[8773] in cryptography@c2.net mail archive
Re: compression & nulls in cryptosystems
daemon@ATHENA.MIT.EDU (John Denker)
Thu May 31 22:36:53 2001
Message-Id: <4.2.2.20010531211402.02451e10@127.0.0.1>
Date: Thu, 31 May 2001 21:42:57 -0400
To: John Kelsey <kelsey.j@ix.netcom.com>,
cryptography@wasabisystems.com
From: John Denker <jsd@research.att.com>
In-Reply-To: <4.1.20010531140326.020a5030@pop.ix.netcom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
I wrote:
> >I always scratch my head when somebody says that XX attack on YY=
algorithm
> >requires a huge carefully-chosen plaintext, and ends the discussion=
there,
> >when by adding nulls you can guarantee that no chosen plaintext ever gets
> >processed as such.
In reply, at 02:16 PM 5/31/01 -0400, John Kelsey wrote:
[ a number of lucid and interesting points, leading up to ... ]
>But CBC-mode does the same thing much more cheaply.
Touch=E9! Good point.
But what if I had asked about a !known!-plaintext attack?
Note the contrast:
-- Known plaintext + CBC =3D equally-well-known plaintext.
-- Known plaintext + nulls =3D not-completely-known plaintext
But let me try to answer my own question, by coming from another angle: It=
=20
seems like adding lots of random nulls is AT BEST equivalent to
*) First: encoding with random session keys and really small sessions,=
then
*) Second: sending those sessions (and their keys) through the=20
aforementioned YY algorithm.
This would be an effective way, but hardly the best way, of defeating=20
known-plaintext attacks.
What this really comes down to is how often you need to change session keys=
=20
in order to defeat known-plaintext attacks. There are standard methods for=
=20
changing session keys, and I now see that teaching the compressor to throw=
=20
in random nulls is not an improvement over the standard methods.
So I learned something. Thanks!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
