data under one key, was Re: analysis and implementation of LRW

Vlad "SATtva" Miller sattva at
Sun Feb 4 03:33:30 EST 2007

Allen wrote on 31.01.2007 01:02:
> I'll skip the rest of your excellent, and thought provoking post as it
> is future and I'm looking at now.
> From what you've written and other material I've read, it is clear that
> even if the horizon isn't as short as five years, it is certainly
> shorter than 70. Given that it appears what has to be done is the same
> as the audio industry has had to do with 30 year old master tapes when
> they discovered that the binder that held the oxide to the backing was
> becoming gummy and shedding the music as the tape was playing -
> reconstruct the data and re-encode it using more up to date technology.
> I guess we will have grunt jobs for a long time to come. :)

I think you underestimate what Travis said about ensurance on a
long-term encrypted data. If an attacker can (and it is very likely) now
obtain your ciphertext encrypted with a scheme that isn't strong in
70-years perspective, he will be able to break the scheme in the future
when technology and science allows it, effectively compromising [part
of] your clients private data, despite your efforts to re-encrypt it
later with improved scheme.

The point is that encryption scheme for long-term secrets must be strong
from the beginning to the end of the data needed to stay secret.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 505 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cryptography mailing list