Hash: SHA1

On Sep 6, 2013, at 11:05 PM, Jaap-Henk Hoepman <j...@cs.ru.nl> wrote:

>> Public-key cryptography is less well-understood than symmetric-key 
>> cryptography. It is also tetchier than symmetric-key crypto, and if you pay 
>> attention to us talking about issues with nonces, counters, IVs, chaining 
>> modes, and all that, you see that saying that it's tetchier than that is a 
>> warning indeed.
> You have the same issues with nonces, counters, etc. with symmetric crypto so 
> I don't see how that makes it preferable over public key crypto.

Point taken.

Bruce made a quip, and I offered an explanation about why that quip might make 

I have also, in debate with Jerry, opined that public-key cryptography is a 
powerful thing that can't be replaced with symmetric-key cryptography. That's 
something that I firmly believe. At its most fundamental, public-key crypto 
allows one to encrypt something to someone whom one does not have a prior 
security relationship with. That is powerful beyond words.

If you want to be an investigative reporter and want to say, "If you need to 
talk to me privately, use K" -- you can't do it with symmetric crypto; you have 
to use public-key. If you are a software developer and want to say say, "If you 
find a bug in my system and want to tell me, use K" -- you can't do it with 
symmetric crypto.

Heck, if you want to leave someone a voicemail securely you've never talked to, 
you need public key crypto.

That doesn't make Bruce's quip wrong, it just makes it part of the whole story.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

The cryptography mailing list

Reply via email to