasonable praise, commentary, and dad-jokes from the usual crypto suspects:

And it quotes the highly respectable @mattblaze who as-ever properly demolishes the argument on its own terms of groundless aspiration:

…but for the geeks amongst us, there is something missing: a pointlessly detailed technical takedown. So #letsDoThis, and we barely have to lift a finger.

Aside: amongst my other attributes, I am genuinely a qualified astronomer —with a crappy degree because hacking, journalism and alcohol proved more amusing and remunerative; but at least I have 40 years of thinking that huge numbers are really cool:

But it's morning, and I don't want to do much work to justify this, so go read this posting on Quora about "how many digits of Pi are necessary to hit the moon" - the answer is probably best characterised as "less than 10": quora.com/How-many-digit…

Let's say that's scaled-integer arithmetic, so in terms of bits that's about log2(10^10) which Google says is 33.21 bits; let's round that up to 34 bits; so we're talking about hitting a target with 1 in 2^34 bits of accuracy; that's a bit like 34-bit symmetric crypto, isn't it?

So a moonshot is not even the 40-bit cryptography which the US declared to be the exportable world standard back in the 1990s; a moonshot is less than 1/64th as complex as the weakest of weak-ass crypto that the world could be permitted in 1999: en.wikipedia.org/wiki/40-bit_en…

Given that the current "weakest viable" crypto is 128-bits, the fraction of numeric scale that a moonshot would require is 1 in 19,807,040,628,566,084,398,385,987,584 - apparently that's "19.8 Squillion" or something, because "1 in 19.8 million million million" sounds dumb.

If everybody on the planet (7.5 billion people) had a phone using 34-bit cryptography, you could assign 1 encryption key per phone, and have 1 spare in case it was compromised. That's about all - there are fractionally more than 2 keys available per phone:

Long story short: moonshot-grade mathematics provide way too little headroom for reasonable cryptography at scale; and anyone who doesn't understand this really needs to go watch "Powers of 10" a few times: en.wikipedia.org/wiki/Powers_of…

Before anyone else needs to: @threadreaderapp unroll, please

ERRATA:

19,807,040,628,566,084,398,385,987,584 is 19.8 octillion, probably; but also

19,807, - 19.8 thousand
040,628, - million
566,084, - million
398,385, - million
987,584 - million

or

19, - 19.8
807,040,628, - billion
566,084,398,- billion
385,987,584- billion

Amazingly, it's also about 1% of the mass of the Sun when measured in Kilograms

So: basic-quality modern-day symmetric cryptography is at least 19.8 octillion times as secure as a moonshot, assuming this terminology holds:

19, - oct
807, - sept
040, - sext
628, - quint
566, - quad
084, - trillion
398, - billion
385, - million
987, - thousand
584 - unit

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling