Robert Kern wrote: > On 2010-01-12 05:59 AM, Anthra Norell wrote: [ping, pong, ping, pong] > If the OP uses a real encryption algorithm, he can rely on the fact that > he can use the algorithm for large files or for plaintexts that a > malicious agent might choose even if he did not communicate (or even > know about!) those needs at the time. He cannot rely on those features > with your algorithm, but you do not reveal those limitations of your > algorithm. You simply assumed that the OP could deal with those > limitations, and that does him a disservice. > The fact that much hogwash is spoken about encryption through ignorance is underlined today by the reactions to reports that a team of German computer scientists have cracked a message encrypted with RSA using a 768-bit key.
http://www.out-law.com//default.aspx?page=10659 The general tenor of these ill-informed responses is along the lines of "we will soon have to use biometrics or PINs as an additional layer of protection". This is baloney, pure and simple. If no cryptographic weaknesses have been demonstrated in the algorithms then the simple solution (and one that Moore's Law and the rise of multiprocessor hardware adequately supports) is to use longer keys. 2,048-bit RSA will be secure at least for my lifetime, unless startling developments come along in quantum computing. Biometric and PIN-based access control systems are demonstrably easier to break than 768-bit encryption, which has just been done for a single message in something like two years with the aid of a large number of computers and a brute-force attack. They can also be subverted, which is rather more difficult for a cryptosystem with properly-protected private keys. Just the same, people continue to make exaggerated claims for "crypto" systems that have not been subjected to cryptanalysis. This behavior is unlikely to change, so you will probably be happier allowing such people (who are legion) their delusions. regards Steve -- Steve Holden +1 571 484 6266 +1 800 494 3119 PyCon is coming! Atlanta, Feb 2010 http://us.pycon.org/ Holden Web LLC http://www.holdenweb.com/ UPCOMING EVENTS: http://holdenweb.eventbrite.com/ -- http://mail.python.org/mailman/listinfo/python-list
