Rethinking rsa encryption of license keys

kee nethery kee at kagi.com
Tue May 14 22:28:31 CDT 2013


On May 14, 2013, at 5:43 PM, Dr. Hawkins <dochawk at gmail.com> wrote:

> On Tue, May 14, 2013 at 3:22 PM, kee nethery <kee at kagi.com> wrote:
> 
>> There is nothing insecure about a symmetrical key. The insecurity with a
>> symmetrical key is that both people have to know it and getting it from
>> person A to person B safe and secure is difficult. The public private key
>> pair handles the transport of the symmetrical key.
>> 
> 
> Is there any particular advantage or disadvantage of using symmetrical
> rather than the extra RSA pair, or is this simply the way things are
> usually done?
> 
> Or is symmetrical less expensive computationally?

yes. It might not matter for your application.

> And whyle I'm asking such things, is one of the ciphers on livecode's list
> symmetrical?

You can encrypt a bunch of bits for low computational costs using something like blowfish or AES. Public key is typically used to encrypt the symmetrical key. Recommend compressing the bits first and then encrypting them.

> 
> If you use a heck-a-long key for the symmetrical stuff, it will be secure
>> (assuming the symmetrical algorithm is secure).
>> 
> 
> I've been assuming 4k bits for payloads of a few hundred bites.

You might find that for 4k bits, pure public key is fast enough. I'd still compress before encrypting.

Kee


> 
> thanks again
> 
> -- 
> Dr. Richard E. Hawkins, Esq.
> (702) 508-8462
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode




More information about the use-livecode mailing list