Aaron Mulder on 18 Sep 2013 06:35:53 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] encryption

On Wed, Sep 18, 2013 at 9:15 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
> If they have a goal of cracking 256-bit AES, and they're spending
> billions on a supercomputer to implement it, then I think there is a
> pretty high likelihood that they know of a weakness in the cipher that
> they can exploit.

On the other hand, you really have to ask yourself, if they could
break AES-256, why would they say so?  If they're going out of their
way to convince you NOT to use it, maybe it's *because* they can't
crack it?

Bottom line, it's impossible to know.  But Schneier's advice was that
since you can't know, you're going to gamble, and if you're going to
gamble, better to gamble on an open source product than a commercial
product, because at least the back doors in open source are more
likely to be noticed.  (His other advice was to avoid ECC because
whoever provides the constants may be holding a "private key" allowing
them to crack it, and the NSA provided the recommended constants.)

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug