Re: encryption question

---

• From: Henrick Hellström <henrick@xxxxxxxxxxxx>
• Date: Tue, 29 Jan 2008 18:21:37 +0100

---

Rael wrote:

I think the OP got that mixed up. Public/Private Key Pairs are used in asymmetric cryptography, but in the rest of his post he refers to elements of symmetric cryptography.

I see. I left my question open ended since I wasn't sure if I would need to go to asymmetric cryptography or not. However I would prefer avoiding AC if I can help it, so question is more biased to symmetric cryptography.

That's fine. There is nothing wrong with Password Based Encryption as long as:

(0. You implement the PBE scheme correctly. It goes without saying, but it is easy to make mistakes that reduces security to nil. The same applies to any cryptographic implementation, so using asymmetric cryptography doesn't help you get rid of this condition.)

1. Each installation of your software has a single user, and the only reason that user should encrypt anything is for him to store and/or forward it to himself at a later time or on another location.

2. The user chooses a strong pass phrase and remembers it.

Conversely, there are other cases when you should consider asymmetric cryptography instead, for instance:

3. Some installations of your software have more than one user, and those users share data that has to be protected, *and*

4. The only time when the data might be compromised if left unencrypted, is during transfer between work stations. The work stations might always be presumed not to be compromised.

If both of (3) and (4) is the case, it is probably easier for your users to exchange public keys securely (and store private keys securely), than it would be for them to exchange passwords securely and, most of all, remember passwords selected by other users.
.

---

• Follow-Ups:
  • Re: encryption question
    • From: Rael

• References:
  • encryption question
    • From: Rael
  • Re: encryption question
    • From: yannis
  • Re: encryption question
    • From: Henrick Hellström
  • Re: encryption question
    • From: Rael

• Prev by Date: Re: ANN: AnyDAC 2.0 is now available for pre-order
• Next by Date: Re: encryption question
• Previous by thread: Re: encryption question
• Next by thread: Re: encryption question
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: encryption question ... asymmetric cryptography, but in the rest of his post he refers to elements ... However I would prefer avoiding AC if ... so question is more biased to symmetric cryptography. ... (borland.public.delphi.thirdpartytools.general) Re: encryption question ... yannis wrote: ... asymmetric cryptography, but in the rest of his post he refers to elements of symmetric cryptography. ... (borland.public.delphi.thirdpartytools.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > Delphi  > borland.public.delphi.thirdpartytools.general  > 2008-01