Topic: How long will existing encryption last? - page 2. (Read 2214 times)

From all the above, we can conclude that humanity lives by faith.
Modern cryptography is not an exception, but a confirmation of this rule.
The concept of encryption will live exactly as long as the absolute majority will trust this assumption.
It should be noted that the absolute majority of people do not understand anything about the problematic issues of modern cryptography and will never understand.
That's the way a person works. If he does not understand something, he does not try to understand it, but looks at people around him, who do not understand it as well as he does. And the herd feeling, the instincts, conquers everything else.
If someone separates himself from the herd and starts doing things differently from the majority, has his own opinion, he will be branded as he wants, no one will go into unpopular discussions about generally accepted things.

Long live modern cryptography, human delusions and herd mentality. In this religious atmosphere of trust, there is no place for reason.   

-----------------
Information about the existence and use of working quantum computers - can not be publicly available, because in the world there is a global information confrontation, cyberwar.   
And like any war, there are secrets, secret developments.
Why do we always expect to be told everything, informed?
No, of course not.
Here's an example that confirms my speculation:
"Speculation on the subject intensified when NASA published a document on the site, but soon deleted (a copy available to ForkLog) a document with insider information about Google's success in the direction of the existence of a working model of a quantum computer and the company's achievement of "quantum superiority". In the media, the information was replicated by the authoritative British publication The Financial Times.

And it's still unclear why cryptography was separated:
- one cryptography for all of us;
- a second cryptography that we don't have access to.


Commercial cryptography must be based on the same standards around the world.
But state standards for cryptography are much better, they cannot be distributed anywhere, they will only be used within state structures.

And despite the high level of protection of state cryptography, they must be updated every five years (at the algorithmic level).

Then it is even more interesting.

Commercial structures should not have access to this algorithm itself. Thus, it will be possible to apply simultaneously public "commercial" algorithms - for us, simple and naive, and completely different algorithms for the chosen ones.

Of course, skeptics will immediately argue that state secrets are very serious, so the cryptography is different.

My answer to this is this: why, then, at the NIST open competition, which is held on the post quantum encryption systems, starting from 2015, are not accepted systems based on the same principles as modern RSA and ECC?

1. There was no direct threat from quantum computers back then.
2. Even then (2015) leading experts in cryptography warned that no key length would save modern commercial systems if at least one was cracked. This is a hidden explanation of the fact that these systems are afraid not of Shore algorithms, which only simplify the complete search for the key, but the achievements of cryptanalysis.
3. Why all ECC patents from Koblitz and Menezes, previously purchased by the NSA, were forgotten without explanation when the results of research by UK mathematicians became known in 2016. This study was ordered by the NSA itself.

Koblitz and Menezes have every reason to consider themselves competent in the field of cryptography on elliptic curves, but they did not hear absolutely anything about new hacking methods that compromised "their" crypto scheme. So everything that happens around ECC amazed mathematicians extremely.
People who have close contacts with this industry know that large corporations that provide cryptographic tasks and equipment for the US government always get some kind of advance warning about changing plans. But in this case there was nothing of the kind.

Even more unexpected was the fact that no one from the NSA addressed the people from NIST (USA), who are responsible for the open cryptographic standards of the state.

The ETSI/IQC International Symposium on Quantum Secure Cryptography (in 2016), from which this story began, has several notable features.
Firstly, it was very solidly represented by the heads of important structures, special services of Great Britain, Canada, Germany. All these national special services are analogues of the American NSA. However, absolutely no one was mentioned explicitly from the NSA. And this, of course, is not an accident.

This event is interesting for the reason that there was a highly unusual report on behalf of the secret British secret service GCHQ (P. Campbell, M. Groves, D. Shepherd, "Soliloquy: A Cautionary Tale"). This is a report from the CESG information security division, which was personally made by Michael Groves, who leads cryptographic research at this intelligence agency.

It must be emphasized here that it is completely uncharacteristic for people from the British special services to talk about their secret developments at open conferences. However, this case was truly exceptional.

The story of the great cryptographer CESG speaking at the public symposium was extremely sparsely covered in the media, and the slides of articles and presentations about Soliloquide can only be found on the Web for those who know very clearly what they are looking for (on the ETSI website, where these files are exclusively found, there are no direct links to them).   

