mailing list archives
RE: Which encryption algorithm used?
From: "Michael Silk" <michaels () phg com au>
Date: Fri, 28 May 2004 11:37:03 +1000
I don't see any real need to withdraw headers and footers.
As others suggest, if you chosen encryption algorithm is
appropriately good (RSA, AES) then anyone who captures your
transmission can't do anything with it anyway - even if you
tell them exactly what it is. The bonus from adding headers
to your files to ease processing is large, and surely your
security model wont be "well, as long as no-one knows our
encryption algorithm ..."
From: windo () windowlicker dyn ee [mailto:windo () windowlicker dyn ee]
Sent: Thursday, 27 May 2004 11:49 PM
To: webappsec () securityfocus com
Subject: Re: Which encryption algorithm used?
What do you mean, "with a proper algorithm"? Cryptographic algorithms
are supposed to be secure *even when the methods used are known*. The
only thing that has to be secret is the key.
Proper algorithm should mean "does not leave headers or footers". The
cyphertext itself should be more or less random and unidentifiable.
This email message and accompanying data may contain information that is confidential and/or subject to legal
privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying
of this message or data is prohibited. If you have received this email message in error, please notify us immediately
and erase all copies of this message and attachments.
This email is for your convenience only, you should not rely on any information contained herein for contractual or
legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by
- Re: Which encryption algorithm used?, (continued)