On Tue, Oct 18, 2005 at 07:08:38PM -0400, Rich Salz wrote:
> why not uses pgp
>
Indeed, but with any file-by-file encryption tool, one also needs to ask
about the lifecycle of the plain-text pre-images and and working decrypted
copies. It is very hard to not leak additional plain-text copies that
would be recovered if the disk is misplaced, when cryptography is ad-hoc
file by file, rather than built-into the filesystem or the disk driver.
There are also questions of key-recovery (users forget key, users are
walked out the door and new hire needs key, ...)
If the security goals are to be met, they need to be identified and
clearly articulated. The algorithm is generally very easy (or completely
impractical) once the requirements are clear.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
