Triple encryption...
Mike Johnson second login
exabyte!gedora!mikej2 at uunet.uu.net
Tue Jul 19 10:11:32 PDT 1994
On Sat, 16 Jul 1994 uunet!delphi.com!DAVESPARKS at gedora wrote:
> Mike Johnson wrote:
>
> > Or for the rabid, clinically paranoid:
> >
> > 3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor |
>
> [11 iterations deleted]
> ...
> There's always a trade-off, and you've just demonstrated one of the
> extremes. In the final analysis, it's sort of like deciding whether to
> spend $1000 on a security system to protect a $500 car, for "security", or
> leave the doors unlocked and "hide" the ignition key under the mat for "ease
> of use". Probably something in between makes the most sense.
Agreed.
> ...
> What would you like to suggest in the way of key management to make that
> "link" at least as strong as the algorithmic one? Your point is certainly a
> valuable one, but the two aren't mutually exclusive. That would be like
> saying that I won't buy a lock for my front door until I've first replaced
> all my windows with something more sturdy than glass. It depends on the
> nature and source of any potential attacks. To follow the analogy, some
> "burglars" are better at lock picking than glass-smashing.
Naturally, the two aren't mutually exclusive, but I'll not buy a vault
door for my house unless I've got a vault to put it on.
Anyway, I think the best key management so far is the PGP web of trust
design of Phil Zimmermann's. I think this could be extended for other
applications, too, like encrypted IP (swIPe?) and the like. I've been
trying to think of ways to extend that to private key systems, too.
Peace to you.
More information about the cypherpunks-legacy
mailing list