[Cryptography] crypto standards and principles
Tom Mitchell
mitch at niftyegg.com
Wed Feb 4 16:50:25 EST 2015
On Wed, Feb 4, 2015 at 6:07 AM, Kent Borg <kentborg at borg.org> wrote:
> On 02/03/2015 07:46 PM, Tom Mitchell wrote:
>
>> Many times we talk about a key or method that had 2^64 or 2^1024
>> or pick a number. When two methods are possible
>>
> ......
>
> Sounds fishy; an extra bit or two of the key could be used to select among
> key methods and make things much stronger! Seems too good an idea to pass
> up, why don't we do that? Why is AES-256 not, say, AES-260 with 4-bits used
> to select among different algorithm variations?
>
This could be crafted into the key data structure of some future version.
Today it is
possible to invoke by dir name or file name one key over another. In a
system with
MAC & associated rolls this might not be necessary as MAC could make the
correctly labeled
key visible and no more.
It also makes sense to have multiple users for different purposes on a
machine.
User "bob" could also add a user bobsu/bobadm for administrative rolls
while "bob" could
not update or corrupt the system. Does this fit in a better practice tree?
Perhaps add a user "bobbank" for bob to access some financial institutions.
This little trick can work on Windowz and Linux (sudoers) and if the
initial setup
prompted for multiple users unlike today with "sudo" then other good things
might happen. Support this with encrypted home dirs.
In too many cases I suspect the first step (login) for accessing a machine
is the weakest link in an cryptography based communication system.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150204/e6743c21/attachment.html>
More information about the cryptography
mailing list