+++ Williams, Larry [01/05/02 14:36 -0500]: > -----Original Message----- > From: ken > >+++ Davis, Don (CPOCEUR) [29/04/02 08:22 +0200]: > >> If not having 1024-bit encryption available to send my private information > >> over the web is the part of the cost, I can live with that. > >Can you live without the locks on your house / car / safe? > > I doubt it, but you missed the point. He's not talking about removing the locks >altogether but that he can > live without a cipher lock. Certainly we all want to protect our personal >information as much as our personal > property. And because there are bad guys out there who will use whatever tools are >at their disposal to obtain > anything of value from us, a certain degree of protection is needed both in the >physical and online worlds.
Sending plaintext across untrusted networks (i.e. the Internet) is _exactly_ like not having _any_ locks on your car. There is no guarantee of any access control anywhere - at all. > If government says I can have 256-bit or 512-bit crypto technology, but I can't have >the latest 1024-bit blowhard > crypto, maybe it's because they use that to ensure national security or protect >military secrets. Is it wise that > everyone know how to decipher a secure military communication? I wouldn't think so, >and to protect that code, > they must prevent everyone from having it until they find something better. I think that you'll find that the generally sucessful crypto systems are not the ones that rely on the algorithim being secret, rather the ones that the algorithim is publically available. I understand military the necessity to have military secrets, but I don't think that this is one of those cases. Ken