[Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

Tony Arcieri bascule at gmail.com
Tue Sep 17 13:07:38 EDT 2013

On Tue, Sep 17, 2013 at 9:28 AM, Perry E. Metzger <perry at piermont.com>wrote:

> In any case, I would continue to suggest that the weakest point
> (except for RC4) is (probably) not going to be your symmetric cipher.
> It will be protocol flaws and implementation flaws. No point in
> making the barn out of titanium if you're not going to put a door on
> it.

If your threat is a patient eavesdropper (particularly one that obsessively
archives traffic like the NSA) then combining ciphers can give you long
term confidentiality even in the event one of your encryption primitives is

The NSA of course participated in active attacks too, but it seems their
main MO was passive traffic collection.

But yes, endpoint security is weak, and an active attacker would probably
choose that approach over trying to break particular algorithms.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130917/817a7388/attachment.html>

More information about the cryptography mailing list