Todd Walton wrote: > On 9/15/06, John H. Robinson, IV <[EMAIL PROTECTED]> wrote: > >RC4 was considered pretty solid. We know now that it is vulnerable to > >some vulnerabilities whn certain types of keys were chosen. Can we say > >that todays algorithms are immune? > > No, of course not. Nobody says that. But... I'm not getting your > point. What are you trying to say? Are you saying encryption is not > worth it, because someday it'll be cracked so people should just get > over it and not use encryption?
Message-ID: <[EMAIL PROTECTED]> > I am beginning to think that every laptop should have an encrypted > filesystem. If the laptop gets stolen it's no big deal. You only lose > the hardware and not your data to identity thieves. Message-ID: <[EMAIL PROTECTED]> > If someone steals my laptop for crack money they aren't going to > decrypt it. Even if the mob steals my laptop for the data on it how > are they going to crack it? Message-ID: <[EMAIL PROTECTED]> > All encrypton does is slow the bad guys down, it does not stop them. Message-ID: <[EMAIL PROTECTED]> > I am not saying be paranoid. I am saying practice due dilligence. When > it is out of your control, consider it compromised. Tracy wrote the first two, I wrote the second two. Tracy did conceed that an organisation such at the NSA could break the crypto, but he also wondered if they would _do_ anything outright, and let the world know that it can/has been done. So, I read from Tracy's argument that yes, crypto is 100% effective, now, and in the future, and that today's crypto properly applied is good for all time. My argument is that it is a layer of defense, and that the encrypted now, encrypted forever is bunk *and* hubris. If you lose control of your data, encrypted or not, you have to consider it compromised. It is the only safe way. My arguments also run like this: If my data is stolen, and on the clear, I have to do something about it *immediately* if not prior to the compromise. If it is encrypted, I can rely upon the fact that it takes *time* to crypto analyse or brute force the ciphertext, and tend to mitigating the effects. I cannot put it off forever, as Tracy seemed to imply in Message-ID: <[EMAIL PROTECTED]>. Use crypto? Yes. Absolutely. Think it 100% effective, and you never need worry? No. Let's talk about if your passphrase gets compromised . . . -john . . . how do you know it hasn't already? -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
