[Cryptography] TEXTCOMBINE-REV, A software for combining text files to obtain high-quality pseudo-randomness in practice (replacing an earlier retracted software)
Michael Kjörling
michael at kjorling.se
Sat Sep 2 09:17:59 EDT 2017
On 1 Sep 2017 22:05 +0200, from mok-kong.shen at t-online.de (mok-kong shen):
>> https://tools.ietf.org/html/rfc4086#section-6.1.2
>
> In security, actually in all issues of discussions (not to say
> politics etc.), one could take different standpoints. But one should
> also consider IMHO the "reality" in the different scenarios. Here in
> security I suppose one should take into accout the nature of the
> particular applications, the quantity/quality/value of informations
> and the users concerned,
On the other hand, why should we knowingly give users _less_ than the
best we can reasonably achieve within the relevant engineering
constraints?
It's hardly a valid argument to say that "this class of users don't
expect any significant security, so let's use MD5/DES/RC4/whatever
instead of an algorithm believed to be secure". A valid argument can
_possibly_ be made that the restrictions imposed e.g. by the hardware
_requires_ the use of less computationally intensive algorithms
(which, in turn, does not necessarily imply that those algorithms are
less secure; only that they have different properties), but your
proposal, to me, does not appear to fall into such a category.
Maybe you've posted that before, and I've missed it, but: What use
case does your idea target which is not covered by some other,
existing, well-studied algorithm for deriving unpredictable data?
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list