#### Re: Still a problem for non-techies

<blockquote>

1) A perfect one-time pad gives perfect and unbreakable security.

2) Key sizes are ridiculously short for no reason. They should be in MB, not KB for anything important

3) PKI is badly broken, Key sizes are too small, algorithms are suspect, there are no trustworthy CAs, etc, etc.

4) The weakest link in even well designed systems is the entropy source used for the generation of keys, nonces, salts, etc. </blockquote>

1. OTP is the only perfect security. However, key management is an unsolvable problem as of yet. Once I've exhausted the one terabit key file I sent you, we need to re-exchange again, with no efficient way other than trusted courier. Furthermore, the benefit of asymmetric encryption is that I don't need to know you before hand: All I need to have is your public key. However, OTP (and any other pure symmetric encryption process) all fail the bootstrapping problem with respect to trust and key exchange. With respect to other symmetric options, we would need to exchange a password before we could ever communicate electronically.

2. MB (or Mb) sized keys would be ridiculously inefficient, and provide no improved security over the standard 256 bits of security we want now. Focusing first on asymmetric encryption: RSA's security to efficiency ratio peaks at 3072 bit key size, which is ~115 bits of security. After that, the gains are minimal compared to the massive increase in the size of the key. Elliptic curve cryptography is the next stop, with a much cleaner conversions between asymmetric key size and symmetric key security, 512 bit ECC = 256 bit symmetric.

SInce encryption strength is typically evaluated in terms of symmetric keys, we can now assume that all complexities are functions of symmetric bit size. Now we get into physical limits of the universe, and something called Landauer's principle (this is an excellent overview of the details: http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity). Basically though, it states that 128 bits of security will be broken in 2040, which practically translates into 2050 being the year your key is broken, given that we consume the entire planet's energy resources, which was consumed in a decade, starting in 2040. There's some unrealistic assumptions in there that make this an unrealistic best guess with respect to the timeframe.

Now, the other concern to this is that there is an efficient algorithmic break that drastically reduces the key space to evaluate. Of course, if this is true, then any size key using the same algorithm, will be susceptible, and thus no gain.

4. Technically, salts do not need to be random, or even unique. They just are appended to existing passphrasses avoid rainbow table cracking. These are no longer an acceptable practice, thanks to GPU hashing. Much better would be to utilise something like bcrypt, scrypt or PBKDF2, which are not designed to be computationally cheap. That said, I agree that entropy is a failure point, and we need multiple independent sources, mixed together, to counteract suspicions like those about Intel's chip flaws.