[146799] in cryptography@c2.net mail archive
Re: [Cryptography] In the face of "cooperative" end-points,
daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 02:50:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <090EAD00-E00C-48FE-B217-3E12CB042A56@mac.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sat, 7 Sep 2013 21:22:16 -0400
To: james hughes <hughejp@mac.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
"Marcus D. Leech" <mleech@ripnet.com>, james hughes <hughejp@mac.com>,
Peter Fairbrother <zenadsl6186@zen.co.uk>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Your cryptosystem should be designed with the assumption that an attacker will record all old ciphertexts and try to break it later. The whole point of encryption is to make that attack not scary. We can never rule out future attacks, or secret ones now. But we can move away from marginal key lengths and outdated, weak ciphers. Getting people to do that is like pulling teeth, which is why we're still using RC4, and 1024-bit RSA keys and DH primes.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