Details can be found here, second post dated December 04:
https://bitcointalk.org/index.php?topic=5204368.40.

For these reasons, we conclude that there may be both unknown quantum devices and a secret mathematical apparatus that unambiguously compromises all modern commercial asymmetric cryptography.

Really,  i only knew that one from you.  If that was reslly then it would be amazing somehow because we dont need to worry more.  Base on my research most people really dont know if encryotion will last or not because no one controls it.

This is a reply to an earlier post in this thread, but still relevant:

I think the problem is that it has not been proven that no efficient algorithm exists to do prime factorization of large numbers, which is what RSA is all about. ECC might be similar or something else entirely since they use smaller numbers.

Many areas of mathematics and computer science have been brought to bear on the problem, including elliptic curves, algebraic number theory, and quantum computing.

An algorithm that efficiently factors an arbitrary integer would render RSA-based public-key cryptography insecure.

That is probably one reason organizations or governments wouldn't use such a system. It may be cracked with a mathematical break through at some future time.

The problem with vernam class ciphers is distribution of the pad or the keys. If one were to use 256 bit AES and distribute a bunch of keys way in advance to all parties that need it, that would be very close to the effect of a one time pad.

Still, the largest semiprime yet factored is only a 795 bit number, factored in November 2019.

The largest known prime as of January 2020 is more than 24 million digits long.

Before the mid-1970s, all cipher systems were symmetric. Keys were distributed by a secure channel. There are no perfectly secure channels in the real world. There are, at best, only ways to make insecure channels (e.g., couriers, homing pigeons, diplomatic bags, etc.) less insecure: padlocks (between courier wrists and a briefcase), loyalty tests, security investigations, and guns for courier personnel, diplomatic immunity for diplomatic bags, and so forth.

Today, Kerberos exists, and that could be quantum resistant for a long time until a better one has been tried and tested.

What the governments are worried about are any cryptographic breaks that can crack asymmetric encryption faster than brute force. Rubber hose methods work, are cheaper, and that's why it is done.

As for RSA, use 4096 bits. We will know in the news worldwide if and when 1024 and 2048 bits are regularly broken; then we will have plenty of time to migrate to a different system if needed. Much of the internet will get broken otherwise.


As for traditional security, I think it's better than having something completely open. How the new concepts will work are left to be seen if they are any better in practice.

Let's continue the topic of vulnerability.
We're probably hiding the fact that any modern device is vulnerable, total and inevitable, it's a competition in which we users are inventory.

I argue that there is no point in having modern cryptography if you always have a 100% vulnerability through keys, passwords and other technological rudiments.

Once you have entered a password into such a device, you have lost it, and no matter what, you will never know.

What's more, exploited at a new level, software vulnerabilities that allow you to compromise your system without the user being involved (for example, without the victim clicking on a malicious link) are of great interest to scammers.

The experts from Google Project Zero, who have devoted several recent months to studying this issue, are no exception.
We are watching.
On Thursday, January 9, security researcher Samuel Gross from Google Project Zero demonstrated how Apple ID alone can remotely hack an iPhone, access passwords, messages, emails and activate a camera with a microphone in a matter of minutes.

The researcher described his attack method in three separate articles on the Google Project Zero blog. The first one provides technical details on the vulnerability, the second one on the ASLR hacking method, and the third one explains how to remotely execute code on the device under attack bypassing the sandbox.
"The research was mainly motivated by the following question: is it possible to remotely execute code on an iPhone using the remote memory corruption vulnerability alone without using other vulnerabilities and without any interaction with the user? A series of publications on this blog proves that it is indeed possible," Gross said.

What do you think of the traditional security concept after reading this news?

But the practical proof of the fact that some devices (in this case all, regardless of the model), some manufacturers, can never be used, under any circumstances, or for any purpose.

The main thing is not to forget, buying another fashionable smartphone, that with its help you can not use your passwords and keys, to access the service associated with your cryptographic assets. This is a spy.

Here is the recent news.
Celebrities in South Korea were subjected to a large-scale extortion campaign, during which criminals hacked into Samsung smartphones belonging to popular film artists, musicians, artists, etc. and demanded a ransom of $43,000 to $860,000, threatening to make their personal data public.

