Lucky is to be commended for igniting a neglected aspect of the crypto wars: what happens to cryptosystems over time after they have been invented, tested, criticized, vetted and conditionally trusted, then gradually widely distributed as the best available under practical usage, then compromised by direct attack or undermining from within -- the cycle of all previous cryptosystems.
This inevitable vulnerability comes about for the reason Lucky states: sloppiness, laziness, inattention to keeping up with new means of attack, desire to exploit markets based on widespread public and institutional trust, and, not least, succumbing to the stigma of "being too paranoid." Attackers of cryptosystems count on this. Inventors of cryptosystems dread gradual decline in their successive implementations, if they continue to care about security and are not enjoying the economic fruits of success and to hell with authentic security, so what if there are a few hundred victims, collateral damage, think big, think Wall Street. Any well-known and trusted cryptosystem should be highly suspect of being compromised, and total reliance upon it is immensely foolhardy. That is why no "military grade" cryptosystem is wholly trusted by the military in times of war or when war is threatening, which now means all the time. If you are at war with government no government-approved cryptosystem is to be trusted, which means no system in most countries and certainly not in the US. And no commercially successful cryptosystem is to be wholly trusted for its success rests in part on its acceptance by government -- still the prime purchaser of such systems and maker of markets. We will learn someday of currently trusted systems, as we have of those in the past, more or less when they were compromised. "More or less" reflects that the greatest cryptosystem deceptions of the past 100 years are still classified and will remain so in order to not disturb blind faith in accessible, practical comsec. Without blind faith in comsec, intelligence gathering would be much more difficult for few would transmit their most valuable secrets via trusted systems. And even those who, like Lucky, advocate stronger implementations, remain vulnerable to weaknesses of their correspondents' usage -- who may quote Lucky's transmittal in response, send it to others without Lucky knowing, tamper with his information, violate his trust wittingly or otherwise. One could argue that the increased use of crypto has enhanced intelligence gathering despite government protests widely disseminated to induce trust in the systems, again as with prior deceptions. Too little sustained testing of trusted systems is done in the private realm, and there too little skepticism of widely used systems by enthusiasts and market makers. Here's to Lucky for reminding of the price of success, for pointing to how the crypto wars have gone deeply undercover where they usually are fought without mercy and never with courteous discourse.
