Re: Next Steps

Derek Atkins wrote:
> nagydani(_at_)epointsystem(_dot_)org (Daniel A. Nagy) writes:
>
> > No, it is not. A single block operation takes almost half a second on
> > NOKIA 3410, which means that encrypting a simple text message takes seconds,
> > which is not nice from a user experience PoV.
> Huh!  Are you sure you're using an AES implementation that's optimized
> for your platform?  You can get an order-of-magnitude improvement by
> optimizing the code (or running an assembler version).  Obviously there
> are time/space tradeoffs to be made as well, but I find it hard to
> believe that it takes 500ms for a single block operation even in an
> optimized implementation.

Dani probably knows what he is doing.  The mobile phone is a 
particularly difficult device, and unlike ordinary PC 
platforms, performance is a very big issue.
Also, the security model is somewhat different to the normal 
OpenPGP world.  Dani's security model is more about 
transactional security and less about being able to crack 
the encryption.  OpenPGP's security model derives from the 
80s and early 90s when every radical in the world was 
fighting governments with acres of cryptocrunching big iron. 
 Quite different worlds and quite different viewpoints.
(OK, I might know a little more than said here because I've 
talked to Dani at times about it, and there are lots of 
"gotchas".  From my understanding of payment systems and the 
like, he doesn't need to guarantee 100% that the message is 
unreadable, because there are too many other end-node 
threats for that to be valuable.)
That said, it is a good question for the OpenPGP community: 
 do we accept a weaker algorithm for edge cases?  The 
answer is historically, "maybe," IMHO.  We, as a community, 
have not moved aggressively in the past to repair every 
weakness, which indicates that our world of users is 
dominated by "good enough" not "perfect".
Long discussion....

iang