Porting Godwin's Law to the field of cryptography.

19 August 2013

On the Internet, there exists a meme called Godwin's Law. Simply put, "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one," (where probabilities are specified as floating point values between 0.0 (0%) and 1.0 (100%)). It is usually at this point that the discussion is considered completely derailed and no longer worth following.

It seems that a similar phenomenon is occurring more and more often in the twenty-first century, in which online discussions of cryptographic or security software will eventually lead to someone bringing up Ken Thompson's famous paper Reflections on Trusting Trust as a way of refuting the notion that any software you care to name could plausibly have been backdoored because a cleverly subverted toolchain can not only backdoor the security software during compilation, but can also reinstall the backdooring functionality if it detects that it's recompiling itself. It is assumed that everyone taking part in the discussion will not go to the trouble of writing their own toolchains from scratch, thus almost ensuring that all of the code in question is free from tampering.

Therefore, I propose forking a version of this meme called Thompson's Law: As a discussion of cryptographic software grows longer, the probability that someone will mention a self-backdooring, backdoor installing toolchain can be used to compromise said software approaches one.

I further propose that, when this happens, one participant (and only one) replies with the word "Cheers!" and nothing else, because at that point really the only thing left to do is go to the pub.