Yep. Cory Doctorow has talked about this: how the universe "makes it easy" to secure communications because mathematically, it's really easy to encrypt (verify that a number is prime) and really difficult to decrypt through hacking (factor a huge prime number).
And because of that, outlawing encryption is really outlawing math, which is ridiculous. Math is a universal API everyone has access to simply by existing. You can't outlaw math.
Do you have a link to that? Because I know a guy who really needs to counterpoint it. High-security engineer, Clive Robinson, always said security is about physics if you look at it down to the hardware. The physics try to connect things in ways you didn't see coming. That allows unauthorized communications. The physics also try to corrupt the operation of your chips. That compromises computational security mechanisms. Even encryption algorithms had tons of problems when they were implemented to the point that it takes pro's with years of experience to implement them with any assurance. Those are often broken later.
So, if Doctorow said that, he couldn't be further from the truth. The universe seems to do everything it can to make security difficult via physics itself. Throw in economics and biology (evolving malicious attackers) to top the argument off.
Security != encryption in every case. What you're describing is actually also what makes encryption stronger/easier than decryption:
A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key). You can't change that and this is basically what makes encryption so much stronger than decryption.
Only two sentences were about encryption. The others mainly covered the foundations, like kernels or MMU's, encryption depends on or can be bypassed with. You should look up TEMPEST Level 1 safes, PC's, peripherals, and rooms. That's just EMSEC part tgat requires all thst because physics fights us. Then, look up NSA Type 1 hardware and physical separation with Red/Black model to see how you start on endpoints. Rad-hard and fault-tolerant circuitry too where you'll see probabilities instead of certainties.
Add it all up to say that, outside a few products, your security mechanisms from CPU go crypto arent secure. Physics and intrinsic complexity work together to ensure this. Systems fighting all of it have less features, are heavy, more manual steps, less battery life, and cost several times more. Economics takes over there where physics leaves off.
"A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key)."
A priori there's electrical signals going through analog and digital circuitry that implements a form of it with malicious hardware, software, or networks connected to it. There's tons of ways to intercept or leak those secrets. These are not in the formal model of crypto. Once included, the picture changes considerably and leans my way.
Except of course I can create an unbreakable encryption with two pieces of paper and a pencil by constructing a one-time pad. And that encryption has nothing to do with computers except for the fact that doing encryption by hand would take ages these days and we therefore choose to delegate it.
The fact that our computers are too unreliable to be trusted with encryption does not mean that the universe does not favour encryption.
Unless you constantly keep inventing malicous hardware or hidden 'observers' in the paper and pencil scenario there's no way you can say that decryption is easier than decryption.
I saw that counter coming. A little bit different, better argument. Several things in here. So, let's look at them.
re paper encryption
That was defeated regularly in the Cold War in a number of ways. Easy or not, the mathematical proof didn't translate directly into the real world due to human issues and physical ones like intercept or observation. FBI's crypo unit has been defeating custom pencil and paper ciphers of criminals for a long time, too. So, we can say the best, provable encryption makes the job more difficult if no observation of the act of encryption, KEYMAT, or decryption take place. That's a lot more limited than mathematicians pronouncements imply. ;)
re universe
"universe does not favor encryption"
Oh, I think it doesn't. For one, encryption only happened one time in known universe that we know of. When it did, it screwed up more often than it worked. Then, even the best forms are defeated by stuff above thanks to other properties of the universe. Universe seems to favor plain text to me. Its own codes are plain to observe, too. Obfuscated at worst.
re computers
That was a nice dismissal but computers are the whole point, right? We talk encryption that we're going to use on a computer most likely. Then someone says some stuff like how we can trust the math. Then I have to point out we run electrical impulses representing machine instructions, not math. Then the conversation drifts to pencil and paper or arcane stuff.
At least you admitted we can't trust the math on a computer because it doesn't represent what it does. Often not on pencil and paper either or in speech if under surveillance. So, we can't trust the math at all. It's always math + all kinds of circumstances and methods. Even then, we can only trust it with probability C as in odds of Compromise.
I'd have to disagree. I think the interview process desperately needs an injection of pragmatism. If the actual job never requires Big-O analysis, then asking it during the interview is a waste of time. I've never had to do Big-O analysis in the real world, but I have had to fix N+1's. Ask about that.
Maybe I'm missing something but isn't N+1 the difference between O(1) and O(n)?
Edit: Anyone want to explain how I'm wrong rather than just downvoting?
Edit 2:
Understanding a N+1 problem is the equivalent of understanding the difference between O(1), i.e. fetch all data with a constant number of queries, versus O(n), i.e. the number of queries scales linearly with the number of elements.
I have the same feeling toward them. They're chosen for the same reason new technologies are often chosen: because they're new. The people doing the choosing aren't concerned with effectiveness or improvement, only that they're keeping up with the cool new thing.
Couldn't agree more. The "innovations" SV has brought to the interview process are more to satisfy the need to "disrupt" the traditional way of interviewing, with no thought to whether they're actually improvements. Take-home tests that are 8 hours long, talking to 14 people over 12 hours (actually happened to me), and tricky questions that will never happen in the day-to-day at that company: all useless and/or unfair.
Exactly. And this is why surveillance is so difficult to fight. The actions are far removed from the consequences, and the public just isn't very good at long-term planning. But we can't wait for the negative effects to show, because by then it'll be too late.
I have to say, I hate take home tests. They move all the burden of time commitment onto the candidate. And even if the question says it should take 2-3 hours, there's a game theory situation where you have to assume others are spending more than the recommended time to make their answer more polished, forcing you to spend more than the recommended time.
Finally, companies never pay you back appropriately for your time investment. If you fail the question, they don't give you a detailed report of why you failed. I'll always politely turn down a take home test.
