Rijndael & Hitachi
Steven M. Bellovin
smb at research.att.com
Wed Oct 11 07:25:21 PDT 2000
In message <5.0.0.25.2.20001010154833.03a01b80 at ebible.org>, Michael Paul Johnso
n writes:
>
>To put this suggestion into perspective, consider that in the real world, pure
> cipher strength is rarely the weakest link in the security chain, provided th
>at a reasonable key length and cipher are chosen. Having done that, go for it
>if you still think you can afford the extra time, space, and key management wi
>th (probably) no measurable increase in overall system security.
Precisely. What is the *real* threat model?
History does indeed show that believed-secure ciphers may not be, and
that we do indeed need a safety margin. But history shows even more
strongly that there are many better ways to the plaintext, and that's
the real goal.
--Steve Bellovin
More information about the cypherpunks-legacy
mailing list