Only recently, in my post of January 15, this company was mentioned, and confirmation of this danger did not wait.

Really, who's responsible for this?
People who have trusted products that are not suitable for anything, in terms of security, or a manufacturer that adheres to its own, not for the purposes it has declared?

In my opinion, we will always be deceived if we trust anyone.  And the most dangerous thing is exactly the delusion that most people have.
Who's listening to the minority?

I don't know who will support me, but practice shows that apart from cheaters, other players are also playing against us, made up as our allies.

So then talking about cryptography...

---------------
Access to you or your data happens regardless of your desire or your importance.
This is fully automatic data collection. It is a program that collects everything and everyone.
It's done by both the government and the crooks.
But the government doesn't want scammers to know more than the government. That's the reason why news like this happens:
On January 14th, the FBI seized the domain WeLeakInfo.com for providing users with paid access to data leaked to the network by hacking. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.

"The Web site gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," the U.S. Department of Justice reported.

The subscription price ranged from $2 to $75, giving users unlimited access to search engines and data for a limited period of time.

Here's the price of your logins and passwords and more today: from $2 to $75. And this is not the highest price, there is cheaper.

This is reality, open your eyes, 12 billion records, this is all humanity!

There had been no real claims about the existence of quantum computers to date. If there is, we shouldn't even be stuck in this planet, most of the global problems we have right now would've been solved if there is a quantum computer out there. But even if there is, I don't see it big of a threat really, nobody would be able to gain access from a quantum computer unless you're a very important person.

-------------------
This theme, whether there's a quantum hazard or not, is wiped down to the holes.

That's the picture I'm looking at:
- most people in the scientific community understand and explain that the danger is more than real;
- most ordinary people who don't want to get into it, project managers, advertisers, "air salesmen" who aren't used to dealing with complex issues, don't see it as a threat.

We know that there are a lot of encryption systems, totally new systems that can withstand quantum computers even from another galaxy. And in 2022, we will know the winner.

All modern systems except AES will go to the junkyard of history and the debate will stop, just like the threat of quantum computers.

And what will remain?
There will remain the eternal threat of cryptanalysis, theft of keys and passwords, phishing, and other nasty things that no cryptographic system fights against.

These threats, as well as quantum threats, can be counteracted by a new technology of keyless encryption and passwordless authentication based on logic and geometry rather than mathematics.   

Nobody really knows for sure, but there is one thing you can be sure of, there are quantum computers out there right now as we speak. The ones that we definitely know of are D-wave systems quantum computers, which are commercially available and has several big name clients who have purchased a computer from them. There's really nothing to worry about as far as quantum computers go because they are an infant technology and are limited to specific functions on;y, but the real trouble starts when they gain more general function, that's when you arrive at the realization that the existing encryption is on it's way out the door, old news, good bye.

I think that phishing will never die as long as there is a password authentication system.

The point is that when you are shown a phishing site, a non-original site, or a phishing email arrives, all your protection is to compare the address, the name of the site, the information you see to the information in your memory.
It works, but very, very badly.
If you haven't noticed the modifications, it's all your fault.

Well, is it fair to rely on your own memory when you're digital?

I think it's a flaw.
We need password-free authentication methods. And these technologies are only two-way. What are we going to get:
1. No possibility of phishing attacks, regardless of our memory.
2. Impossible to compromise you by stealing your password or other identifier.

The point is that passwordless authentication has only a variable identifier. Nobody uses it 2 times, even you yourself.

Here's the news on the subject from January 17.

Experts have warned about a new type of phishing attack.

Perpetrators study the victims' email messages to trick them into going to malicious sites.


Cybercriminals have begun using new phishing techniques to trick employees into installing malware, transferring money or transferring their credentials.

The cybercriminals infiltrate business email channels using previously compromised credentials (acquired in clandestine forums, stolen or obtained through a bloatform) and join a conversation under the guise of one of the groups.
This is an expert opinion from Barracuda Networks.

The idea is that the attacker is exploiting a real identity by conducting phishing attacks on its behalf, which the victim will consider as messages coming from a trusted source.

In an analysis of 500,000 emails, experts found that the interception of correspondence increased by more than 400% between July and November last year.

 The experts reported on cases when intruders spent weeks communicating with their alleged victims to ensure a high level of trust.

