HEREWITH: a _different_ argument about why it's easier to put a man on the moon than to have backdoorable cryptography at scale. This fine article got posted by Techdirt a couple days ago…
And it has received reasonable praise, commentary, and dad-jokes from the usual crypto suspects:
And it quotes the highly respectable @mattblaze who as-ever properly demolishes the argument on its own terms of groundless aspiration:
…but for the geeks amongst us, there is something missing: a pointlessly detailed technical takedown. So #letsDoThis, and we barely have to lift a finger.
Aside: amongst my other attributes, I am genuinely a qualified astronomer —with a crappy degree because hacking, journalism and alcohol proved more amusing and remunerative; but at least I have 40 years of thinking that huge numbers are really cool:
But it's morning, and I don't want to do much work to justify this, so go read this posting on Quora about "how many digits of Pi are necessary to hit the moon" - the answer is probably best characterised as "less than 10": quora.com/How-many-digit…
Let's say that's scaled-integer arithmetic, so in terms of bits that's about log2(10^10) which Google says is 33.21 bits; let's round that up to 34 bits; so we're talking about hitting a target with 1 in 2^34 bits of accuracy; that's a bit like 34-bit symmetric crypto, isn't it?
So a moonshot is not even the 40-bit cryptography which the US declared to be the exportable world standard back in the 1990s; a moonshot is less than 1/64th as complex as the weakest of weak-ass crypto that the world could be permitted in 1999: en.wikipedia.org/wiki/40-bit_en…
Given that the current "weakest viable" crypto is 128-bits, the fraction of numeric scale that a moonshot would require is 1 in 19,807,040,628,566,084,398,385,987,584 - apparently that's "19.8 Squillion" or something, because "1 in 19.8 million million million" sounds dumb.
If everybody on the planet (7.5 billion people) had a phone using 34-bit cryptography, you could assign 1 encryption key per phone, and have 1 spare in case it was compromised. That's about all - there are fractionally more than 2 keys available per phone:
Long story short: moonshot-grade mathematics provide way too little headroom for reasonable cryptography at scale; and anyone who doesn't understand this really needs to go watch "Powers of 10" a few times: en.wikipedia.org/wiki/Powers_of…
Before anyone else needs to: @threadreaderapp unroll, please
ERRATA:

19,807,040,628,566,084,398,385,987,584 is 19.8 octillion, probably; but also

19,807, - 19.8 thousand
040,628, - million
566,084, - million
398,385, - million
987,584 - million

or

19, - 19.8
807,040,628, - billion
566,084,398,- billion
385,987,584- billion
Amazingly, it's also about 1% of the mass of the Sun when measured in Kilograms
So: basic-quality modern-day symmetric cryptography is at least 19.8 octillion times as secure as a moonshot, assuming this terminology holds:

19, - oct
807, - sept
040, - sext
628, - quint
566, - quad
084, - trillion
398, - billion
385, - million
987, - thousand
584 - unit

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

Oct 5, 2018
Re: @timberners_lee's #Solid / @SolidMit

Hi @robertscammell!

More interesting that Facebook, I used to work on TheMine!Project*, a highly influential, much-plagiarised & ultimately unsuccessful stab at personal information stores, from 2006-2011.

*themineproject.org
If you want to know my opinion of how @timberners_lee's #Solid will impact "tech giants", watch this video (actually, x3) from 2010; the bulletpoints are:

- facebook killers, aren't
- there's plenty of room for alternatives
- first it must grow

The media loves zero-sum, david/goliath stories, and thereby often causes doom ("ello") & even tragically suicidal levels of stress ("diaspora*") to people who are foolish enough to pitch themselves/their platforms as the antithesis of "social media giantism; so do please beware.
Read 7 tweets
Sep 4, 2018
Australia: "The Assistance and Access Bill 2018" - the people of Australia have SIX DAYS in which to register their feelings on encryption back doors: homeaffairs.gov.au/about/consulta… #straya #endtoend
A Bill for an Act to amend the law relating to telecommunications, computer access warrants and search warrants, and for other purposes #otherPurposes
A technical capability notice may require the provider to do acts or things by way of giving help to ASIO or an interception agency in relation to…
Read 13 tweets
Aug 5, 2018
Hey! You remember that piece where I was randomly asked to respond in a 2…3 hour window, about "fixing" Facebook? Well, it's out, and I've found it!
And, of course, like every other Associated Press piece, it is broadly republished in many newspapers, under mostly-the-same-headlines:
You get the same copy at CTV in Canada:
Read 11 tweets
Jul 30, 2018
<pops open bonnet of car>
Mark: "There you go, there's the engine. 4 cylinder petrol engine"
@CommonsCMS: "Where are the horses?"
Mark: "Horses?"
CMS: "We heard it's a 100 Horsepower engine."
Mark: "That's just a metaphor…?"
.@CommonsCMS: "No, we know there are horses. That engine is a black box. You're not being transparent about where the horses are."
Mark: "But that's not how cars really work…"
CMS: "Everyone knows that cars are driven by horsepower. We want to see the horses." #algorithms
Author's Note: this may sound like whimsy, but it's only a few years since I had the following conversation with a member of a London-based "civil society" campaigning organisation:
Read 9 tweets
Jul 9, 2018
While we're on the topic of scale: every so often I have the misfortune of having to listen to some politician or former civil servant* demanding that people "NEED TO LEARN THE VALUE OF THEIR PERSONAL DATA, GODDAMNIT!".

*eg: ex-GCHQ
This one can be quite quick:
- Facebook
- About 2 Billion users
- Annual revenue 2017: $40.653 Billion

prnewswire.com/news-releases/…
Here's simple division as a rough guide: your data is worth about $20

About $20 per annum per user.

Let's implausibly assume that you're a heavy user, and are worth double that, so that you're actually worth $40; that means your value to Facebook would be (40/12) = $3.33/month.
Read 5 tweets
Jul 7, 2018
Regards #Article13, I wrote up a little command-line false-positive emulator; it tests 10 million events with a test (for copyrighted material, abusive material, whatever) that is 99.5% accurate, with a rate of 1-in-10,000 items actually being bad.
For that scenario - all of which inputs are tuneable - you can see that we'd typically be making about 50,000 people very upset, by miscategorising them as copyright thieves or perpetrators of abuse:
But let's vary the stats: @neilturkewitz is pushing a 2017 post by very respected fellow geek and expert @paulvixie in which Paul speaks encouragingly about a 1-to-2% error rate; let's split the difference, use 1.5% errors, ie: 98.5% accuracy: circleid.com/posts/20170420…
Read 23 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(