RE: Which encryption algorithm used?

["Michael Silk" <michaels () phg com au>]

Hi,

        I don't see any real need to withdraw headers and footers.

        As others suggest, if you chosen encryption algorithm is
        appropriately good (RSA, AES) then anyone who captures your
        transmission can't do anything with it anyway - even if you
        tell them exactly what it is. The bonus from adding headers
        to your files to ease processing is large, and surely your
        security model wont be "well, as long as no-one knows our
        encryption algorithm ..."

-- Michael


-----Original Message-----
From: windo () windowlicker dyn ee [mailto:windo () windowlicker dyn ee]
Sent: Thursday, 27 May 2004 11:49 PM
To: webappsec () securityfocus com
Subject: Re: Which encryption algorithm used?


> What do you mean, "with a proper algorithm"?  Cryptographic algorithms 
> are supposed to be secure *even when the methods used are known*.  The 
> only thing that has to be secret is the key.

Proper algorithm should mean "does not leave headers or footers". The
cyphertext itself should be more or less random and unidentifiable.

Siim Põder


This email message and accompanying data may contain information that is confidential and/or subject to legal 
privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying 
of this message or data is prohibited. If you have received this email message in error, please notify us immediately 
and erase all copies of this message and attachments.

This email is for your convenience only, you should not rely on any information contained herein for contractual or 
legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by 
authorised persons.