Details of password-free and keyless methods, here:
https://bitcointalksearch.org/topic/keyless-encryption-and-passwordless-authentication-5204368.

This is the confirmation of my conclusions that the software, as well as the devices, are dangerous.

Dangerous, especially for keys and passwords.

January 16th, the freshest:
The first PoC attack with Windows vulnerability in crypt32.dll for spoofing Github and NSA sites is presented. 


The day after the patch was released for one of the most dangerous vulnerabilities in Windows history, security researcher Saleem Rashid demonstrated how it can pass off a malicious site as any site on the Internet in terms of cryptography.

We're talking about the CVE-2020-0601 vulnerability in the crypt32.dll cryptographic library in Windows, which allows you to sign malicious files so that the system will accept them as legitimate, as well as forge digital certificates. The problem was detected by specialists from the U.S. National Security Agency who reported it to Microsoft.

On Wednesday, January 15, Rashid posted a screenshot on Twitter that shows the music video Never Gonna Give You Up by popular 1980s singer Rick Estley playing at Github.com and NSA.gov. Using the vulnerability, the researcher was able to spoof Github and NSA websites in Edge and Chrome browsers.

Rashid's exploit consists of 100 lines of code, but it can be easily compressed to 10 lines if you cut "a few useful chips," the researcher told Ars Technica.

Other experts agree with colleagues at the NSA.
"With the help of the script, you can create a certificate for any site, and it will be trusted in IE and Edge with the standard Windows settings.

This is awful!

Don't forget that trusted certificate system, PKI system is the basis of the world security system.
Without the proper operation of this system - everything falls apart, no one will know if the public keys belong to their owners.
All you have to do is show your public key instead of the original one, and all our secrets are in their pocket - we will encrypt them ourselves and give them to them.

Can you imagine the consequences? 

The problem affects VPN gateways, VoIP, almost everything that uses network communications," said MongoDB Security Manager Kenn White.

Key security systems - are no longer secure for us!

No matter how much we talk about key cryptography, we always fear for the keys.
It's hard for me to compete with major cryptography and security experts.
But to listen to authoritative opinions, to analyze the information I've received, I've decided what is necessary.

So, the researchers of Blockchain technology have repeatedly noted this idea:
- even though all asymmetric cryptography, on which the Bitcoin defense is based, is based on the mathematical apparatus of elliptical curves, it is not a reason to calm down.
The matter is that, as the research showed, elliptic cryptography is not a panacea for such vulnerabilities as low entropy and software implementation errors.
Moreover, experts have revealed many examples of repeating SSH- and TLS-keys belonging to different certificate holders.
Digital signatures were detected in Bitcoin system, allowing to know a temporary key, which, in its turn, will give an intruder a corresponding private key and an opportunity to steal the cryptographic currency.

I will not assess the level of real danger of the software products that we have to use, but it is worth thinking about.

What are our keys and passwords to if the programs and devices are not reliable? The seldom you use the same key, the same password - the more secure you are.
Or am I wrong?

We use modern key encryption.
Even assuming that all systems that work for our benefit are absolutely secure, even so, our security system is not secure.

No crook would hack into a cryptographic system. He doesn't even care how it works or what it's called.

Fraudsters always hunt for keys.
They take advantage of the fact that encryption stands in our user programs as a component that we don't choose, we don't discuss it with the manufacturer.

It's the same with keys. We don't choose them, we don't invent them, all this work is done programmatically.

That's what crooks use.
There are two groups:
One. Real criminals, villains;
2. Governments and special organizations, big corporations that have to protect us, they're robbing us.

The facts and statistics of cybercrime show that it is dangerous to use the keys (they are impracticable to remember to a person) and passwords on modern devices.

It turns out that for a reliable operation of a cryptographic system, of any key system, it is necessary to restrict access of the device to the keys. This is an unsolvable problem in key systems.

But in today's trend - you cannot use keys or enter passwords from our devices, because all devices - work not only for you, but for someone else, we do not know who.

Judge for yourself:

1. Confirming news:
U.S. authorities are distributing a subsidized smartphone with an embedded virus.

Millions of poor Americans have received a subsidized smartphone under the FCC Lifeline Assistance Program. But the device came as a surprise - it has a built-in virus in its firmware. This software cannot be removed because it does not have root access rights.

