[7950] in cryptography@c2.net mail archive
Re: Rijndael & Hitachi
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Oct 11 10:38:00 2000
From: "Steven M. Bellovin" <smb@research.att.com>
To: Michael Paul Johnson <mpj@ebible.org>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
Vin McLellan <vin@shore.net>, coderpunks@toad.com, cryptography@c2.net,
cypherpunks@cyberpass.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 11 Oct 2000 10:25:21 -0400
Message-Id: <20001011142522.F217E35DC2@smb.research.att.com>
In message <5.0.0.25.2.20001010154833.03a01b80@ebible.org>, Michael Paul Johnso
n writes:
>
>To put this suggestion into perspective, consider that in the real world, pure
> cipher strength is rarely the weakest link in the security chain, provided th
>at a reasonable key length and cipher are chosen. Having done that, go for it
>if you still think you can afford the extra time, space, and key management wi
>th (probably) no measurable increase in overall system security.
Precisely. What is the *real* threat model?
History does indeed show that believed-secure ciphers may not be, and
that we do indeed need a safety margin. But history shows even more
strongly that there are many better ways to the plaintext, and that's
the real goal.
--Steve Bellovin
