[Cryptography] Security is a total system problem (was Re: Perfection versus Forward Secrecy)

John Kelsey crypto.jmk at gmail.com
Sat Sep 14 17:59:42 EDT 2013

On Sep 13, 2013, at 3:23 PM, "Perry E. Metzger" <perry at piermont.com> wrote:

> The problem these days is not that something like AES is not good
> enough for our purposes. The problem is that we too often build a
> reinforced steel door in a paper wall.

Also, if AES being insufficiently strong is our problem, we have a whole bunch of solutions easily at hand.  Superencrypt successively with, say, Serpent, Twofish, CAST, Salsa, and Keccak in duplex mode.  This has a performance cost, but it is orders of magnitude less overhead than switching to manual key distribution of one-time pads.  

It's hard for me to think of a real world threat that is addressed better by a one-time pad than by something cheaper and less likely to get broken via human error or attacks on the key management mechanism.  

> Perry E. Metzger        perry at piermont.com

More information about the cryptography mailing list