How could we ever know that we have a “good” cipher, or how “good” it is?

  • There is no way to measure strength for an arbitrary practical cipher.

  • Theoretical strength “proofs” almost never apply in practice.

Nobody “on our side” can know that our ciphers are “good,” no matter how well-educated, experienced or smart they are, because that is determined by adversaries in secret.

Conventional cryptography often instils belief in “known” cipher strength, ignoring logic and lessons learned while a state of metanoia plays into the hands of potential adversaries. A healthy dose of paranoia without landing ourselves in a state of (over)protectionism is required.