Cipher selection

P1735 supports DES, 3DES, AES128, and AES256. All compliant tools must be able to process IP encrypted by any of these ciphers so it is up to the IP author which to use.

DES is considered weak, having been cracked as in the late 1990s with challenges now focused on how few hours can be spent to discover a DES key. While cracking a DES key may not be the weakest link to IP theft in commercial software with its design imperfections and bugs, other ciphers are a better choice.

Triple-DES is considered strong but slow.

AES128 or AES256 are the best choices. Either is very strong. Some papers claim AES128 is both faster and stronger than AES256, but either is more than sufficient.

Deprecated constructs and practices

License mecahnisms other than as described in the P1735 licensing documentation. Older techniques that would name a shared library in the source code should not be used.

File spanning is not supported in a P1735 v2 digital envelope. Different tools may read files in a different order or not read some files at all, making the decription state unknown for a file beginning within an envelope. However, a file may contain more than one digital envelope.

-- DaveGraubart - 2012-05-08