Rockbox mail archiveSubject: Re: Strong Cryptography
Re: Strong Cryptography
From: Joshua Simmons <mud_at_majidejima.com>
Date: Wed, 21 Nov 2007 17:04:35 -0500
On 11/21/07, Paul Louden <paulthenerd_at_gmail.com> wrote:
> Exactly what is your intent with such a plugin? Why is encrypting the
> information on the device considered better than encrypting them on the
> host, and decrypting them on the destination?
It is preferable to do the encryption/decryption on the device for a couple
of reasons off the top of my head. First, I may not even have permission to
install the decryption routines on the computer (most public computers, a
lot of "work" computers, etc.). Second, I may trust the "public" computer
with say my password to slashdot.org, but I certainly don't want them to
have access to all of my passwords and private data. Basically it's just a
way limiting the information given out to the bare minimum, and would be
much more convenient for me personally, and I assume for others. Also I
have private data that I never really need to enter into other machines, but
I like to be able to access (financial data).
Surely if both the host and destination are secure enough for making use
> of the unencrypted files, encrypting and decrypting them there are also
> valid? And much, much, faster?
That would sometimes work, yes, but I am unconvinced that it will be
real-world faster for small amounts of data (If it takes .5 seconds, vs .01
seconds, who cares? Especially if I'd have to spend 5 minutes downloading
and installing software on the public machine). If we're talking about
gigabytes of data, then yes, you are certainly correct (this is definitely
not my target use case).
Received on 2007-11-21