17 Dec
2003
17 Dec
'03
11:17 p.m.
On Thu, 12 Jan 1995, Paul Robichaux wrote:
But selecting a single cipher is just as much a fixed policy as a randomly selected one is. Far better to let the user pick a policy, both about sent and accepted ciphers.
If you do give the user control, what is an acceptable mechanical implementation? Let's say I have a file encryptor which allows the user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I require the user to tell that program what cypher was used to encrypt the file she wishes to decrypt?
Is storing the cypher type as part of the encrypted file a weakness?
Perhaps it is. The algorithm set could be part of the key, though...