1995-01-12 - Re: Multiple symetric cyphers

Header Data

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
To: eric@remailer.net (Eric Hughes)
Message Hash: c62277e6ff92fda18b760a02e1f22b34eaf3d768e43d41a09aada44840c0017d
Message ID: <199501121547.AA02187@poboy.b17c.ingr.com>
Reply To: <199501120502.VAA29808@largo.remailer.net>
UTC Datetime: 1995-01-12 15:49:28 UTC
Raw Date: Thu, 12 Jan 95 07:49:28 PST

Raw message

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
Date: Thu, 12 Jan 95 07:49:28 PST
To: eric@remailer.net (Eric Hughes)
Subject: Re: Multiple symetric cyphers
In-Reply-To: <199501120502.VAA29808@largo.remailer.net>
Message-ID: <199501121547.AA02187@poboy.b17c.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


> But selecting a single cipher is just as much a fixed policy as a
> randomly selected one is.  Far better to let the user pick a policy,
> both about sent and accepted ciphers.

If you do give the user control, what is an acceptable mechanical
implementation? Let's say I have a file encryptor which allows the
user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I
require the user to tell that program what cypher was used to encrypt
the file she wishes to decrypt?

Is storing the cypher type as part of the encrypted file a weakness?

-Paul

-- 
Paul Robichaux, KD4JZG       | Good software engineering doesn't reduce the 
perobich@ingr.com            | amount of work you put into a product; it just 
Not speaking for Intergraph. | redistributes it differently.
                  ### http://www.intergraph.com ###





Thread