Re: Looking for a security/encryption programmer for small contract

Wed, 23 Jan 2008 11:40:22 -0800 

i'll be honest, i don't know anyone who's ever used a one-time-pad 
outside of some military applications before we had computers 
everywhere.  while the security is mathematically "perfect", it's so 
encumbering to implement that i consider it overall riskier.  having to 
pass by courier gigs upon gigs of true-random numbers, plus the need to 
securely destroy that data afterwards, is really hard.  many more 
vectors of attack at the human level.  best to make damn sure your 
192-bit AES key gets there in a trustworthy manner, and trust in the 
combined research of the professional cryptographic community.

derek


Tim Chase wrote:
>>>> - Take a message, encrypt it using a secure method (should be better
>>>> or equal than OTP), return the encrypted message.
>>  >
>>> parties, Blowfish and DES3 are popular choices and likely to be 
>> just a point of fact: neither of these are >= to OTP.
> 
> They're all strong cryptographically, but all shared-secret 
> solutions suffer the same fate of having to figure out how to 
> securely share your key/OTP if you aren't both the sender and the 
> recipient.
> 
> I do like OTP for logins over insecure connections if absolutely 
> needed, but otherwise, I don't see non-public-key as a great win :)
> 
>> also, on a side note, i wouldn't use 3DES for any new implementations.
> [snip]
>> i'd highly recommend AES instead.
> 
> Good point...I remember hearing something about that a while 
> back, but I tend to use public-key for just about everything so 
> it didn't register in my active memory.
> 
> -tim
> 
> 
> 
> 
> > 
> 


-- 
  looking to buy or sell anything?

     try: http://allurstuff.com

  it's a classified ads service that
  shows on a map where the seller is
  (think craigslist + google maps)

  plus it's 100% free :)


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to