On Wed, Jul 1, 2015 at 4:59 AM, Steven D'Aprano <st...@pearwood.info> wrote: > Today, if the key is compromised, all is lost. Is it possible that there are > ciphers that are resistant to discovery of the key? Obviously if you know > the key you can read encrypted messages, that's what the key is for, but > there are scenarios where you would want security to degrade gracefully > instead of in a brittle all-or-nothing manner: > > - even if the attacker can read my messages, he cannot tamper with > them or write new ones as me. > > (I'm pretty sure that, for example, the military would consider it horrible > if the enemy could listen in on their communications, but *even worse* if > the enemy could send false orders that appear to be legitimate.)
That would be accomplished by a two-fold enveloping of signing and encrypting. If I sign something using my private key, then encrypt it using your public key, someone who's compromised your private key could snoop and read the message, but couldn't forge a message from me. Of course, that just means there are lots more secrets to worry about getting compromised. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
