> You should absolutely avoid public-key crypto, including public-key key agreement schemes like Diffie-Hellman, if your needs don't absolutely require them.
Is there an alternative to public-key crypto? We all need to do stuff online.
This works if physical contact is available and parties are trusted (even the weakest literal reading of fourth amendment says "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures," -- exchanging a key token counts as such).
Yet what of basic online communications where key-exchange is necessary and where we have very little say about the protocols involved?
You probably know what I was getting at. Public-key crypto is very important in today's world. If we can't use the current system, we need something to replace it. Pre-shared keys is for a different scenario.
You are missing both Schneier's point and mine. The point is that if you can contrive of a way to (perhaps inconveniently) pre-share static keys, you should consider doing that instead of relying on number theory to protect your secrets.
> The point is that if you can contrive of a way to (perhaps inconveniently) pre-share static keys, you should consider doing that instead of relying on number theory to protect your secrets.
No I got that just fine. As you know, I'm suggesting that not using public-key crypto or something else for the same purpose is impractical.
Nerdnit, but it's not like AES is based on some wholesome certified organic granola theory to the exclusion of number theory. Number theory didn't wait around 2+ millennia to be useful only to be dissed like that, man!
and you are conveniently missing his point. If we were to throw away public key technology today and say 'Only pre-shared keys' some significant portion of the internet would simply be unencrypted. What do we do about that?
> We could all start swapping 1TB drives full of random noise.
This is "sort-of" what I've come to think Miranda was facilitating for Greenwald - it makes little sense that the purpose was for him to mainly carry documents, as while the documents would be more secure if he was not stopped vs. transferring them via the internet, they would have had to consider the possibility that he might be.
But if you pass along a lot of random data, then if it never leaves your possesion, you can be reasonably sure that that data can be safely used as a source for one time pads or keys. If it gets intercepted, then so what? You just ignore that batch of data even if it is handed back to you.
This would be doubly interesting, as it would mean the key he was carrying for the one file would be a smoke screen of sorts.
Of course, with UK law saying they can detain you indefinitely until you hand over your keys if they think a file is encrypted, that might not be a good move... though obviously in retrospect they didn't make use of that here.
Is there an alternative to public-key crypto? We all need to do stuff online.