[19504] in cryptography@c2.net mail archive
Re: [coderman@gmail.com: Re: [dave@farber.net: [IP] more on AP
daemon@ATHENA.MIT.EDU (John Kelsey)
Tue Jan 3 16:13:57 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 3 Jan 2006 14:14:41 -0500 (EST)
From: John Kelsey <kelsey.j@ix.netcom.com>
Reply-To: John Kelsey <kelsey.j@ix.netcom.com>
To: Eugen Leitl <eugen@leitl.org>,
Cryptography List <cryptography@metzdowd.com>
...
>From: Eugen Leitl <eugen@leitl.org>
>Sent: Jan 1, 2006 6:18 AM
>To: Cryptography List <cryptography@metzdowd.com>
>Subject: [coderman@gmail.com: Re: [dave@farber.net: [IP] more on AP
> Story Justice Dept. Probing Domestic Spyin]
...
>as long as your OTP's are truly random and never compromised, the key
>exchange will be secure and the only way to attack your traffic
>remotely will be brute force of AES256.
I'm coming late to this discussion, but if you're already trusting
AES256 for security, why not just exchange a single long-term AES256
key between mutually-trusting sites? Then, you can generate today's
piece of the one-time-pad using a shared counter or a timestamp or
something. Further, this lets you store the secret that derives your
keys inside a tamper-resistant crypto module.
>Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
--John Kelsey, NIST
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
