[ubuntu-uk] Insurance.aes256 and OpenSSL

Tyler J. Wagner tyler at tolaris.com
Tue Jan 4 12:31:24 UTC 2011

On Tue, 2011-01-04 at 10:38 +0000, Paul Sladen wrote:
> On Tue, 4 Jan 2011, Rowan Berkeley wrote:
> > it should be possible to see the keyhole at least.
> You can see the keyhole---but it unremarkable because it looks exactly
> the same as any other keyhole.
> What you can't see is any of the tumblers *in* the keyhole, or through
> the keyhole to what is behind it, as that would be a security failure.

It's a cute metaphor, but inappropriate. Encryption doesn't lock a room,
it changes the entire contents of the room into other, random atoms.
There's no keyhole, no tumblers, nothing to see at all except
nearly-random noise.

We are very unlikely to see a genuine weakness in AES-256 in the
immediate future.


"Beware of altruism. It is based on self-deception, the root of all evil."
   -- Lazarus Long, "Time Enough for Love", by Robert A. Heinlein

More information about the ubuntu-uk mailing list