And two years go by...

It's been quite a change, moving away from the supercomputing industry. A lot less stress, better hours. I miss working closer to the hardware, but what are you gonna do?

I've set up my Linux system at home to be a Steam Machine, and I have the Steam Controller which I'm really quite impressed with. It's nice to see Linux taking off as a gaming platform.

I've also recently updated my GPG key, as well as got a hardware random number generator for my systems. Originally, I was thinking of making my own, but as I learned more about random numbers, the more I learned it was out of my league. Random numbers are actually very, very hard.

I did find one really nice product that's not quite open, but very polished and by a team who is very familiar with analog electronics (and noise): Voicetronix. They make VoIP cards for computers, and are one of the ways you can use VoIP with Asterisk, an open source VoIP solution. 'Course they're usually worried about the other side of randomness and noise… but I digress. The big thing is they have Linux support, and the software is completely open. It's also a device which exposes the raw data to the operating system, so any program can read the raw data from the device. (Many hardware random number generators "whiten" the entropy from the device by pumping it through a CSPRNG (random number generator) to make it statistically "white" — no number appears more than any other. I like being able to audit the raw input, and only then worry about whitening the data before passing it to the OS.

After visiting one of the maker's sites, I found that they discussed pretty much all of the things I had researched. I'm not sure which I liked better — that they were so thorough in documenting what they are doing, or that I had figured out the issues.

Either way, the hardware is a BitBabbler. It's a USB device, and comes with drivers for Debian which will feed entropy into /dev/random when it gets below a watermark. They have two models: The White, and the Black. The difference? The white has four sources, and has 4x the data rate. So it's a choice of ~650 kib/s or 2.5 Mib/s I actually have both…

I've also updated my site so it's SSL-enabled, thanks to Let's Encrypt. It wasn't completely painless, but it wasn't too bad with my web host provider. It is kinda funny to think about, though: All of the documentation stresses keeping your private key secret… well, if you use a hosting company, they need your key to be able to use it. So it's semi-secret. I wouldn't use it for commerce, but it is good for anybody worried about whether files I host have been altered in transit.

That and it gives the finger to any organization sniffing traffic. I don't exactly expect to ever have any issues being involved with sketchy organizations, nor do I really expect to have any embarrassing or incriminating secrets in my life. But privacy is an human right, and it should always be an option to use encrypted communications that nobody can eavesdrop on.

Anybody who wants to have a backdoor to encrypted data needs to be educated. First and foremost, it's not a genie they can put back in the bottle, and hasn't been from the moment humans began writing. You might as well outlaw using fire to cook.

The Clipper chip was one such effort, attempting to mandate key-escrow encryption (a government backdoor). In response, the development of many highly secure cryptosystems that were freely available (both in terms of knowledge and as a downloadable program) were created. These freely available encryption systems are now the standards for encrypting our data on the Internet - SSL, TLS, S/MIME and OpenPGP. Then, as now, as long as a truly secure option is free and available, nothing a government can mandate can stop it. At the end of the day, individuals want their private data to be safe, and companies want to create products which will deliver security.

Additionally, a group of leading cryptographers published a paper in 1997 (nearly twenty years ago) that covered not only the weakness of the Clipper chip's Skipjack cipher, but also of the vulnerabilities of implementing any key escrow system. It's just not possible to create a mythic beast that's both secure against tampering, and will allow government escrow.

Even if a mythical 'secure' escrow crypto system is created, and a government tries to mandate it, all that will happen is people will use an encryption app (without a backdoor). There's just no way it can possibly work against anybody who wants to keep a secret. The knowledge is freely available, and too widespread.

It's not that I want some criminal or violent group to harm other people, it's that I know just enough about encryption to be able to say that it's not possible for the pipe dream of a key escrow crypto system to ever work.