1994-07-19 - Re: Triple encryption…

Header Data

From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
To: gedora!uunet!delphi.com!DAVESPARKS@uunet.uu.net
Message Hash: 9fc4666c87b0db0d095acad8d20517a1f19538f8912483bf58f6ceaa1eacc513
Message ID: <Pine.3.89.9407191058.A19020-0100000@gedora>
Reply To: <01HER66KT4XS9ASKAD@delphi.com>
UTC Datetime: 1994-07-19 17:11:32 UTC
Raw Date: Tue, 19 Jul 94 10:11:32 PDT

Raw message

From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Date: Tue, 19 Jul 94 10:11:32 PDT
To: gedora!uunet!delphi.com!DAVESPARKS@uunet.uu.net
Subject: Re: Triple encryption...
In-Reply-To: <01HER66KT4XS9ASKAD@delphi.com>
Message-ID: <Pine.3.89.9407191058.A19020-0100000@gedora>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 16 Jul 1994 uunet!delphi.com!DAVESPARKS@gedora wrote:
> Mike Johnson wrote:
> 
> > Or for the rabid, clinically paranoid:
> > 
> > 3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor | 
> 
>  [11 iterations deleted]
> ... 
> There's always a trade-off, and you've just demonstrated one of the
> extremes.  In the final analysis, it's sort of like deciding whether to
> spend $1000 on a security system to protect a $500 car, for "security", or
> leave the doors unlocked and "hide" the ignition key under the mat for "ease
> of use".  Probably something in between makes the most sense.

Agreed.

> ...
 
> What would you like to suggest in the way of key management to make that
> "link" at least as strong as the algorithmic one?  Your point is certainly a
> valuable one, but the two aren't mutually exclusive.  That would be like
> saying that I won't buy a lock for my front door until I've first replaced
> all my windows with something more sturdy than glass.  It depends on the
> nature and source of any potential attacks.  To follow the analogy, some
> "burglars" are better at lock picking than glass-smashing.

Naturally, the two aren't mutually exclusive, but I'll not buy a vault 
door for my house unless I've got a vault to put it on.

Anyway, I think the best key management so far is the PGP web of trust 
design of Phil Zimmermann's.  I think this could be extended for other 
applications, too, like encrypted IP (swIPe?) and the like.  I've been 
trying to think of ways to extend that to private key systems, too.

Peace to you.







Thread