What is crypto

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Brad Knowles: "Re: Is S/MIME Secure?"

>   I, for one, don't mind. I actually believe that there is a good
>chance we can resolve this issue, if not of actually deciding whether
>40-bits is good or bad, then at least how we should classify crypto
>protocols with regard to their stance toward it.

Possibly a classification scheme would be appropriate. Trouble is that
it is a moving target. Currently I consider anything less than DES not
to be crypto but rather "scrambling" (somewhat archaic term I have not
seen lately).

While not strong, scrambling would be a class that demonstrates "intent".
I have been wrestling lately with privacy concerns and have come to the
conclusion that plain-text E-Mail is the modern equivalent of a 
postcard or unsealed envelope (at one time the postage for a letter in
an unsealed envelope was less than for a sealed one. "This envelope may 
be opened for postal inspection" was a common sight) with *no* expectation
of privacy.

That is, plain text provides no "expectation of privacy" since simple
examination of the data stream will reveal the contents *and the examiner
will not know what is being examined is until it is examined*. In some
cases maintenance/admin personnel may not be ble to avoid it.

OTOH even a simple ROT13 or XOR 55 would require that some other
manipulation is required. The "envelope must be unsealed" so to speak.
This is not "strong crypto" but does establish an "expectation of
privacy". Is this something we need ?
						Warmly,
							Padgett

• Previous message: Brad Knowles: "Re: Is S/MIME Secure?"