ietf-smime
[Top] [All Lists]

Re: Re[2]: Restarting the 40-bit debate

1997-05-08 18:01:54
  If I whisper sweet nothings to my wife in an email message, one bit
  is sufficient to keep the casual voyeur without tools from viewing
  the message in a readable spool area on a badly managed site.  That
  would be good enough for me.  (I suppose base64 would do the same
  thing ;-).

but as soon as the one-bit encryption is standardized, such voyeurs
will instantly have tools to make it easy for them to view such
messages.  and as you point out with your base64 example, if all 
you want to do is raise the bar very slightly, many existing 
tools do this.  rot13 is useful, but I wouldn't call it a privacy 
mechanism.

my personal experience is that even causal attackers (i.e. hobbyists
doing it for fun and/or minor malice) are willing and able to spend 
O(thousands) of cpu-hours on garden-variety workstations to defeat 
security systems (e.g. dictionary attacks on encrypted password 
files), not to mention the time spent developing the cracking tools.  

Keith