An idea: If one does it, then one Should at Least try to do it Well
Posted Aug 12, 2013 9:46 UTC (Mon) by martin_vahi (guest, #92302)
Posted Aug 12, 2013 10:10 UTC (Mon) by dlang (subscriber, #313)
public key algorithms work when function1 and function2 are both well known, but it is impractical to derive one key when you know the other. If you are not willing to trust that, it's trivial today to use symmetric keys (if you solve the key distribution problem)
Posted Aug 12, 2013 10:23 UTC (Mon) by rmayr (subscriber, #16880)
That is what confuses me: you are talking about web programming as the application area for your character-based OTR combination operator, but in web programming I see no way on how to realistically do the key management for anything remotely OTR-like (hence most/all claims of OTR for web applications are snake oil).
If you intend to reject asymmetric crypto, then I'd love to hear a better option for it (as we have known for quite a while that e.g. DH and RSA will be susceptible to quantum algorithms once we get a sufficient number of qbits in a stable configuration).
Btw, asymmetric crypto is not inherently less secure than symmetric crypto, as the decryption operation is always the inverse of encryption (we are talking about lossless encryption, I assume ;-) ). It has just been studied a lot longer.
Posted Aug 12, 2013 10:24 UTC (Mon) by rmayr (subscriber, #16880)
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds