[146728] in cryptography@c2.net mail archive
Re: [Cryptography] Why prefer symmetric crypto over public key
daemon@ATHENA.MIT.EDU (ianG)
Sat Sep 7 04:07:30 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 07 Sep 2013 10:57:07 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <94DC5527-4012-4F81-977B-6BE2069C8D89@cs.ru.nl>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 7/09/13 09:05 AM, Jaap-Henk Hoepman wrote:
>>
>> Public-key cryptography is less well-understood than symmetric-key cryptography. It is also tetchier than symmetric-key crypto, and if you pay attention to us talking about issues with nonces, counters, IVs, chaining modes, and all that, you see that saying that it's tetchier than that is a warning indeed.
>
> You have the same issues with nonces, counters, etc. with symmetric crypto so I don't see how that makes it preferable over public key crypto.
It's a big picture thing. At the end of the day, symmetric crypto is
something that good software engineers can master, and relatively well,
in a black box sense. Public key crypto not so easily, that requires
real learning. I for one am terrified of it.
Therefore, what Bruce is saying is that the architecture should
recognise this disparity, and try and reduce the part played by public
key crypto. Wherever & whenever you can get part of the design over to
symmetric crypto, do it. Wherever & whenever you can use the natural
business relationships to reduce the need for public key crypto, do that
too!
iang
ps; http://iang.org/ssl/h2_divide_and_conquer.html#h2.4
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography