Re: A Simple Encryption Mode that "Feels" Secure

From: John Savard (jsavard_at_excxn.aNOSPAMb.cdn.invalid)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 05:51:09 GMT

On Wed, 27 Oct 2004 19:30:19 +0000 (UTC), daw@taverner.cs.berkeley.edu
(David Wagner) wrote, in part:

>If such users are common, rather than catering to their misinformed
>perceptions it would seem more effective to focus on teaching them how
>to recognize good crypto than to invent new schemes that might or might
>not be secure.

This sounds like good common sense!

Surely there _are_ lots of people out there doing good work in education
in this area.

But education isn't always successful, and if a mode that both is secure
and seems secure manages to forestall the creation of some snake oil, it
may make a modest contribution.

As well, I also feel that sometimes insights, in their early stages,
cannot always be well-articulated. An encryption mode that protects
privacy only, and does nothing to authenticate data, lends itself to
misuse. People will read and act on messages whose integrity checks are
invalid, if the integrity check is added on and not locked in a black
box which refuses to yield plaintext if the integrity check is not
valid.

Thus, if one can protect messages against forgeries other than the
existential at essentially no cost - and even the existential can be
defended against at essentially no cost, but with modes that require
some mathematical sophistication to implement - it seems worth doing.

John Savard
http://home.ecn.ab.ca/~jsavard/index.html

Relevant Pages
Loading