On the "Paranoid Cryptoplumbing" discussion: I'd like to note quite strongly that (with certain exceptions like RC4) the odds of wholesale failures in ciphers seem rather small compared to the odds of systems problems like bad random number generators, sabotaged accelerator hardware, stolen keys, etc., and a smart attacker goes for the points of weakness.
I'm not going to put my admin hat on and stop the discussion so long as it remains relatively sane and technical, but for most purposes it is probably just reinforcing a steel door in a paper wall. (Of course, if the endpoints are trusted hardware running a formally verified capability operating system and you still have time on your hands, hey, why not? Of course, when I posted a long message about modern formal verification techniques and how they're now practical, no one bit on the hook.) All that said, even I feel the temptation for low performance applications to do something like Bill Frantz suggests. It is in the nature of people in our community to like playing with such things. Just don't take them *too* seriously please. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography