lightweight encryption of text file

Steve Holden steve at holdenweb.com
Tue Jan 12 12:53:42 EST 2010 

Robert Kern wrote:
> On 2010-01-12 05:59 AM, Anthra Norell wrote:
[ping, pong, ping, pong]
> If the OP uses a real encryption algorithm, he can rely on the fact that
> he can use the algorithm for large files or for plaintexts that a
> malicious agent might choose even if he did not communicate (or even
> know about!) those needs at the time. He cannot rely on those features
> with your algorithm, but you do not reveal those limitations of your
> algorithm. You simply assumed that the OP could deal with those
> limitations, and that does him a disservice.
> 
The fact that much hogwash is spoken about encryption through ignorance
is underlined today by the reactions to reports that a team of German
computer scientists have cracked a message encrypted with RSA using a
768-bit key.

  http://www.out-law.com//default.aspx?page=10659

The general tenor of these ill-informed responses is along the lines of
"we will soon have to use biometrics or PINs as an additional layer of
protection". This is baloney, pure and simple. If no cryptographic
weaknesses have been demonstrated in the algorithms then the simple
solution (and one that Moore's Law and the rise of multiprocessor
hardware adequately supports) is to use longer keys. 2,048-bit RSA will
be secure at least for my lifetime, unless startling developments come
along in quantum computing.

Biometric and PIN-based access control systems are demonstrably easier
to break than 768-bit encryption, which has just been done for a single
message in something like two years with the aid of a large number of
computers and a brute-force attack. They can also be subverted, which is
rather more difficult for a cryptosystem with properly-protected private
keys.

Just the same, people continue to make exaggerated claims for "crypto"
systems that have not been subjected to cryptanalysis. This behavior is
 unlikely to change, so you will probably be happier allowing such
people (who are legion) their delusions.

regards
 Steve
-- 
Steve Holden           +1 571 484 6266   +1 800 494 3119
PyCon is coming! Atlanta, Feb 2010  http://us.pycon.org/
Holden Web LLC                 http://www.holdenweb.com/
UPCOMING EVENTS:        http://holdenweb.eventbrite.com/

More information about the Python-list mailing list