Sam Mason schrieb: > On Sun, Nov 22, 2009 at 06:20:07PM +0100, Stefan Xenon wrote: >> A) increase the key length (e.g. AES-265) > > I think that would make matters worse. AFAIK, AES-128 is considered to > be *stronger* than AES-256 these days. A somewhat recent summary that I > found: > > http://www.schneier.com/blog/archives/2009/07/another_new_aes.html > >> or allow the choice between >> more algorithms and key lengths in general (user configured). > > Difficult; the caps/urls are getting pretty long already how would you > encode this while not making them unmanageable? Also, client support > becomes a non-trivial issue.
In the middle term we have to replace AES-128 anyway. Don't get me wrong, there is no problem with it at the moment. But also we know that no encryption algorithm lasts forever. The caps don't have to get longer by allowing different algorithms. One additional byte may be required to signalize which algorithm is used. As long as the key length isn't increased, the cap's length is not increased as well. Definitely clients need to support any algorithm which the system allows. Nowadays good cryptographic libraries exist which simplify the implementation enormous. I don't think any mature system--which has security as a central feature--can stick with a single algorithm because it doesn't fit for any purpose/usage. See OpenPGP, TLS/X.509, True Crypt, dm-crypt: All of them allow various algorithms and key lengths. Regards Stefan _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
