<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 4, 2015 at 6:07 AM, Kent Borg <span dir="ltr"><<a href="mailto:kentborg@borg.org" target="_blank">kentborg@borg.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 02/03/2015 07:46 PM, Tom Mitchell wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Many times we talk about a key or method that had 2^64 or 2^1024<br>
or pick a number. When two methods are possible <br></blockquote></span></blockquote><div>...... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote>
<br></span>
Sounds fishy; an extra bit or two of the key could be used to select among key methods and make things much stronger! Seems too good an idea to pass up, why don't we do that? Why is AES-256 not, say, AES-260 with 4-bits used to select among different algorithm variations?<br></blockquote><div><br></div><div>This could be crafted into the key data structure of some future version. Today it is</div><div>possible to invoke by dir name or file name one key over another. In a system with </div><div>MAC & associated rolls this might not be necessary as MAC could make the correctly labeled </div><div>key visible and no more.</div><div><br></div><div>It also makes sense to have multiple users for different purposes on a machine.</div><div>User "bob" could also add a user bobsu/bobadm for administrative rolls while "bob" could </div><div>not update or corrupt the system. Does this fit in a better practice tree?</div><div>Perhaps add a user "bobbank" for bob to access some financial institutions.</div><div><br></div><div>This little trick can work on Windowz and Linux (sudoers) and if the initial setup</div><div>prompted for multiple users unlike today with "sudo" then other good things</div><div>might happen. Support this with encrypted home dirs. </div><div><br></div><div>In too many cases I suspect the first step (login) for accessing a machine</div><div>is the weakest link in an cryptography based communication system.</div><div><br></div><div><br></div><div> </div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>