WebApp Sec mailing list archives
RE: Which encryption algorithm used?
From: "Michael Silk" <michaels () phg com au>
Date: Fri, 28 May 2004 11:37:03 +1000
Hi, I don't see any real need to withdraw headers and footers. As others suggest, if you chosen encryption algorithm is appropriately good (RSA, AES) then anyone who captures your transmission can't do anything with it anyway - even if you tell them exactly what it is. The bonus from adding headers to your files to ease processing is large, and surely your security model wont be "well, as long as no-one knows our encryption algorithm ..." -- Michael -----Original Message----- From: windo () windowlicker dyn ee [mailto:windo () windowlicker dyn ee] Sent: Thursday, 27 May 2004 11:49 PM To: webappsec () securityfocus com Subject: Re: Which encryption algorithm used?
What do you mean, "with a proper algorithm"? Cryptographic algorithms are supposed to be secure *even when the methods used are known*. The only thing that has to be secret is the key.
Proper algorithm should mean "does not leave headers or footers". The cyphertext itself should be more or less random and unidentifiable. Siim Põder This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons.
Current thread:
- Re: Which encryption algorithm used?, (continued)
- Re: Which encryption algorithm used? Adam Tuliper (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 26)
- Re: Which encryption algorithm used? John Borwick (May 26)
- Re: Which encryption algorithm used? windo (May 27)
- Re: Which encryption algorithm used? Adam Lydick (May 27)
- Re: Which encryption algorithm used? exon (May 31)
- Re: Which encryption algorithm used? John Borwick (May 26)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 27)
- RE: Which encryption algorithm used? Tom Arseneault (May 27)
- RE: Which encryption algorithm used? Michael Silk (May 27)