[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Triple encryption...





On Sat, 16 Jul 1994 uunet!delphi.com!DAVESPARKS@gedora wrote:
> Mike Johnson wrote:
> 
> > Or for the rabid, clinically paranoid:
> > 
> > 3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
> 
>  [11 iterations deleted]
> ... 
> There's always a trade-off, and you've just demonstrated one of the
> extremes.  In the final analysis, it's sort of like deciding whether to
> spend $1000 on a security system to protect a $500 car, for "security", or
> leave the doors unlocked and "hide" the ignition key under the mat for "ease
> of use".  Probably something in between makes the most sense.

Agreed.

> ...
 
> What would you like to suggest in the way of key management to make that
> "link" at least as strong as the algorithmic one?  Your point is certainly a
> valuable one, but the two aren't mutually exclusive.  That would be like
> saying that I won't buy a lock for my front door until I've first replaced
> all my windows with something more sturdy than glass.  It depends on the
> nature and source of any potential attacks.  To follow the analogy, some
> "burglars" are better at lock picking than glass-smashing.

Naturally, the two aren't mutually exclusive, but I'll not buy a vault 
door for my house unless I've got a vault to put it on.

Anyway, I think the best key management so far is the PGP web of trust 
design of Phil Zimmermann's.  I think this could be extended for other 
applications, too, like encrypted IP (swIPe?) and the like.  I've been 
trying to think of ways to extend that to private key systems, too.

Peace to you.