The Unimax UMX U686CL smartphone was provided under the Mobile Accessibility Program.


2. And those we trust:
- Microsoft has been listening to and processing the voices of Skype and Cortana users for years without any security measures. This was told by Guardian, a former contractor who spent two years processing user voices using a personal laptop at his home in Beijing. He received his login and password from Microsoft via email in unencrypted form, with a very simple login and one password for everyone.

3) Similar spyware was found on all Samsung smartphones and tablets.

This problem was pointed out by one of the users of social news site Reddit. These are Device Care features that are actually present on mobile devices from the Korean manufacturer.

Samsung itself does not deny that Qihoo 360 uses a Device Care module designed to store data on the device. However, the manufacturer does not explain why the software interacts with Chinese servers on a regular basis. Qihoo 360 has previously been involved in several privacy scandals, including hidden data collection.

The source has warned that giving such a dubious company access to all data on the device is at least risky. He explained:

"The smartphone memory scanner has full access to all your personal data because it is part of the system. However, according to Chinese law, it must send this information to the government upon request". ”

So why should we discuss the reliability of the encryption system, any encryption system, even post quantum, even if the keys are stolen from the device itself!

Unbelievable, but the facts speak for themselves.
Make a conclusion.

When I talk about cryptography, I don’t apply it to myself, but I am interested in the question in principle. And no matter how many years later, who will die.

It is interesting to discuss the matter in principle. Is all modern cryptography a temporary phenomenon or for many, many years ?.
Reputable organizations, for reasons that have not been disclosed to us, intensively, for many years, are looking for a replacement for RSA and ECC.
Well, why not increase the key length and forget about quantum computers for the next 100 years.

Moreover, it is so obvious and simple, if everything is reliable, that I can not find an explanation for this.

Moreover, cryptosystems based on the principles on which RSA and ECC are based are not considered at all.

I want to understand why? What is the mystery?

And most importantly, these are the keys. They are always stolen. This is an axiom.

Signal is nothing new and better from the point of encryption than in all major messengers.
Protocol only. Good protocol.
It gives normal anonymity, but nothing safe from the point of view of cryptography. The same keys, the same dangers. Mekley Marlinspike (he is the author of this protocol) is a decent person and did everything as well as possible. But the keys - where do you escape from this vulnerability? It doesn’t matter that they are constantly changing, there are a lot of them even for one session, but they steal as easily from the device as from the server. But the worst thing is that the same asymmetric cryptography is used to coordinate them. And it doesn’t matter that the encryption of information is a symmetrical system, they hunt for keys, and so far successfully.
Speaking of good protocols, since cryptography is the same everywhere, Treema's anonymity is much better than Signal. This messenger is even harder to crack.

But everywhere there is a weak point - only one, modern asymmetric cryptography. This is not what I came up with.

As for the new cryptographic systems, of interest are those in which the keys, if any, are not consistent with asymmetric cryptography and are used only once, literally - one bit - one key.
And such systems exist, are developing, and much better than “quantum cryptography”.

These systems generate a Vernam class cipher. And this is the only code, the absolute durability of which is proved in the absolute sense of the word.

Examples:
1. Technological path of development, one-time binary tape, Vernam cipher:
https://www.nature.com/articles/s41467-019-13740-y

2. Software development path, one-time binary tape, Vernam cipher, geometric keyless methods:
https://bitcointalksearch.org/topic/keyless-encryption-and-passwordless-authentication-5204368

How long do modern asymmetric systems last?

I'm also not both, but understand a little bit about them enough to assure myself that if I use 4096 bit or even 2048 bit RSA public/private keypairs, I'll be reasonably secure and all my communications will remain private until they are useless to anyone else; quite possible forever too.

One day, they may be easily cracked by then modern computers, but that's either decades or centuries away, I'll be dead, and it won't matter then.

Summary: AES is fine for the next hundred years maybe, or maybe even forever. RSA and ECC = depends, maybe just a few years.

Websites use something called ephemeral keys, and other communications like Signal use perfect forward secrecy.

--------------------
I'm not a cryptographer or a mathematician.
I read and analyze what cryptographers and mathematicians say.

I read about these people to understand how authoritative they are in their questions.

As a result, all I do is talk like a parrot what big people say.

