[Cryptography] how to encrypt for the very long term?

Christoph Gruber grisu at guru.at
Tue Jul 31 00:06:04 EDT 2018

On 31.07.2018 on 00:15  Philipp <pg at futureware.at> wrote:
> What I personally really don't like is that people call Xor one-time-pads as "perfect encryption" or "perfect security". From my point of view, encryption should provide both secrecy and at least to some degree integrity.
> Xor one-time pads only provides secrecy, but no integrity. If people would call it just "perfect secrecy", I wouldn't mind, but calling it "perfect security" is misleading from my point of view.
> Anyone can tamper the encrypted data, and for guessable structures like email-headers and things like that, it's quite possible to guess clear-text parts and simply replace them by xoring the ciphertext with the xor difference of what you guess it means and the thing you want it tampered with.
> Good encryption modes should provide both secrecy, integrity (tamper-evidence to be exact) and perhaps even authentication, depending on the application.

Hi Philip!

Perfect encryption is correct, also that perfect encryption is NOT enough for security. For integrity purposes, other means my also apply, or use cryptographic methods to detect alteration, but that is not encryption, or only partially.
You can put all these together in one application, but the functions and the methods you use, be separate.

Kindest regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180731/093b1a2f/attachment.html>

More information about the cryptography mailing list