Ian Clysdale wrote:
Sorry, I'm going to continue to take a viewpoint that I suspect is rather unpopular in this list, and argue for the advantages of weak crypto in certain circumstances, when it is KNOWN to be weak. The phrase "Poor security is worse than no security" refers to the dangers in assuming that your communications are secure, even when they're not. If you know that your cryptography is weak, it can still sometimes be sufficient for your purposes. What weak cryptography does
There's a good reason this viewpoint is unpopular: it includes the tacit assumption that strong crypto is harder to do than weak crypto. In fact that's not the case. It's as fast and easy to do RC4/128 as to do RC4/40 -- the only extra resource is keying material, which is cheap. The <only> reason to use weak cryptography is political. I'll also challenge your "If you know that your cryptography is weak" meme: most people have no idea what cryptography is, and at best can look at the little key to see if they're on a secure page. Explaining to them that they're not really secure is normally possible in a one-to-one tutorial, but most people just want to get their work done, and if the program says they're now in secure mode, they'll feel free to send their SSN/SIN/NID and their HIV status. They <don't> know their cryptography is weak, even if you tell them. Bad idea! Bad! -- Jim Gillogly 14 Blotmath S.R. 1997, 18:27 12.19.4.11.12, 1 Eb 10 Zac, Seventh Lord of Night