But I analyze facts, for example:
- why NIST doesn't even see RSA as a possible post-quantum encryption system;
- why the terms of the competition prohibit any system based on the same principles as RSA or ECC;
- why other systems, such as McEliece, have been rejected (vulnerabilities found), then upgraded, and are again among the candidates, and RSA or ECC do not want to accept upgraded?

Why are all attacks on RSA classified, except for some that we know:

- Richard Shreppel's "linear sieve" algorithm, which factor in any RSA module {\displaystyle n} n length {\displaystyle [\log _{2}n]+1}. {\displaystyle [\log _{2}n]+1} bit;

- John Pollard[en] proposed a factorization algorithm called the General Method for a numeric field lattice. This algorithm factorized the RSA module {\displaystyle n} n dimension {\displaystyle \log _{2}n}. \log _{2}n bit using {\displaystyle 2^{(1,9\dotso +o(1))(\log _{2}n)^{1/3}(\log _{2}\log _{2}n)^{2/3}}. {\displaystyle 2^{(1,9\dotso +o(1))(\log _{2}n)^{1/3}(\log _{2}\log _{2}n)^{2/3}}} simple operations;

- Peter Shore suggested an algorithm that factors any RSA module {\displaystyle n} n dimension {\displaystyle b=\log _{2}n}. {\displaystyle b=\log _{2}n} bit using {\displaystyle b^{2+o(1)}} b^{{2+o(1)}} (more precisely {\displaystyle b^{2}\cdot \log(b)\cdot \log(\log(b))}.  {\displaystyle b^{2}\cdot \log(b)\log(b))}) qubit operations on a quantum computer of the order {\displaystyle 2\cdot b^{1+o(1)}}.  {\displaystyle 2\cdot b^{1+o(1)}} cube (and a small number of auxiliary computations on a classic computer).

I think it is possible not to be a mathematician, and not to be an idiot, so as not to soberly look at the state of modern asymmetric cryptography, even having that little information, which is allowed for public viewing.

Your statement implies that anyone or someone has been able to factor RSA numbers, or factor large numbers to their primes.

If that's possible or easier, then quantum computers have a good purpose. We should see more of GPG getting cracked left and right though. I'm not seeing those yet.

We'd also see all sorts of this all over the internet.

Please show us an example of 2048 bit RSA number being factored.

-------------------
I understand that a protocol is a set of rules.
But the basis on which any protocol stands in this matter is cryptography.
Cryptography can be one, but there are many protocols based on it.
Therefore, any protocol that describes the behavior of participants in a post-quantum period of time should be based only on post-quantum cryptography.
If we are talking about blockchain technology and bitcoin, then I have a question:
and what cryptography will be the basis of the new protection protocols and the transition from technology based on conventional cryptography to new technology based on post-quantum asymmetric cryptography?

The NIST contest is not over yet, I have only such information on this issue.

---
You're wrong about RSA and ECC. The key length only matters if the mathematical problem of factoring or discrete logarithmization is not solved.  In fact, none of us, ordinary consumers, know or this problem has been solved today. But it is precisely known that this problem is easily solved by a quantum computer, the Shore algorithm and other loopholes have been open for a long time.
In this case, RSA and ECC and other asymmetric systems will not resist these solutions with any key length.
It wasn't me who said that, it was world-renowned cryptographs.
It's a well-known and open fact to the public. That is why, neither RSA nor ECC, nor any modern or new encryption system built on the same principles (factorization and discrete logarithmization) are suitable for the role of a post-quantum asymmetric encryption system. Systems with these principles are not considered candidates at all because they all break down at any key length.
We are talking about ECC in general. The topic is detailed in my post, second from December 4, here:
https://bitcointalk.org/index.php?topic=5204368.40

About the length of the key. The 256 bit AES key is 16,000 bits of RSA by reliability. The 4096 currently in use is not reliable. Increasing the key in RSA doubles the load on the processor from 8 or more times. That's why you cannot increase the key length in RSA. And soon it won't make any sense.

Even earlier, when we did not dream about quantum computers, it was strictly forbidden to use RSA or ECC in serious cases. This is a household cryptography, the reliability of which has not been proven to this day. Sadly, it's a fact. These systems are based on legends, not on serious arguments.