Re: Anybody know details about Schneier's "flaw"?
Rodney Thayer <rodney@tillerman.to> Fri, 16 August 2002 01:04 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21921 for <openpgp-archive@odin.ietf.org>; Thu, 15 Aug 2002 21:04:49 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7G0qNB06575 for ietf-openpgp-bks; Thu, 15 Aug 2002 17:52:23 -0700 (PDT)
Received: from yancey.pkiclue.com (IDENT:root@[209.172.115.117]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7G0qLw06568 for <ietf-openpgp@imc.org>; Thu, 15 Aug 2002 17:52:21 -0700 (PDT)
Received: from ferg237.pkiclue.com (IDENT:root@[127.0.0.1]) by yancey.pkiclue.com (8.9.3/8.9.3) with ESMTP id RAA11428; Thu, 15 Aug 2002 17:52:01 -0700
Message-Id: <5.1.1.6.2.20020815174759.02572e28@127.0.0.1>
X-Sender: pkiclue@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Thu, 15 Aug 2002 17:49:00 -0700
To: Derek Atkins <derek@ihtfp.com>
From: Rodney Thayer <rodney@tillerman.to>
Subject: Re: Anybody know details about Schneier's "flaw"?
Cc: ietf-openpgp@imc.org
In-Reply-To: <sjm1y91wfh7.fsf@kikki.mit.edu>
References: <5.1.1.6.2.20020814093305.01451338@127.0.0.1> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <5.1.1.6.2.20020814093305.01451338@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
my point was, requiring implementors to do compression sucks, in my opinion. this attack is insufficient justification. the attack is a social engineering attack. forcing implementors to add onerous code to defend against it is not a good idea. At 12:51 PM 8/14/2002 -0400, Derek Atkins wrote: >Rodney Thayer <rodney@tillerman.to> writes: > > > I think it's got too many odd things in it to require compression. > >Indeed.. As I said (perhaps incoherently), the attack only works if >you DO NOT compress. If you compress the message then there is no way >to XOR against the message.
- Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Marc Mutz
- Re: Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Jon Callas
- Re: Anybody know details about Schneier's "flaw"? Lutz Donnerhacke
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Adam Back
- Re: Anybody know details about Schneier's "flaw"? Carl Ellison
- Re: Anybody know details about Schneier's "flaw"? Dominikus Scherkl
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? Werner Koch
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? David Hopwood
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann