Re: Anybody know details about Schneier's "flaw"?

Derek Atkins <warlord@mit.edu> Wed, 14 August 2002 14:59 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12350 for <openpgp-archive@odin.ietf.org>; Wed, 14 Aug 2002 10:59:56 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7EEsLj21526 for ietf-openpgp-bks; Wed, 14 Aug 2002 07:54:21 -0700 (PDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7EEsJw21518 for <ietf-openpgp@imc.org>; Wed, 14 Aug 2002 07:54:19 -0700 (PDT)
Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id KAA20795; Wed, 14 Aug 2002 10:54:20 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id KAA11766; Wed, 14 Aug 2002 10:50:22 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id KAA25798; Wed, 14 Aug 2002 10:50:21 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id KAA02544; Wed, 14 Aug 2002 10:50:21 -0400 (EDT)
To: john.dlugosz@kodak.com
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Anybody know details about Schneier's "flaw"?
References: <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com>
From: Derek Atkins <warlord@mit.edu>
Date: 14 Aug 2002 10:50:21 -0400
In-Reply-To: <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com>
Message-ID: <sjmn0rpwl3m.fsf@kikki.mit.edu>
Lines: 17
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

john.dlugosz@kodak.com writes:

> Does anybody know more about this?  Can a minor improvement to the new 
> -bis draft fix it?

a) this only works if you do NOT compress your messages before you encrypt.
b) this only works if you do NOT sign the message AND you do NOT use an MDC

> --John

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available