> Because the algorithm is known, it is no longer a trade secret. > > --> why not change the algorithm slightly? :) > > > We are not using wireless and I think a symmetric key is fine. If I could > > get a hold of some open source AES or 3DES code, I could show my customer > > the performance compared to RC4. > > you can say your using a custom symmetric RC4 based algorithm. one of > the problems with using RC4 based on the url's above is the fact that > it is using a "known" algorithm, just modify it slightly :)
It is not because the algorithm is known that it is no longer secure ! Everybody knows about RSA, and it is still robust. As long as you avoid some pitfalls, RC4 is secure. Use a key wider than 128 bits, avoid weak keys, always skip the first 256 bytes of output, and you'll be ok. IMHO, the lack of security comes from the plateform, not from the encryption algorithm. A palm device can easily be stolen or borrowed, providing a malicious user both your encrypted database *and* the application that encrypt/decrypt it... In other words, whatever the encryption algorithm you use, your application won't be secure unless you protect your application from the user point of view using passwords, and from the hacker point of view using one of the mechanism Aaron describes in its famous white paper about software protection. -- Pascal -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
