Cruising the stacks and finding stuff

Sandy Harris sandyinchina at
Wed Apr 23 19:22:45 EDT 2008

Jack Lloyd <lloyd at> wrote:

>  Making a cipher that uses an N bit key but is only secure to 2^M
>  operations with M<N is, firstly, considered broken in many circles, as
>  well as being inefficient (why generate/transmit/store 512 bit keys
>  when it only provides the security of a ~300 bit (or whatever) key
>  used with a perfect algorithm aka ideal cipher - why not use the
>  better cipher and save the bits).

Saving bits may not matter, or may not be possible. For example,
if you are ealing with a hybrid system -- say, using RSA to transmit
the symmetric cipher key or Diffie-Hellamn to construct it -- then for
any symmetric cipher key size less than the public key size, your
overheads are the same.

Sandy Harris,
Nanjing, China

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list