Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re^2: I need some simple encryption.

by danderson (Beadle)
on Aug 26, 2004 at 21:55 UTC ( #386187=note: print w/replies, xml ) Need Help??

in reply to Re: I need some simple encryption.
in thread I need some simple encryption.

"You believe that anyone who specifically targets your traffic will know enough to sniff your traffic but won't have enough smarts to use the javascript decryption routine you intend sending to every client. Uh huh."

You're making a poor assumption: that a) the routine is all that's needed to encrypt/decrypt (eg, no seeds/keys) and that b) the key is transmitted.

We don't know what the network situation is, he hasn't told us. As an example, RSA keypairs (server's public, client's private) might be included on an install CD. Then any correspondance using the javascript routine is fine; they can sniff away, and assuming high enough keysizes, well chosen keys, and a lack of quantum computers at hand, the traffic would be safe.

Also, a pet peeve: "You are serious about it so you use HTTPS." HTTPS by itself isn't enough. IE, for example, by default ships with 40-bit encryption. So one can make SSL connections that really aren't strong at all.

Lastly: "You believe that people randomly sniff HTTP traffic, scan for keywords and therefore some trivially reversible encryption offers protection." I don't know... last I heard, that's what Carnivore was supposed to do... so while I don't, for example, encrypt my connection to perlmonks, I certainly do to anything I believe is sensitive. Would AT&T route intranet traffic, unencrypted, through Bell's servers? Hardly! So again, we have the case of "we don't know how it's going to be deployed, and can't answer this." Heck, if I was Bell, and I knew that one of the servers I controlled was on a path between, say, a work-at-home AT&T employee and her office, I'd keyword-parse every byte sent out for "strategic" in a split second.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://386187]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (11)
As of 2019-10-21 21:26 GMT
Find Nodes?
    Voting Booth?