Re: Anybody know details about Schneier's "flaw"?

Derek Atkins <derek@ihtfp.com> Wed, 14 August 2002 16:57 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16849 for <openpgp-archive@lists.ietf.org>; Wed, 14 Aug 2002 12:57:24 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g7EGpoj29495 for ietf-openpgp-bks; Wed, 14 Aug 2002 09:51:50 -0700 (PDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7EGpnw29489 for <ietf-openpgp@imc.org>; Wed, 14 Aug 2002 09:51:49 -0700 (PDT)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA12421; Wed, 14 Aug 2002 12:51:50 -0400 (EDT)
Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.7.71]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA14125; Wed, 14 Aug 2002 12:51:49 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by manawatu-mail-centre.mit.edu (8.9.2/8.9.2) with ESMTP id MAA26160; Wed, 14 Aug 2002 12:51:48 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id MAA02753; Wed, 14 Aug 2002 12:51:48 -0400 (EDT)
To: Rodney Thayer <rodney@tillerman.to>
Cc: ietf-openpgp@imc.org
From: Derek Atkins <derek@ihtfp.com>
Subject: Re: Anybody know details about Schneier's "flaw"?
References: <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <5.1.1.6.2.20020814093305.01451338@127.0.0.1>
Date: 14 Aug 2002 12:51:48 -0400
In-Reply-To: <5.1.1.6.2.20020814093305.01451338@127.0.0.1>
Message-ID: <sjm1y91wfh7.fsf@kikki.mit.edu>
Lines: 14
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Rodney Thayer <rodney@tillerman.to> writes:

> I think it's got too many odd things in it to require compression.

Indeed.. As I said (perhaps incoherently), the attack only works if
you DO NOT compress.  If you compress the message then there is no way
to XOR against the message.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com