Ian G <iang systemics.com> writes:
>Peter Gutmann wrote:
>> "Alex Pankratov" <apponeyhot.org> writes:
>>> SecureIM handshake between two version 3.1
(latest) clients takes about .. 48
>>> bytes. That's altogether, 32 bytes in one
direction, and 16 in another. And
>>> that's between the clients that have never
talked to each other before, so
>>> there's no "session resuming"
business happenning.
>>
>> Or they could be using static/ephemeral DH with
fixed shared DH key values,
>> which isn't much better. (This is just
speculation, it's hard to tell without
>> knowing what the exchanged quantities are).
>
>Speculation is fun.
>
>But, opportunistic cryptography is even more fun. It is
very encouraging to
>see projects implement cryptography in limited forms. A
system that uses a
>primitive form of encryption is many orders of magnitude
more secure than a
>system that implements none.
Opportunistic cryptography designed as opportunistic
cryptography (with key
continuity measures and so on) is fun.
Opportunistic cryptography that exists because the
developers have screwed up
something better (and are under the delusion that what
they've implemented is
something better) is less fun.
Peter.
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
|
