On 22 Mar 2015 09:36 -0500, from [email protected] (Jeffrey Goldberg): > There are good crypto systems in use which generate pseudo-random > pads from keys that are 128 (or 256) bits in length. But these are > – at best – no better than the length of their keys.
Which is, admittedly, _quite good enough_ for almost any _practical_ purpose that an individual is likely to face. Nobody (to within experimental error) is going to successfully brute force your truly-random AES-256 key that was used to protect the 10 MiB archive containing your Evil Overlord Plans for World Domination. But it's a _lot_ easier to keep secret a 32-byte key than a 10 MiB pad, and it is a lot easier to generate 256 truly-random bits than ~80 _million_ truly-random bits. If they want access to the data, they are going to do it differently. Compare https://xkcd.com/538/ -- Michael Kjörling • https://michael.kjorling.se • [email protected] OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
