Brad Van Orden wrote:
| I have a question regarding the level of protection I can expect from
| compressing traffic before it hits a WAN. That is, the compression
| box vendor stated that since the data is compressed, that unless a snooper
| has the compression key, the data is also essentially encrypted.
|
| My customer has stated that the data is not classified, but would also
| like to keep it out of plain view.
|
| Do you feel the "compression" encyrption is good enough, or should I look
| for a better encryption method?
I wouldn't trust a compression algorithim, even if it is
keyed. They tend to use obscurity, rather than a good cryptosystem.
If your customer expects that a competitor might spend an hour
to break the encryption, then you want something stronger. (Not that
the algorithim will be broken in an hour, but many people, especially
outside the security field, underestimate the effort that will be put
into breaking a system.)
I find that a good basic test of encryption strength is if the
US government forbids its export. If its export is not forbidden,
then the encryption is very weak, and shouldn't be trusted.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
