Hacker News new | past | comments | ask | show | jobs | submit login

> Even 3DES is still likely to be secure against all but state actors.

Not if my passphrase is S3cur3!. The primary use case for HE is securing data that's encrypted with keys that a human chose.

If you are attacking pass phrase key derivative algorithms then it usually doesn't matter what encryption you are using unless it's something that was intentionally designed to protect passwords and is punitively slow.

This could potentially work but the problem is that KDA's are used to generate KEKs usually not to encrypt the actual data.

It also remains to be seen of this has an impact on the strength of the key especially for chosen plaintext attacks.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact