On Sunday 01 January 2006 05:26, Joachim Schipper wrote: > You are right, *if* your data is of such a nature that it needs to be > kept secret for tens, likely hundreds of years. In that case, > however, extending the vnd(4) device to use, at least, AES as well > should be easy. (Not that I've looked at the code, but quite a few > algorithms seem to be in the kernel already, among them AES.) > > For me, personally, I don't handle data that I'd be willing to have > my fingers broken for, so protecting the data better than myself > makes little sense. > > That doesn't mean that your idea isn't at least theoretically sound - > and yes, implementing it would not necessarily be a bad idea (on a > guess, one might be able to layer svnd(4) devices, so only adding > some algorithms should be enough). That being said, I'm not convinced > it has priority. > > Joachim
Other people than I agree, it does not need top priority. But then again, all that is really in the eye of the beholder. That's why I intend to try my hand at doing it. On Sunday 01 January 2006 04:39, knitti wrote: > more secure per se. right now threats to our data is _not_ weak > algorithms, it is sometimes weak implementations (think e.g. > OS X file vault), and much more important, it is rubberhose > cryptoanalysis and social reasons which won't be solved technically. > > --knitti Yes! That's what my e-mail was about. It spoke (now) not of weak algorithms, but of weak implementations. I'm glad you agree with me that the latter is our biggest threat. Dick, You said you would like to be able to select from various algorithms. I don't know your motivation; perhaps you have a Hfin. Would you like to work with me, then? Supporting more than one cipher in svnd does somewhat fulfill my idea of diversification--users would not have to wait for a patch and then patch, etc., if there were a problem with one cipher. It would be a good place to start. Good day to you all, Travers Buda