| Zero days, backdoors and unknown cryptanalytic capabilities have similar if not the same effect on centralized systems. I am skeptical about open source efforts being a match for (tens of) thousands well-paid professionals working for well-funded organizations, 5 days a week, year after year. It just doesn't make sense that point efforts of few can accomplish anything sustainable and effective against such adversary. Yes, open source people are brilliant, heroic, etc. It doesn't matter. These efforts need to be distributed from dozens to tens of thousands, and that will begin to be the match for the organizations we are dealing with. To eliminate all issues and pushbacks about basic security of home-brew crypto (although I think that in the big picture it doesn't matter - you are either targeted or they don't have resources to figure out your particular ROT-17.5), it should always be used on the top of your favorite official crypto stack. So don't worry about being inferior to AES - use AES as well if you trust it. Home-brew crypto works. In the latest Stone's film, the whistleblower takes out flash storage hidden in Rubik' cube. It needed to work only once, for him. If it is important, people will do it. In the big picture, we may be dealing with the elitism of brain-work. It feels warm and fuzzy to be a member of an elite group helping billions. But as in other human enterprises, the real and sustainable success happens only when such brain-work gets widely distributed. While not the easiest thing in the world, crypto is not esoteric rocket science, and the notion that those few that had to resort to programming for living and fun are somehow more mentally capable than the rest 99.9999% is pure bs. These threads illustrate some of these points: https://github.com/LibreSignal/LibreSignal/issues/37#issueco... https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.htm... |