On Tue, Oct 18, 2005 at 11:09:51AM -0400, David Gianndrea wrote:
> Ok that is good info. What about just doing file level encryption.
> As an example you have a disk with a bunch of files, and it is
> only those files you would want encrypted, and the issue is more
> a confidentiality is required / media loss issue then a tamper issue?
>
> We are looking to use AES-256 for this.
>
A strong cipher used badly can give worse security than a weaker cipher
used well. Is your application a crypto disk, a crypto filesystem, or a
utility to encrypt and decrypt files. Is the threat model loss of physical
media, or are files encrypted for transmission or on-line network access?
You are still looking for algorithm recommendations (a common error)
when you should be looking for a security analysis of your problem,
the algorithm is the easy part at the end of the analysis.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
