But selecting a single cipher is just as much a fixed policy as a randomly selected one is. Far better to let the user pick a policy, both about sent and accepted ciphers.
If you do give the user control, what is an acceptable mechanical implementation? Let's say I have a file encryptor which allows the user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I require the user to tell that program what cypher was used to encrypt the file she wishes to decrypt? Is storing the cypher type as part of the encrypted file a weakness? -Paul -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich@ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ###