On Mon, Jul 19, 1999 at 01:43:23PM -0600, [EMAIL PROTECTED] wrote:
> Hans wrote:
>> When implementing PGP base encryption, is this implementation MUST
>> use symetrically Algorithms ?? Is it possible to use only the
>> public/private key ?
>
> There currently isn't a way to do it under the OpenPGP Draft. Why would
> you want to? Symmetric algorithms are generally one or two orders of
> magnitude faster, and as far as we can tell, every bit as secure.
You might want to avoid the symmetric algorithms if your treath model
includes the cryptosystems being broken. If you use only PK, you are
only vulnerable if your PK algorithm fails. If you use PK to encrypt
a symmetric key, you are vulnerable both if the PK fails, and if the
symmetric algorithm fails.
Eivind.
[Moderator's note: As has been noted, however, it is actually much
harder to produce a secure PK only system because of the nature of
various attacks made against such systems. It also continues to be
impractical to use such systems because of the slow speed of most PK
algorithms, even on modern hardware. Other messages address this
topic in more detail --Perry]
