[147188] in cryptography@c2.net mail archive
Re: [Cryptography] paranoid cryptoplumbing is a probably not
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Tue Sep 17 13:20:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130917122840.0b3c2bf5@jabberwock.cb.piermont.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 17 Sep 2013 10:07:38 -0700
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Jerry Leichter <leichter@lrw.com>, Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8400038763013761190==
Content-Type: multipart/alternative; boundary=047d7b339e89dadeb404e6975cc6
--047d7b339e89dadeb404e6975cc6
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Sep 17, 2013 at 9:28 AM, Perry E. Metzger <perry@piermont.com>wrote:
> In any case, I would continue to suggest that the weakest point
> (except for RC4) is (probably) not going to be your symmetric cipher.
> It will be protocol flaws and implementation flaws. No point in
> making the barn out of titanium if you're not going to put a door on
> it.
If your threat is a patient eavesdropper (particularly one that obsessively
archives traffic like the NSA) then combining ciphers can give you long
term confidentiality even in the event one of your encryption primitives is
compromised.
The NSA of course participated in active attacks too, but it seems their
main MO was passive traffic collection.
But yes, endpoint security is weak, and an active attacker would probably
choose that approach over trying to break particular algorithms.
--
Tony Arcieri
--047d7b339e89dadeb404e6975cc6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Tue, Sep 17, 2013 at 9:28 AM, Perry E. Metzger <span di=
r=3D"ltr"><<a href=3D"mailto:perry@piermont.com" target=3D"_blank">perry=
@piermont.com</a>></span> wrote:<br><div class=3D"gmail_extra"><div clas=
s=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">In any case, I would continue to suggest tha=
t the weakest point<br>
(except for RC4) is (probably) not going to be your symmetric cipher.<br>
It will be protocol flaws and implementation flaws. No point in<br>
making the barn out of titanium if you're not going to put a door on<br=
>
it.</blockquote><div><br></div><div>If your threat is a patient eavesdroppe=
r (particularly one that obsessively archives traffic like the NSA) then co=
mbining ciphers can give you long term confidentiality even in the event on=
e of your encryption primitives is compromised.</div>
<div><br></div><div>The NSA of course participated in active attacks too, b=
ut it seems their main MO was passive traffic collection.=A0</div></div><di=
v><br></div><div>But yes, endpoint security is weak, and an active attacker=
would probably choose that approach over trying to break particular algori=
thms.</div>
<div><br></div>-- <br>Tony Arcieri<br>
</div></div>
--047d7b339e89dadeb404e6975cc6--
--===============8400038763013761190==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8400038763013761190==--
