Jack Lloyd <[EMAIL PROTECTED]> wrote: > Making a cipher that uses an N bit key but is only secure to 2^M > operations with M<N is, firstly, considered broken in many circles, as > well as being inefficient (why generate/transmit/store 512 bit keys > when it only provides the security of a ~300 bit (or whatever) key > used with a perfect algorithm aka ideal cipher - why not use the > better cipher and save the bits).
Saving bits may not matter, or may not be possible. For example, if you are ealing with a hybrid system -- say, using RSA to transmit the symmetric cipher key or Diffie-Hellamn to construct it -- then for any symmetric cipher key size less than the public key size, your overheads are the same. -- Sandy Harris, Nanjing, China --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]