[ubuntu-uk] Insurance.aes256 and OpenSSL
Tyler J. Wagner
tyler at tolaris.com
Tue Jan 4 12:31:24 UTC 2011
On Tue, 2011-01-04 at 10:38 +0000, Paul Sladen wrote:
> On Tue, 4 Jan 2011, Rowan Berkeley wrote:
> > it should be possible to see the keyhole at least.
>
> You can see the keyhole---but it unremarkable because it looks exactly
> the same as any other keyhole.
>
> What you can't see is any of the tumblers *in* the keyhole, or through
> the keyhole to what is behind it, as that would be a security failure.
It's a cute metaphor, but inappropriate. Encryption doesn't lock a room,
it changes the entire contents of the room into other, random atoms.
There's no keyhole, no tumblers, nothing to see at all except
nearly-random noise.
We are very unlikely to see a genuine weakness in AES-256 in the
immediate future.
Regards,
Tyler
--
"Beware of altruism. It is based on self-deception, the root of all evil."
-- Lazarus Long, "Time Enough for Love", by Robert A. Heinlein
More information about the ubuntu-uk
mailing list