|
|
|
|
|
|
by darkmighty
3118 days ago
|
|
|
> such that loss of a single bit means the original key is unrecoverable That can't be right (I don't know anything about this though). If you control the data (with a non-interactive non-destructive decryption process), a loss of a single bit just means you have to test two possible keys. In terms of brute forcing, the security is the same per number of bits lost. The benefit of using a large key would be that if you lose a certain fraction of your key (say 10%), then that would correspond to more bits (as long as you erase 128 or more bits you'd be fine). Also beware of key stretching, use it only when absolutely necessary. Key stretching doesn't modify the ratio of work necessary for your encryption/decryption vs the work necessary for brute forcing -- i.e. it doesn't improve the security factor. You're essentially doing an economic defense vs a mathematical one, and hoping that computers won't improve and your attacker isn't willing to spend much relative to what you spent. |
|
|