Path: nntp.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Rich <rich@example.invalid>
Newsgroups: sci.crypt
Subject: Re: AI's take on my cipher...
Date: Sun, 13 Jul 2025 14:11:11 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 59
Message-ID: <1050epu$2q09e$1@dont-email.me>
References: <1049c0q$10d0c$1@dont-email.me>   <104hp5s$363bm$1@dont-email.me> <e80d25a08cb77a726c77b8359c59833f871cfa1e@i2pn2.org> <104mgv5$cvfq$1@dont-email.me> <047c88f47daa342fbbf7aee669a3deb8896ce6af@i2pn2.org> <104mj60$dltj$1@dont-email.me> <4b6e233e7c3fb669fa324151f627c4addbfc9f70@i2pn2.org> <104r7eo$1i08p$1@dont-email.me> <95a6f265f6bdddcd037a7e48cf5258e77cec9b15@i2pn2.org> <104uecv$2ak1k$1@dont-email.me> <8e54a93978459bb7baa6896adc62508b9deb7d78@i2pn2.org>
Injection-Date: Sun, 13 Jul 2025 16:11:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="98d3fbcbb0287bbd0d73a29a092f1053";
	logging-data="2949422"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18PDNChsgvi0DdFE9N29itT"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:oSZv+1cWMnVkMgt5hFMpiisxV7c=

Stefan Claas <stefan@mailchuck.com> wrote:
> Rich wrote:
>> Stefan Claas <stefan@mailchuck.com> wrote:
>> > Richard Heathfield wrote:
>> > > On 10/07/2025 18:19, Stefan Claas wrote:
>> > > > Chris M. Thomasson wrote:
>> > > > > On 7/9/2025 12:53 PM, Stefan Claas wrote:
>> > > > 
>> > > > > > How does it work if A encrypts on local host and B should 
>> > > > > > decrypt on his local host, with that given link from A
>> > > > > 
>> > > > > Wrt the online version:
>> > > > > 
>> > > > > A needs to send/give B the ciphertext somehow, email, snail 
>> > > > > mail, somehow, hand signals, ect...  ;^) Then B, assuming that A 
>> > > > > and B have the same secret key, can use said ciphertext to 
>> > > > > decrypt it.  So, if you notice the online program has a 
>> > > > > ciphertext only, without a link prefix.  Say this example: I am 
>> > > > > encrypting the message on my local host using the default key:
>> > > > 
>> > > > But how, for example, would you give me the secret key, from the 
>> > > > USA to Germany, without meeting in person?
>> > > 
>> > > Diffie-Hellman can establish a secret key in public.  Then 
>> > > authenticate over an encrypted channel.
>> > 
>> > I know, but how do you protect the key on your online device against 
>> > Pegasus or FinSpy?  For proper encryption two parties have to do it 
>> > offline, but GnuPG users could never learn it, because it was never 
>> > explained to them.
>> 
>> Nor will anyone else who falls into the "average computer user 
>> category" and thinks the "I have nothing to hide" excuse is valid.
>> 
>> You are not fighting "encryption" here, you are fighting the fact that 
>> few care enough and are motivated to learn.  And that battle will not 
>> be won by better cryptography, nor by better user interfaces.  The only 
>> way those folks will use "secure means" is if the secure means happens 
>> all automatically, by default, without their knowledge, for them.
> 
> And you know very well that this will not happen, because companies are
> not willing to defeat this known issue

Never said I expected it to happen.  What I said was the only way for 
it to happen for any but the select few who are motivated was to have 
it present by default so they don't have to do anything.  That's not a 
statement that companies would therefore provide such.

> and only offline encryption and decryption is the way to go, for 
> secure communications.

That avoids (mostly) the issues of the "encryption computer" becoming 
infected without your knowledge.  But the moment you point out to an 
"average joe" who buys into the "if you have nothing to hide" 
smokescreen, that to communicate with encryption they have to have an 
air-gapped computing device and transfer the encrypted data over to 
that device to decrypt, you will lose 99.9% of your audience.  They 
simply will not be willing to put in the effort to do this.