Your cryptosystem should be designed with the assumption that an attacker will 
record all old ciphertexts and try to break it later.  The whole point of 
encryption is to make that attack not scary.  We can never rule out future 
attacks, or secret ones now.  But we can move away from marginal key lengths 
and outdated, weak ciphers.  Getting people to do that is like pulling teeth, 
which is why we're still using RC4, and 1024-bit RSA keys and DH primes.  


The cryptography mailing list

Reply via email to