[Cryptography] How should we encrypt external mail attachments
Bill Frantz
frantz at pwpconsult.com
Mon Aug 2 17:57:14 EDT 2021
On 8/2/21 at 11:19 AM, jon at callas.org (Jon Callas) wrote:
>>On Aug 1, 2021, at 11:59, John Levine <johnl at iecc.com> wrote:
>>
>>My question is what algorithms to use? The file can be anything up to
>>several gigabytes so they should be reasonably fast. It's OK if the hash
>>and key are fairly large, since a few hundred or even a few thousand
>>bytes in a mail message is not a big deal these days.
>
>Both Intel and ARM CPUs have AES and SHA-256 in hardware. (And SHA-1, for completeness.)
>
>Why not those? I don't see a reason to go to something else.
On 8/2/21 at 6:07 AM, ron at flownet.com (Ron Garret) wrote:
>Second, as to which algorithms to use, I would strongly
>recommend not making this choice, but rather to include this
>information in the meta data and allowing users to choose.
I basically agree with Jon in his choices. If we follow Ron's
suggestion, we should not authorize another pair of algorithms
until either AES or SHA-256 starts looking flaky.
We should recognize that this is not data-in-motion encryption
where we can change algorithms anytime we build a new
connection. It is data-at-rest encryption where we will need to
support old algorithms essentially forever. Limiting the number
of algorithms a implementation 100-1000 years from now needs to
support is an important design goal.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | "I wish there was a knob on the TV to turn
up the
408-348-7900 | intelligence. There's a knob called
"brightness", but
www.pwpconsult.com | it doesn't work. -- Gallagher
More information about the cryptography
mailing list