And we need key escrow.
Gerard
|-----Original Message-----
|From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
|Sent: donderdag 28 september 2000 15:51
|To: [EMAIL PROTECTED]
|Subject: Re: Principles of health care system security.
|
|
|Gerard Freriks wrote:
|>
|> Yhink once, think twice if we really want to encrypt information
|databases.
|> As set algoritms change, but more importantly keys change, have
|to change.
|> As do keylenght's.
|> And don't forget that people loose keys.
|>
|> Adding all together I'm against encryption in databases.
|>
|As much as I like cool technology like encryption, you are absolutely
|right, the long term viability is very much in doubt. Now one can argue
|that as things move on, backward compatibility can be maintained
|(especially if we use open systems). However, that is not adequate for
|the following reason: The premise behind encryption was to keep
|something secure. IF technology moves on and that algorithm or key
|length is no longer secure, to maintain the premise we have to migrate
|the data to the new scheme.
|
| So this means that by encrypting data, we are assuming the task of
|continual re-encryption as technology moves forward.
|
